RE: [vchkpw] RBLs
Yes it's there it is timeout Remo Mattei Network Security Engineer cell 801-808-unix email [EMAIL PROTECTED] -Original Message- From: Alex Martin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 13, 2004 9:16 PM To: [EMAIL PROTECTED] Subject: Re: [vchkpw] RBLs Paul, What is the -t10 option below? I do not see it listed on http://cr.yp.to/ucspi-tcp/rblsmtpd.html. Thanks, Alex (quote) > anyway, here's what we use: > > /usr/local/bin/rblsmtpd -C \ > -a whitelist.example.com \ > -r "sbl-xbl.spamhaus.org:\ > Probable spam connection rejected. Details at http://www.spamhaus.org"; \ > -r "list.dsbl.org:\ > Probable spam connection rejected. Details at http://www.dsbl.org"; \ > -r "relays.ordb.org:\ > Probable spam connection rejected. Details at http://www.ordb.org/faq"; \ > -t10 \ > /var/qmail/bin/qmail-smtpd 2>&1 >
Re: [vchkpw] RBLs
(Fixed your top post) Alex Martin wrote: Alex Martin wrote: Paul, What is the -t10 option below? I do not see it listed on http://cr.yp.to/ucspi-tcp/rblsmtpd.html. Thanks, Alex (quote) anyway, here's what we use: /usr/local/bin/rblsmtpd -C \ -a whitelist.example.com \ -r "sbl-xbl.spamhaus.org:\ Probable spam connection rejected. Details at http://www.spamhaus.org"; \ -r "list.dsbl.org:\ Probable spam connection rejected. Details at http://www.dsbl.org"; \ -r "relays.ordb.org:\ Probable spam connection rejected. Details at http://www.ordb.org/faq"; \ -t10 \ /var/qmail/bin/qmail-smtpd 2>&1 > Sorry, I am a moron. from http://cr.yp.to/ucspi-tcp/rblsmtpd.html: > > -t n: Change the 60-second timeout to n seconds. > > Thanks, > Alex > > but you're not a moron. We must have googled it at the same time Rick From a little Google: From http://cr.yp.to/ucspi-tcp/rblsmtpd.html --- rblsmtpd opts prog rblsmtpd drops the limited SMTP conversation after 60 seconds, even if the client has not quit by then. Options: * -t n: Change the timeout to n seconds. ---
Re: [vchkpw] RBLs
Sorry, I am a moron. from http://cr.yp.to/ucspi-tcp/rblsmtpd.html: -t n: Change the 60-second timeout to n seconds. Thanks, Alex Alex Martin wrote: Paul, What is the -t10 option below? I do not see it listed on http://cr.yp.to/ucspi-tcp/rblsmtpd.html. Thanks, Alex (quote) anyway, here's what we use: /usr/local/bin/rblsmtpd -C \ -a whitelist.example.com \ -r "sbl-xbl.spamhaus.org:\ Probable spam connection rejected. Details at http://www.spamhaus.org"; \ -r "list.dsbl.org:\ Probable spam connection rejected. Details at http://www.dsbl.org"; \ -r "relays.ordb.org:\ Probable spam connection rejected. Details at http://www.ordb.org/faq"; \ -t10 \ /var/qmail/bin/qmail-smtpd 2>&1
Re: [vchkpw] RBLs
Paul, What is the -t10 option below? I do not see it listed on http://cr.yp.to/ucspi-tcp/rblsmtpd.html. Thanks, Alex (quote) anyway, here's what we use: /usr/local/bin/rblsmtpd -C \ -a whitelist.example.com \ -r "sbl-xbl.spamhaus.org:\ Probable spam connection rejected. Details at http://www.spamhaus.org"; \ -r "list.dsbl.org:\ Probable spam connection rejected. Details at http://www.dsbl.org"; \ -r "relays.ordb.org:\ Probable spam connection rejected. Details at http://www.ordb.org/faq"; \ -t10 \ /var/qmail/bin/qmail-smtpd 2>&1
Re: [vchkpw] RBLs
- Original Message - From: "Jasper Metselaar" <[EMAIL PROTECTED]> > > /usr/local/bin/rblsmtpd -C \ > > -a whitelist.example.com \ > > -r "sbl-xbl.spamhaus.org:\ > > Probable spam connection rejected. Details at > > http://www.spamhaus.org"; \ -r "list.dsbl.org:\ > > Probable spam connection rejected. Details at http://www.dsbl.org"; > > \ -r "relays.ordb.org:\ > > Probable spam connection rejected. Details at > > http://www.ordb.org/faq"; \ -t10 \ > > /var/qmail/bin/qmail-smtpd 2>&1 > > I didn't know this was possible with rblsmtpd. I couldn't find it > anywhere on the man page. I would love to do this as well, but I would > also like to have the default response from the RBLs included.Is it possible to have both included in the bounce message? Custom messages require rblsmtpd to be patched. Examples are given here if you are interested http://www.pipeline.com.au/staff/mbowe/isp/webmail-server.htm#QMAIL And then scroll down that page a bit for an example for rblsmtpd with custom error message including IP address (%IP%) Michael.
Re: [vchkpw] RBLs
Hello Paul, > Here's my call to the rbl's. i prefer to give some info in the 'FU' > response, to at least give them a clue where to start. we dropped > spamcop a while back, as they were listing some sites that - while > they may at times be sources of spam - are not in the main spam > sites - such as tropica. we had a number of customer complaints > from people who were subscribed to legitimate mailing lists > through tropica, when spamcop did a blanket blacklist of their > address space. uncool. > > anyway, here's what we use: > > /usr/local/bin/rblsmtpd -C \ > -a whitelist.example.com \ > -r "sbl-xbl.spamhaus.org:\ > Probable spam connection rejected. Details at > http://www.spamhaus.org"; \ -r "list.dsbl.org:\ > Probable spam connection rejected. Details at http://www.dsbl.org"; > \ -r "relays.ordb.org:\ > Probable spam connection rejected. Details at > http://www.ordb.org/faq"; \ -t10 \ > /var/qmail/bin/qmail-smtpd 2>&1 I didn't know this was possible with rblsmtpd. I couldn't find it anywhere on the man page. I would love to do this as well, but I would also like to have the default response from the RBLs included.Is it possible to have both included in the bounce message? Thanks in advance for your reply. Kind regards, Jasper Metselaar
Re: [vchkpw] RBLs
At 07:14 AM 7/6/2004, Eduardo M. Bragatto wrote: Jeremy Kitchen wrote: On Monday 05 July 2004 08:44 pm, Eduardo M. Bragatto wrote: What happens in the case that more than one RBL has the same blocked address? Which one actually blocks the smtp session? The one that answers first, or rblsmtpd waits until one to respond, before asking to another one? In that case, it askes in the same order that the parameters are given? the first one. If rblsmtpd finds a match, it doesn't bother wasting any more bandwith on the fool, and sends them a nice FU :) So, in that case, I may think that the first list given is more effective than others, since it will always be checked first and because of that, may blocks more than others... Is it right? I'm asking it because, like Simon (who started this thread), I also noticied more lists blocking than others... here's my call to the rbl's. i prefer to give some info in the 'FU' response, to at least give them a clue where to start. we dropped spamcop a while back, as they were listing some sites that - while they may at times be sources of spam - are not in the main spam sites - such as tropica. we had a number of customer complaints from people who were subscribed to legitimate mailing lists through tropica, when spamcop did a blanket blacklist of their address space. uncool. anyway, here's what we use: /usr/local/bin/rblsmtpd -C \ -a whitelist.example.com \ -r "sbl-xbl.spamhaus.org:\ Probable spam connection rejected. Details at http://www.spamhaus.org"; \ -r "list.dsbl.org:\ Probable spam connection rejected. Details at http://www.dsbl.org"; \ -r "relays.ordb.org:\ Probable spam connection rejected. Details at http://www.ordb.org/faq"; \ -t10 \ /var/qmail/bin/qmail-smtpd 2>&1 the whitelist call is to put in some custom rules by customer request, though ultimately it's simpler to just list them in /service/smtpd/tcp. the '-t10' ensures that if one of the rbls isn't answering, it doesn't hang up smtp connections for a long time waiting. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com
Re: [vchkpw] RBLs
Jeremy Kitchen wrote: On Monday 05 July 2004 08:44 pm, Eduardo M. Bragatto wrote: What happens in the case that more than one RBL has the same blocked address? Which one actually blocks the smtp session? The one that answers first, or rblsmtpd waits until one to respond, before asking to another one? In that case, it askes in the same order that the parameters are given? the first one. If rblsmtpd finds a match, it doesn't bother wasting any more bandwith on the fool, and sends them a nice FU :) So, in that case, I may think that the first list given is more effective than others, since it will always be checked first and because of that, may blocks more than others... Is it right? I'm asking it because, like Simon (who started this thread), I also noticied more lists blocking than others... Best regards, Eduardo M. Bragatto.
Re: [vchkpw] RBLs
On Monday 05 July 2004 08:44 pm, Eduardo M. Bragatto wrote: > [EMAIL PROTECTED] wrote: > > /usr/local/bin/rblsmtpd -t 10 -r relays.ordb.org -r bl.spamcop.net -r > > dnsbl.njabl.org \ > > -r opm.blitzed.org -r sbl-xbl.spamhaus.org -r > > blackholes.mail-abuse.org > > What happens in the case that more than one RBL has the same blocked > address? Which one actually blocks the smtp session? The one that > answers first, or rblsmtpd waits until one to respond, before asking to > another one? In that case, it askes in the same order that the > parameters are given? the first one. If rblsmtpd finds a match, it doesn't bother wasting any more bandwith on the fool, and sends them a nice FU :) -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] RBLs
On Monday 05 July 2004 02:51 pm, [EMAIL PROTECTED] wrote: > What I'd like to know is what some of you other admins are using -- are > there any we are missing that are effective? Has anyone found that one of > the above is not providing any usefulness and could be dropped? I use sbl-xbl.spamhaus.org and relays.ordb.org. Also, but only for reasons of a personal nature, china.blackholes.us, and verio.blackholes.us but I would never use those on a customer's server. spamcop and spews are on my shitlist for my dealings with them in the past (they are way overly anal about their listing policies). Not using at least relays.ordb.org in your blacklisting policy, in my opinion, is a bad idea, as relays.ordb.org is a fully automated blacklisting service for open relays. Anyone running an open relay needs to fix it, and blacklisting them is probably the quickest way to get their attention :) -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 847.492.0470 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail
Re: [vchkpw] RBLs
[EMAIL PROTECTED] wrote: What I'd like to know is what some of you other admins are using -- are there any we are missing that are effective? Has anyone found that one of the above is not providing any usefulness and could be dropped? We're currently using: bl.spamcop.net sbl.spamhaus.org zombie.dnsbl.sorbs.net We used to run njabl like you, but stopped due to us seeing an influx of customer complaints. To be honest I didn't research it much, but once the tickets started to fill up due to that list, I just dropped it. I still think the best filtering we do however is via the SURBL using SpamAssassin. It searchs the message content for known spam URI's and SpamAssassin scores from that point. I'd have to say that in the last five years I've spent doing spam filtering, it's the most effective list I've ever used. If you are using SpamAssassin, you can find more information on it at http://www.surbl.org/. They have a few lists you can use with SpamAssassin, and they all work well. Also, I'm a bit biased to the SURBL since I am a public nameserver administrator for them, however that is just due to how well the product works, I felt I needed to give something back to them for the hard work they do on development. Regards, Joe Boyce System Administrator InterStar, Inc - Shasta.com Internet
Re: [vchkpw] RBLs
[EMAIL PROTECTED] wrote: /usr/local/bin/rblsmtpd -t 10 -r relays.ordb.org -r bl.spamcop.net -r dnsbl.njabl.org \ -r opm.blitzed.org -r sbl-xbl.spamhaus.org -r blackholes.mail-abuse.org What happens in the case that more than one RBL has the same blocked address? Which one actually blocks the smtp session? The one that answers first, or rblsmtpd waits until one to respond, before asking to another one? In that case, it askes in the same order that the parameters are given? Best regards, Eduardo M. Bragatto.
RE: [vchkpw] RBLs
Mario: We call rblsmtpd through tcpserver. This is the section of our tcpserver shell start script: /usr/local/bin/rblsmtpd -t 10 -r relays.ordb.org -r bl.spamcop.net -r dnsbl.njabl.org \ -r opm.blitzed.org -r sbl-xbl.spamhaus.org -r blackholes.mail-abuse.org Hope this answers your question. -Simon > Hi, > > Just asking... do you put all those in qmail-smtpd, or do you use another > method ? > > Regards, > Mário Gamito > >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent: Monday, July 05, 2004 8:52 PM >> To: [EMAIL PROTECTED] >> Subject: [vchkpw] RBLs >> >> Hello! >> >> Currently on our Qmail server cluster (3 servers scanning >> SMTP traffic in and out) we're checking: >> >> relays.ordb.org >> bl.spamcop.net >> dnsbl.njabl.org >> opm.blitzed.org >> sbl-xbl.spamhaus.org >> blackholes.mail-abuse.org >> >> via rblsmtpd. So far, we've noticed that Spamcop and Spamhaus >> are the two most effective RBLs. ORDb, Blitzed, and >> mail-abuse have not been as active as we'd hoped. We've also >> not noticed an undue amount of overhead for our mail scanning servers. >> >> What I'd like to know is what some of you other admins are >> using -- are there any we are missing that are effective? Has >> anyone found that one of the above is not providing any >> usefulness and could be dropped? >> >> Thanks! :) >> >> -Simon >> > >
RE: [vchkpw] RBLs
Hi, Just asking... do you put all those in qmail-smtpd, or do you use another method ? Regards, Mário Gamito > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, July 05, 2004 8:52 PM > To: [EMAIL PROTECTED] > Subject: [vchkpw] RBLs > > Hello! > > Currently on our Qmail server cluster (3 servers scanning > SMTP traffic in and out) we're checking: > > relays.ordb.org > bl.spamcop.net > dnsbl.njabl.org > opm.blitzed.org > sbl-xbl.spamhaus.org > blackholes.mail-abuse.org > > via rblsmtpd. So far, we've noticed that Spamcop and Spamhaus > are the two most effective RBLs. ORDb, Blitzed, and > mail-abuse have not been as active as we'd hoped. We've also > not noticed an undue amount of overhead for our mail scanning servers. > > What I'd like to know is what some of you other admins are > using -- are there any we are missing that are effective? Has > anyone found that one of the above is not providing any > usefulness and could be dropped? > > Thanks! :) > > -Simon >
[vchkpw] RBLs
Hello! Currently on our Qmail server cluster (3 servers scanning SMTP traffic in and out) we're checking: relays.ordb.org bl.spamcop.net dnsbl.njabl.org opm.blitzed.org sbl-xbl.spamhaus.org blackholes.mail-abuse.org via rblsmtpd. So far, we've noticed that Spamcop and Spamhaus are the two most effective RBLs. ORDb, Blitzed, and mail-abuse have not been as active as we'd hoped. We've also not noticed an undue amount of overhead for our mail scanning servers. What I'd like to know is what some of you other admins are using -- are there any we are missing that are effective? Has anyone found that one of the above is not providing any usefulness and could be dropped? Thanks! :) -Simon