On 12/02/2017 09:09 PM, Junk wrote:
Is there any list that can be trusted and is publicly available or unless you
pay nothing is trusted?
See my previous list of postscreen_dnsbl_sites entries. These can be
trusted in aggregate but not individually. Traditionally in MTAs, a
single block list hit will reject email but that is too risky. You
really should consider switching to Postfix and try out
postscreen_dnsbl_sites to combine the results of block lists. More
trustworthy lists get a higher weight and less trustworthy lists get a
lower weight above zero. Whitelists get a negative weight to lower the
total score.
/etc/postfix/main.cf:
postscreen_cache_retention_time = 7d
postscreen_bare_newline_ttl = 7d
postscreen_greet_ttl = 7d
postscreen_non_smtp_command_ttl = 7d
postscreen_pipelining_ttl = 7d
postscreen_dnsbl_ttl = 1m
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?1}${stress:11}s
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
postscreen_dnsbl_whitelist_threshold = -1
postscreen_blacklist_action = drop
postscreen_dnsbl_sites =
... (from previous email)
On Dec 2, 2017, at 7:44 PM, Bill Cole <[email protected]>
wrote:
On 2 Dec 2017, at 13:33 (-0500), David Jones wrote:
Then you can start experimenting with RBLs at http://multirbl.valli.org/lookup/
Be VERY careful with that list of DNSBLs. For years they listed and tested my local,
private, never-public DNSBL (which has always had an external view that "lists the
world") despite repeated requests to stop, resulting in a steady stream of clueless
users pleading, rationalizing, and/or threatening me over their supposed listing. It is
only after I started to give actively hostile answers to external queries that they took
my DNSBL off their lookup page, but they still ping it every day or so. Apparently,
similar sites copied them and some end users seem to have gotten the bright idea to query
the zone, sometimes in substantial volume.
The bottom line: before actually *using* any of the DNSBLs you find via any
3rd-party site, research the list's actual purpose and availability.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
--
David Jones
