Hi, > DNS is very effective to block at the MTA level. I setup my own private > RBL on the DNS servers my SA boxes point to. Dump your IPs into a > rbldnsd formatted zone file and setup your private RBL zone (doesn't > have to be a real zone on the Internet) to forward to rbldnsd. Rbldnsd > will detect changes to it's zone files and reload them automatically to > keep current.
Do you have some kind of whitelist that includes gmail, yahoo, etc? I'm not looking to compete with spamhaus, just compliment it, but rejecting outright at the SMTP level for IPs reaching my honeypots could be dangerous if not checked. I've now got rbldnsd implemented. I've also known for a while it's faster/better than bind, but bind has always been in place. I have rbldnsd running on port 530, alongside bind on 53. How do I specify a urirhsbl in spamassassin to query the DNS server running on 530 instead of 53? > In a related note, I have found that using the senderscore.org score combined > with postscreen's weighting is very effective in quickly catching new > spammers. > > postscreen_dnsbl_sites = > score.senderscore.com=127.0.4.[60..69]*2 > score.senderscore.com=127.0.4.[50..59]*4 > score.senderscore.com=127.0.4.[30..49]*6 > score.senderscore.com=127.0.4.[0..29]*8 > score.senderscore.com=127.0.4.[90..100]*-6 > score.senderscore.com=127.0.4.[80..89]*-4 > score.senderscore.com=127.0.4.[70..79]*-2 > > You should monitor your own outbound IPs for their sender score. If your > IP goes below 90, it's a good indication that you have been sending spam > and that your users are going to start experiencing delivery issues to the > Internet. Do you use this on inbound mail as well? How does it fit with the other postscreen dnsbls? I already have at least six various dnsbls with varying weights... Thanks, Alex
