[EMAIL PROTECTED] wrote:
Personally, I would classify RBL as a totally illegal activity. Those
f*cking idiots have blocked me way too many times. So no, I won't send
you a RBL list.
This is bad and misleading advice. Just because you are listed on one
or more RBLs does not mean they are bad. Tolga, use zen.spamhaus.org
to reject at SMTP time. Also consider rejecting machines that HELO (or
EHLO) with "dynamic looking" hostnames.
Although somewhat controversial, I've had great success with exactly that.
A couple of dozen regular expressions that match things like "dynamic",
"home", numeric addresses and similar patterns in
/etc/postfix/spam_ip_regex in smtpd_client_restrictions cuts the spam
and the calls to RBLs way down:
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
hash:/etc/postfix/whitelist,
regexp:/etc/postfix/spam_ip_regex,
reject_unknown_reverse_client_hostname,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_rbl_client zen.spamhaus.org
Terry
I'll get flamed for this as overly broad, however it's been in
production for quite a while with no problems that couldn't be fixed by
adding an IP to the whitelist every now and then. I'm also certain that
some of the expressions could be simplified, however I haven't found the
need to bother with it, as they work nicely as-is.
Some of the expressions are very broad (like #3), which matches any IP
seperated with dashes like "123-123-123-123". This is intentional. If
the admin is too lazy to give the mail server any sort of meaningful
reverse DNS, I probably don't need to be talking to them. The up-side is
that it catches an absolute ton of home users, dial-up, etc., which are
almost all infected spam-bots.
Note the actual message contains the company's 800 number to call if you
need to be whitelisted. So far, number of calls received has been
insignificant.
Terry
spam_ip_regex
/p[0-9]{1,3}n[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.rurasltel\.net/i
555 AUTO_POOL_RTN Email Rejected.
/cablelink[0-9]{1,3}-[0-9]{1,3}.intercable.net/i
555 AUTO_DYNAMIC_ID_PATTERN_DOT_INTERCABLE Email Rejected.
/[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}./
555 AUTO_DYNAMIC_ID_PATTERN_DASH Email Rejected.
/net-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}./i
555 AUTO_DYNAMIC_ID_PATTERN_DOT_DASH_NET Email Rejected.
/^dsl.*\..*\..*/i
555 AUTO_DSL Email Rejected. You appear to be connecting from a Dynamic
IP address.
/[ax]dsl.*\..*\..*/i
555 AUTO_XDSL Email Rejected. You appear to be connecting from a Dynamic
IP address.
/client.*\..*\..*/i
555 AUTO_CLIENT Email Rejected. You appear to be connecting from a
Dynamic IP address.
/cable.*\..*\..*/i
555 AUTO_CABLE Email Rejected. You appear to be connecting from a
Dynamic IP address.
/dial.*\..*\..*/i
555 AUTO_DIAL Email Rejected. You appear to be connecting from a Dynamic
IP address.
/.*dial[\-]*in.*/i
555 AUTO_DIAL2 Email Rejected. You appear to be connecting from a
Dynamic IP address.
/ppp.*\..*\..*/i
555 AUTO_PPP Email Rejected. You appear to be connecting from a Dynamic
IP address.
/.*\.home\..*/i
555 AUTO_HOME Email Rejected. You appear to be connecting from a Dynamic
IP address.
/dslam.*\..*\..*/i
555 AUTO_DSLAM Email Rejected. You appear to be connecting from a
Dynamic IP address.
/node.*\..*\..*/i
555 AUTO_NODE Email Rejected. You appear to be connecting from a Dynamic
IP address.
/.*dial-up.*/i
555 AUTO_DIAL_UP_ID_PATTERN Email Rejected. You appear to be connecting
from a Dynamic IP address.
/.*\.dhcp.*/i
555 AUTO_DHCP_ID_PATTERN Email Rejected. You appear to be connecting
from a Dynamic IP address.
/.*\.dsl\.*/i
--
Terry Carmen
CNY Support, LLC
315.382.3939
http://cnysupport.com
