Victor Duchovni pisze:
On Thu, Feb 12, 2009 at 02:02:03PM -0500, Linux Addict wrote:
Please see below my smtpd_recipient_restrictions. On my rbl client list I
have multiple entries, but not sure how many of them actually maintained. Is
there one single place where I can find such a list. Any help is greatly
appreciated.
Replace all of them with just:
reject_rbl_client zen.spamhaus.org
If this still leaves you with way too much junk to filter with a content
filter, and you can afford to be more aggressive, add just
reject_rbl_client bl.spamcop.net
avoid all the rest, especially the ones long dead.
Make sure your DNS cache is not using an ISP upstream forwarder.
If your traffic is high enough, buy a SpamHaus data feed.
On my server I get following results in logs (last 4 days):
$ ~/dnsblcount /var/log/mail.1
zen.spamhaus.org 3438
ips.backscatterer.org 98
hostkarma.junkemailfilter.com=127.0.0.2 28
bl.spamcannibal.org 17
cbl.abuseat.org 3
=================================================
Total DNSBL rejections: 3584
$ ~/dnsblcount /var/log/mail.2
zen.spamhaus.org 6938
ips.backscatterer.org 115
hostkarma.junkemailfilter.com=127.0.0.2 67
t1.dnsbl.net.au 33
bl.spamcannibal.org 13
dnsbl-1.uceprotect.net 3
bl.spamcop.net 2
=================================================
Total DNSBL rejections: 7171
$ ~/dnsblcount /var/log/mail.3
zen.spamhaus.org 10810
hostkarma.junkemailfilter.com=127.0.0.2 164
ips.backscatterer.org 80
bl.spamcannibal.org 24
dnsbl.njabl.org 7
dnsbl-1.uceprotect.net 4
cbl.abuseat.org 2
=================================================
Total DNSBL rejections: 11091
$ ~/dnsblcount /var/log/mail.4
zen.spamhaus.org 10875
hostkarma.junkemailfilter.com=127.0.0.2 98
bl.spamcannibal.org 25
ips.backscatterer.org 10
dnsbl.njabl.org 2
cbl.abuseat.org 1
=================================================
Total DNSBL rejections: 11011
As you can see cbl.abuseat.org which is included in zen.spamhaus.org
gives some more results than zen (actually it's simple - update takes
some time).
backscatterer and spamcannibal are used only for <> and postmaster senders.
dnsbl-1.uceprotect.net gave me only false positives so it's turned off now.
I'm also using t1.dnsbl.net.au and bl.spamcop.net (this one I've got
right after zen.spamhaus) - no results in last 4 days, but still testing.
I have a total of ~5-20k SMTP sessions per day which get to rbl tests.
So after testing zen.spamhaus.org it's about 1 to 10k tests left to be
done. And while I have local dns server it's even smaller number of DNS
checks with BLs). I think that most of people here will say that it's
(at least) stupid to have only ~0.1% more spams filtered with one more
rbl check (with that low SMTP traffic).
Anyways before rejecting mails with any BL (besides those really "well
known", like the two Victor gave), check if those won't give you too
many false positives.
I'd also recommend to lower smtpd_recipient_limit from 300 to some
reasonable amount, unless you really use that "large" bulk mailings.
Pawel
