Viktor Dukhovni via Postfix-users:
> On Mon, Oct 16, 2023 at 10:33:34AM +0300, Ivan Ionut via Postfix-users wrote:
>
> > Hi, I'm using postscreen dnsbl configuration to block some spam:
> >
> > postscreen_blacklist_action = drop
> > postscreen_dnsbl_threshold = 4
> > postscreen_dnsbl_action = enforce
> > postscreen_dnsbl_sites =
> > zen.spamhaus.org
> > b.barracudacentral.org
> > bl.spameatingmonkey.net
> > bl.spamcop.net
> > dnsbl.sorbs.net
> > dnsbl-1.uceprotect.net
> > dnsbl-2.uceprotect.net
> > dnsbl-3.uceprotect.net
> > spamsources.fabel.dk
> > rbl.abuse.ro
> > bl.blocklist.de
> > bl.0spam.org
> > truncate.gbudb.net
> > spam.dnsbl.anonmails.de
> > cbl.abuseat.org
> > hostkarma.junkemailfiltebeltimeblacklist.com=127.0.0.2
> > rbl.dns-servicios.com
> > rbl.interserver.net
> > spam.spamrats.com
> > ubl.unsubscore.com
> > dnsbl.dronebl.org
> > z.mailspike.net
> > bl.mailspike.net
> > dnsbl.zapbl.net
> > dnsbl.cobion.com
> > db.wpbl.info
>
> This is an absurdly large list of DNSBLs. Carefully choose at most ~4
> if your goal is to actually receive mail. If your goal is to be a QA
> site for RBLs, by all means proceed.
>
> > And in my logs I have this example of blocked email(a non-spam one):
> >
> > blocked using dnsbl-2.uceprotect.net
> > blocked using spam.dnsbl.anonmails.de
>
> The Postscreen service does not wait for all the RBLs to reply, once the
> score is high enough, the rest are ignored. Some may be down, some
> slow, etc.
The dnsbl collector waits until the number of pending lookups drops
to zero (score->pending_lookups == 0) or timeout, because the dnsbl
collector does not know the caller's threshold. That is, the mechanism
(getting a score) is implemented separately from the policy (thrshold).
Nowadays, it has to wait because results can have positive or
negative weights, and the order of results is non-deterministic.
Once the dnsbl results are in, postcreen can proceed as soon as
results from other tests are available (failed, passed, or cached).
If you want to know what individual DNSXLs have to say, you can
look at the dnsblog logging.
Wietse
> > So only two of them, not four. And I want to know if there is a way to
> > log more information about the threshold for each rejected email(maybe
> > for each dnsbl_site).
>
> Choose 2 or 3 decent RBLs, and you won't need nearly so much logging.
>
> > zen.spamhaus.org
>
> I get good results from just SpamHaus alone.
>
> > b.barracudacentral.org
>
> IIRC this list also has decent accuracy.
>
> --
> Viktor.
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> To unsubscribe send an email to postfix-users-le...@postfix.org
>
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
