Matus UHLAR - fantomas via Postfix-users:
> On 16.10.23 10:33, Ivan Ionut via Postfix-users wrote:
> >postscreen_blacklist_action = drop
> >postscreen_dnsbl_threshold = 4
> >postscreen_dnsbl_action = enforce
> >postscreen_dnsbl_sites =
> > zen.spamhaus.org
> > b.barracudacentral.org
> > bl.spameatingmonkey.net
> > bl.spamcop.net
> > dnsbl.sorbs.net
> > dnsbl-1.uceprotect.net
> > dnsbl-2.uceprotect.net
> > dnsbl-3.uceprotect.net
> > spamsources.fabel.dk
> > rbl.abuse.ro
> > bl.blocklist.de
> > bl.0spam.org
> > truncate.gbudb.net
> > spam.dnsbl.anonmails.de
> > cbl.abuseat.org
> > hostkarma.junkemailfiltebeltimeblacklist.com=127.0.0.2
> > rbl.dns-servicios.com
> > rbl.interserver.net
> > spam.spamrats.com
> > ubl.unsubscore.com
> > dnsbl.dronebl.org
> > z.mailspike.net
> > bl.mailspike.net
> > dnsbl.zapbl.net
> > dnsbl.cobion.com
> > db.wpbl.info
> >
> > And in my logs I have this example of blocked email(a non-spam one):
> >
> > blocked using dnsbl-2.uceprotect.net
> > blocked using spam.dnsbl.anonmails.de
> >
> >So only two of them, not four. And I want to know if there is a way to
> >log more information about the threshold for each rejected email(maybe
> >for each dnsbl_site).
>
> Those are just rejection messages. Postscreen uses one of *bls in reejction
> notice, depending on order in which the DNS responses came.
> You can look at logs of "postfix/dnsblog" to see which hit:
...
> Note that this can even result into logging DNSWL as reason for blocking, if
> e.g. IP hits one DNSWL but multiple DNSBLs. You can use
> postscreen_dnsbl_reply_map to map the list into other strings, e.g.
Are you sure that postscreen will use a whitelist name as the reason
for blocking?
When postscreen accumulates a client score, it remembers not only
the total (score->total), but also the name (score->dnsbl_name) and
weight (score->dnsbl_weight) of the service that made the largest
positive contribution to that score, and uses that name as the
reason for blocking.
if (score->dnsbl_name == 0
|| score->dnsbl_weight < site->weight) {
score->dnsbl_name = head->safe_dnsbl;
score->dnsbl_weight = site->weight;
}
score->total += site->weight;
In the code fragment,
- head->safe_dnsbl is a dnsbl name configured with postscreen_dnsbl_sites
which may be censored with postscreen_dnsbl_reply_map,
- site->weight is a weight configured with postscreen_dnsbl_sites.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
