W dniu 2009-04-05 04:27, Sahil Tandon pisze:
On Sat, 04 Apr 2009, LuKreme wrote:
On 4-Apr-2009, at 16:02, Noel Jones wrote:
Best in smtpd_data_restrictions so you don't reject sourceforge and
others sender verification probes.
Is there anything I need to be concerned about having/not having in
smtpd_data_restrictions? it is currently commented out. if I simply
put:
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_rbl_client ips.backscatterer.org,
reject_rbl_client bl.spamcannibal.org
permit
The trailing permit is unnecessary. And some people worry about blocking
legitimate mail from sites listed on those RBLs. If you share that fear, you
could use an access(5) table to limit the RBL lookups (and rejections) only
to null envelope senders.
You should NEVER use ips.backscatterer.org as global RBL. You'll block
legitimate mails for sure. The question is only how many.
Also using bl.spamcannibal.org for all senders is not very safe. Before
using ANY RBL read what it actually does.
From backscatterer.org site:
"Listing Policy is quite simple. Every IP which backscatters or does
sender callouts will be listed the next 4 weeks here."
So every host which does email verification would be entirely blocked,
and that's almost surely not what one would want.
And on more citation:
"Unfortunable many and also big providers do still backscatter. They are
flooding you with bounces but will almost always send real mail too.
As long as you are not a BOFH nor having the intention to boycott such
servers we strongly recommend to use ips.backscatterer.org in SAFE MODE
to prevent false positives.
SAFE MODE means you will do DNSBL-Querys if MAIL FROM: is <> or
postmaster only.
Used in safe mode ips.backscatterer.org will protect you against
misdirected bounces and sender callouts while you can not loose any real
mail."
A bit different situation is with spamcannibal. It's "normal" RBL, but
in my place it was giving 10 to 50 false positives daily. A month ago
spamcannibal was stopping some backscatter. Now I get rarely any hits,
but it's used as the very last RBL to check emails from <> ans
postmaster. Soem citation from their site:
"The ONLY way you can get into SpamCannibal's database is by sending
spam or virus ladened email to our mail servers!
SpamCannibal does not block email access except for IP addresses and
ranges that have sent or relayed what we believe to be spam or other
unsolicited email directly to our email servers. SpamCannibal uses its
database to block access by IP addresses ONLY for its own mail servers,
however, the database we use for that purpose is freely available for
anyone to look at and use as they see fit. "
So if one would do a typo in email and got into their honeypot, the host
(or subnet) is getting blacklisted. For me it's much to simple to get
blacklisted at spamcannibal.org.
Pawel Lesniak
