Stan, Thanks for the reply and showing me a way.
Can you elaborate on your solution ? Some of my doubts arise from : >I started my own local block lists >implemented in various Postfix access tables. It has been very >effective, especially against snowshoe spammers. >http://www.postfix.org/access.5.html >http://www.postfix.org/cidr_table.5.html How were you able to identify that a particular IP/IP's are the source of spam attack on your mail server? After identifying that a particular IP/IP's is the source of attack how were you able to update your local block lists automatically? For how long did you maintain the IP/IP's record in your local block lists and refreshed them? Thanks in advance Ashish Sharma -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Stan Hoeppner Sent: Tuesday, November 03, 2009 8:10 PM To: postfix-users@postfix.org Subject: Adding spam attack IP's to DNSRBL providers Sharma, Ashish put forth on 11/3/2009 3:58 AM: > Hello, > > I have a Postfix e-mail receiving server setup. > > I have applied the following setting in my Postfix main.cf file: > > smtpd_recipient_restrictions = > reject_unauth_destination, > reject_rbl_client sbl-xbl.spamhaus.org, > reject_rbl_client bl.spamcop.net > permit > > for checking the mails with DNSRBL providers. > > Since Postfix has custom built RBL check, I want to know if a certain IP > address is continuously attacking with spam on my e-mail server, then > how can I get it added with the following DNSRBL provider list: > > 1. Spamcop > 2. Spamhaus Short answer: For most dnsbls you can't. You can report spam to Spamcop and it _might_ make it into their listing. You can't report spam to Spamhaus at all. They are strictly trap driven or they list based upon their own research. With Spamhaus, you can report entire spammy networks, but your research needs to be thorough and dead on, and this must be done through back channel contacts AFAIK. They have no official mechanism for receiving reports. You seem to be at the same point I was a couple of years ago--only using dnsbls and no local lists and filters. At the time, I desired to, and attempted to do the same thing you desire, to report the spam to the dnsbls hoping they'd list the senders. After I learned that's not a realistic possibility or solution, I started my own local block lists implemented in various Postfix access tables. It has been very effective, especially against snowshoe spammers. http://www.postfix.org/access.5.html http://www.postfix.org/cidr_table.5.html Also, if you will never need to receive emails from certain countries, you can smtp block their entire address space (or firewall it for that matter) using http://ipdeny.com I use this to great effect, blocking around 1/4 to 1/3 of all inbound spam attempts. -- Stan
