Mark Watts put forth on 3/10/2011 9:57 AM: > I'm already using three RBL's (b.barracudacentral.org, zen.spamhaus.org > and dnsbl.sorbs.net) yet I'm still seeing a fair amount of spam coming > in from Russian and Romanian IP ranges that isn't blocked.
It would be helpful if you posted your 'postconf -n' output so we can make sure you have all the standard Postfix anti UCE controls enabled. In the mean time, give this a go: http://www.hardwarefreak.comf/fqrdns.pcre Simple to implement. Usage instructions are at the top of the file. It targets dynamic IP hosts and some others that simply shouldn't be sending SMTP mail directly. It stops quite a bit that Zen (CBL+PBL), SORBS DUL, and other DNSBLs miss. It's a simple PCRE table consisting of 1600+ regular expressions that matche rDNS strings of undesirable hosts. Myself and a few others on this list use it with good results. It's not magic, but just another good tool to have in your AS arsenal. You may also want to give this a go: http://people.freebsd.org/~sahil/scripts/checkdbl.pl.txt It scans mail headers for domains and checks them against 3 URI/domain based DNSBLs. These are user configurable, so you can add more URI/domain DNSBLs if you wish. Do NOT use IP based DNSBLs with this, only URI/domain DNSBLs. I'd use both of the above tools regardless of the Russian/Romanian spam problem. And if you absolutely will never receive mail from these countries, or very infrequently, using ipdeny.com as Wietse mentioned is a sure fire way to block the entire country. I use it myself against Russia, Romania, China, Korea, Malaysia, and a few others. If you do this it's a good idea to implement the dnswl.org whitelist: http://www.dnswl.org Postfix > 2.8 can query DNSWL directly. For earlier versions you'll need to get permission to rsync the data file. You'll need to run it through a script to add "permit_auth_destination" to each IP line transforming it into a CIDR table. I can give you the script I use if you need it. -- Stan
