On Tue, Apr 23, 2013 at 11:23 AM, /dev/rob0 <r...@gmx.co.uk> wrote: > Looks very similar to mine, http://rob0.nodns4.us/postscreen.html > > > postscreen_dnsbl_threshold = 3 > > postscreen_dnsbl_sites = > > zen.spamhaus.org*2, > > b.barracudacentral.org*2, > > dnsbl.mjabl.org, > > What? $ whois mjabl.org > NOT FOUND
If you meant NJABL, they've been gone longer than TRBL, 2013-03-01 > First, thanks for the detailed and insightful reply. Exactly the type of feedback I was hoping for. And yep - njabl IS what I meant, and I've yanked them. :) > > bl.spameatingmonkey.net, > > dnsbl.ahbl.org, > > These are highly accurate for me. AHBL doesn't list as much, but I've > never seen it return anything questionable. > > > bl.spamcop.net, > > swl.spamhaus.org*-4, > > list.dnswl.org=127.[0..255].[0..255].0*-2, > > list.dnswl.org=127.[0..255].[0..255].1*-4, > > list.dnswl.org=127.[0..255].[0..255].[2..255]*-6 > > I'm fine with blocking for Zen alone, thus I give it 3. Of course > it's possible to continue using it as a reject_rbl_client smtpd > restriction, also. (I do that too. For some recipient domains I > also reject using BRBL.) I also do that. Any thoughts on these settings which I currently use? reject_rbl_client b.barracudacentral.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, > I'm wondering if others can recommend any other DNSBLs that I > > should consider, or if anyone has any other feedback on my setup. > > Having watched logs awhile following upgrade to 2.11 snapshots, I > found that PSBL and Mailspike are doing a good job. SORBS should > definitely be there as a 1-point list; I've had that a long time, > finding that SORBS often pushes a 2-point result over the top. > > I'm considering lowering BRBL to one point and taking it out of smtpd > restrictions. I've had recent problems with a sender from nerim.net > in France. I don't doubt that the global army of 'cudas has gotten > spam from there, but a 2-point list needs to be conservative IMO. > > Again, Mailspike is looking good, and I might soon switch to use of > rep.mailspike.net as a combined black/white list, but that will get > ugly in the sites list. I wish they had a different set of return > codes, i.e., a 127.0.x.x for the bad listings and 127.1.x.x for the > good ones. > > As I recently noted on this list, the whitelist sites are mostly > unused. There is almost no overlap between the blacklists and > whitelists. One nerim.net host (of numerous outbounds they use) seems > to be the only one (it's on BRBL and DNSWL.org as a .0, trust level > "none".) > > You can double your threshold and scores and add in more one-point > lists for testing. I didn't do that with my recent additions, but I > know they have been around long enough to have some credibility. In > that case I think a 1-point result is safe enough. Again, excellent advice and feedback. Thank you - I'm off to test out some of the ones you suggested! SteveJ
