Re: Restrictions after postscreen (was: Re: Postscreen DNSBL Sites)

On Wed, May 1, 2013 at 5:14 AM, /dev/rob0 wrote: > > > > Here are my current entries: > > > > smtpd_recipient_restrictions = > > permit_mynetworks, > > permit_sasl_authenticated, > > I don't put these permit_* in global restrictions; I only apply them > to submission via -o smtpd_

Re: Restrictions after postscreen (was: Re: Postscreen DNSBL Sites)

On 2013-05-01 07:14:37 -0500, /dev/rob0 wrote: > On Wed, Apr 24, 2013 at 03:44:19PM -0700, Steve Jenkins wrote: > > warn_if_reject reject_unknown_reverse_client_hostname, > > Safe, because many large receivers do this as well. That's interesting. Several months ago, I intended to add it,

Restrictions after postscreen (was: Re: Postscreen DNSBL Sites)

On Wed, Apr 24, 2013 at 03:44:19PM -0700, Steve Jenkins wrote: > On Wed, Apr 24, 2013 at 3:15 PM, /dev/rob0 wrote: > > > True, but for all we know they could be preceded by a > > check_policy_service or permit_dnswl_client restriction. > > Well, in this case they're not (yet?) preceded by any of

Re: Postscreen DNSBL Sites

On Wed, Apr 24, 2013 at 3:15 PM, /dev/rob0 wrote: > True, but for all we know they could be preceded by a > check_policy_service or permit_dnswl_client restriction. > Well, in this case they're not (yet?) preceded by any of those... but I'm learning more and more with every piece of this discuss

Re: Postscreen DNSBL Sites

On Wed, Apr 24, 2013 at 11:27:41PM +0200, Jeroen Geilman wrote: > On 04/24/2013 11:23 PM, Steve Jenkins wrote: > >On Tue, Apr 23, 2013 at 12:41 PM, /dev/rob0 : > > > >With those restrictions, you could just as well raise the > >corresponding postscreen_dnsbl_sites scores to 3 for each. > >

Re: Postscreen DNSBL Sites

On Wed, Apr 24, 2013 at 2:27 PM, Jeroen Geilman wrote: > These make any deviation in scoring for zen and barracuda in POSTSCREEN > irrelevant. > The reject_rbl_client results are not weighted; they're fail/pass. > I'd just remove them here. > > (You still don't have the hang of scoring.) > Ok -

Re: Postscreen DNSBL Sites

On 04/24/2013 11:23 PM, Steve Jenkins wrote: On Tue, Apr 23, 2013 at 12:41 PM, /dev/rob0 > wrote: With those restrictions, you could just as well raise the corresponding postscreen_dnsbl_sites scores to 3 for each. ISTM that you're missing the point of scoring.

Re: Postscreen DNSBL Sites

On Tue, Apr 23, 2013 at 12:41 PM, /dev/rob0 wrote: > With those restrictions, you could just as well raise the > corresponding postscreen_dnsbl_sites scores to 3 for each. ISTM that > you're missing the point of scoring. > > Yes, as I mentioned, Zen and (for most domains) BRBL listings are > good

Re: Postscreen DNSBL Sites

On 2013-04-23 13:23:17 -0500, /dev/rob0 wrote: > Looks very similar to mine, http://rob0.nodns4.us/postscreen.html Thanks for this example. BTW, are the deep protocol tests (in addition to the dnsbl tests) useful in practice? Do you have statistics? Is this mainly for new zombies that have not ha

Re: Postscreen DNSBL Sites

On Tue, Apr 23, 2013 at 08:59:41PM -0700, David Benfell wrote: > On 04/23/2013 10:42 AM, Steve Jenkins wrote: > > > > This setup has been working pretty well for me, and reduces false > > positives by not allowing any single DNSBL to block an incoming > > connection without concurrence from at l

Re: Postscreen DNSBL Sites

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/23/2013 10:42 AM, Steve Jenkins wrote: > > This setup has been working pretty well for me, and reduces false > positives by not allowing any single DNSBL to block an incoming > connection without concurrence from at least one other DNSBL. > F

Re: Postscreen DNSBL Sites

On Tue, Apr 23, 2013 at 11:41:42AM -0700, Steve Jenkins wrote: > On Tue, Apr 23, 2013 at 11:23 AM, /dev/rob0 wrote: > > > Looks very similar to mine, http://rob0.nodns4.us/postscreen.html > > > > > postscreen_dnsbl_threshold = 3 [snip] > > I'm fine with blocking for Zen alone, thus I give it 3. O

Re: Postscreen DNSBL Sites

On Tue, Apr 23, 2013 at 11:23 AM, /dev/rob0 wrote: > Looks very similar to mine, http://rob0.nodns4.us/postscreen.html > > > postscreen_dnsbl_threshold = 3 > > postscreen_dnsbl_sites = > > zen.spamhaus.org*2, > > b.barracudacentral.org*2, > > dnsbl.mjabl.org, > > What? $ w

Re: Postscreen DNSBL Sites

On Apr 23, 2013, at 20:23, /dev/rob0 wrote: >> postscreen_dnsbl_threshold = 3 >> postscreen_dnsbl_sites = >>zen.spamhaus.org*2, >>b.barracudacentral.org*2, >>dnsbl.mjabl.org, > > What? $ whois mjabl.org >

Re: Postscreen DNSBL Sites

On Apr 23, 2013, at 19:42, Steve Jenkins wrote: > I recently removed TRBLSPAM from my postscreen_dnsbl_sites lists after they > went offline earlier this month (this should be a reminder to do the same for > anyone here who also used them). That got me wondering about what DNSBL sites > others

Re: Postscreen DNSBL Sites

On Tue, Apr 23, 2013 at 10:42:36AM -0700, Steve Jenkins wrote: > I recently removed TRBLSPAM from my postscreen_dnsbl_sites lists > after they went offline earlier this month (this should be a > reminder to do the same for anyone here who also used them). That > got me wondering about what DNSBL

Postscreen DNSBL Sites

I recently removed TRBLSPAM from my postscreen_dnsbl_sites lists after they went offline earlier this month (this should be a reminder to do the same for anyone here who also used them). That got me wondering about what DNSBL sites others have been successfully using with Postscreen. Here's my cur