Re: Uptick in spam

Sat, 28 Mar 2015 05:15:47 -0700 


Am 28.03.2015 um 13:01 schrieb David Jones:

From: Reindl Harald <h.rei...@thelounge.net>
Sent: Saturday, March 28, 2015 6:13 AM
To: users@spamassassin.apache.org
Subject: Re: Uptick in spam



Am 28.03.2015 um 12:04 schrieb David Jones:

I know that but I choose to use the "traditional" method in the Postfix
smtpd_recipient_restrictions so I can specify the order.  I have such a
high volume of mail for more than 100,000 mailboxes, I want to check
in a specific order using my local rbldnsd feed to prevent abuse of other
RBLs further down the list


Thank you for the recommendation and I will research the impact that
my high volume mail filters would cause to other RBLs that I do not
have a local rbldnsd feed for.  I have a local caching DNS server pointed
to a set of private DNS servers hosting my rbldnsd zones so the impact
should be as low as possible to the "external" RBL lookups.  I have to be
mindful of their free use limitations and abuse policies.  (I have received
emails from a few of them for excessive usage and had to discontinue
using those.)



hence postscreen and "postscreen_dnsbl_ttl = 10m" and/or if you use 
unbound as caching server: "cache-min-ttl: 600"



the problem with this approach is that with each RBL you raise the
false-positive rates extremely, until now i did not see any RBL without
FP be it Zen, Barracuda or Spamcop


You are correct.  This method does give complete power to each RBL
to reject a message.  If there were a way to specify the order of RBL
checks then I could eliminate this problem.  I will research this



they are ordered as you list them in the rcpt restricitions, but that 
don't help because not listed on the first two one but on the third has 
the same effect: unconditional reject



you could place DNSWL's in front but then you completly skip the RBL's 
and that won't work, another reason for postscreen: you combine 
different RBL's with different scores as well as DNSWL's with different 
negative scores to avoid false positives (see bottom of 
postscreen_dnsbl_sites)



and with "postscreen_greet_action = enforce" a ton of botjunk is 
filtered out independent if it made it to blacklists, well and all that 
happens before touch smtpd at all


Connections:       427269
Delivered:         56689
Reject Postscreen: 231729
Reject Postfix:    17531
Blacklist:         227773
Pregreet:          27272
Hangup:            272128
Protocol Error:    2666

postscreen_dnsbl_ttl = 10m
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
postscreen_dnsbl_sites =
  b.barracudacentral.org=127.0.0.2*7
  dnsbl.inps.de=127.0.0.2*7
  bl.mailspike.net=127.0.0.2*5
  bl.mailspike.net=127.0.0.[10;11;12]*4
  dnsbl.sorbs.net=127.0.0.10*8
  dnsbl.sorbs.net=127.0.0.5*6
  dnsbl.sorbs.net=127.0.0.7*3
  dnsbl.sorbs.net=127.0.0.8*2
  dnsbl.sorbs.net=127.0.0.6*2
  dnsbl.sorbs.net=127.0.0.9*2
  zen.spamhaus.org=127.0.0.[10;11]*8
  zen.spamhaus.org=127.0.0.[4..7]*6
  zen.spamhaus.org=127.0.0.3*4
  zen.spamhaus.org=127.0.0.2*3
  hostkarma.junkemailfilter.com=127.0.0.2*3
  hostkarma.junkemailfilter.com=127.0.0.4*1
  hostkarma.junkemailfilter.com=127.0.1.2*1
  wl.mailspike.net=127.0.0.[18;19;20]*-2
  list.dnswl.org=127.0.[0..255].0*-2
  list.dnswl.org=127.0.[0..255].1*-3
  list.dnswl.org=127.0.[0..255].2*-4
  list.dnswl.org=127.0.[0..255].3*-5
  hostkarma.junkemailfilter.com=127.0.0.1*-2




Attachment:
signature.asc

Description: OpenPGP digital signature




























					Reply via email to