Am 31.05.2016 um 00:59 schrieb Reindl Harald:
Am 31.05.2016 um 00:57 schrieb Reindl Harald:Am 31.05.2016 um 00:49 schrieb Alex:Hi,So I created the RCVD_IN_XBL_ALL "deep header" rule and have since reduced its score. However, there's still RCVD_IN_BL_SPAMCOP_NET as part of the default ruleset, which I could of course change, but it's scored 1.3 by default for that same "deep header" IP address. Does that rule deserve some attention to determine whether it should also be reduced by default for the same reason as the SBL/XBL rule?DUNNO - we disabled all internal RBL's (exepct mailspike) from start because we feed postscreen and spamassassin from the same webinterface with different scores for both but same lists (and some of them are mirrored on the local rbldnsd with different names in the own domain)So then what were all those RBLs you listed initially with their weights? bl.spamcop.net was among them...can't say initailly - maintained starting summer 2014 - current state don't use anything ending with "thelounge.net", our public nameservers answers always with 127.0.0.2 to stop users which blind copy&paste because they have no access to that zones and there was a lot of useless response-rate-limitings in case of mirrored zones the alias contains the real list hopefully that get somehow useable displayed in the maildid not - attached as textfile this time
below some numbers from the current month showing why postscreen in front is that important (at the moment 250 MHz CPU usage on the virtual machine with 2% for journald/rsyslog writin gmaillog) for performance while the 434722 dnsbl-rejects are only a small part of the game
the "Hangup: 665860" did not wait for the result at all and closed connection because "postscreen_greet_wait = ${stress?2}${stress:12}s"
70% of all that crap is from the last 7 days where numbers started to explode, on the inbound-mx as well as on our honeypot network blacklisted currently 50000 ip's while normally 15000-20000 and lists at the moment 21161 blacklistings refrsehd within the last 24 hours
BAYES_00 27216 73.67 % BAYES_05 804 2.17 % BAYES_20 1067 2.88 % BAYES_40 901 2.43 % BAYES_50 3110 8.41 % BAYES_60 358 0.96 % 8.91 % (OF TOTAL BLOCKED) BAYES_80 347 0.93 % 8.64 % (OF TOTAL BLOCKED) BAYES_95 293 0.79 % 7.29 % (OF TOTAL BLOCKED) BAYES_99 2845 7.70 % 70.84 % (OF TOTAL BLOCKED) BAYES_999 2503 6.77 % 62.32 % (OF TOTAL BLOCKED) DNSWL 52213 94.10 % SPF 36458 65.70 % SPF/DKIM WL 16232 29.25 % SHORTCIRCUIT 18515 33.36 % BLOCKED 4016 7.23 % SPAMMY 3843 6.92 % 95.69 % (OF TOTAL BLOCKED) spamhaus.org 321543 sorbs.net 60687 inps.de 35828 barracudacentral.org 9023 thelounge.net 5255 junkemailfilter.com 939 psbl.org 437 manitu.net 380 senderscore.com 234 mailspike.net 217 spamcannibal.org 102 spamcop.net 70 swinog.ch 7 ================================= Total DNSBL rejections: 434722 _____________________________________________________ Connections: 806720 Postscreen WL: 29636 (3.67 %) Delivered: 52751 Blocked: 753969 Invalid User: 7288 Disallowed User: 12 Reject Postscreen: 438583 Reject Postfix: 15419 Reject Milter: 4201 Reject Temporary: 1266 Greylisted: 1464 Blacklist: 436079 Pregreet: 43449 Hangup: 665860 Protocol Error: 1247 Illegal Syntax: 7 SpamAssassin: 4016 Virus (Milter): 180 Virus (SA): 97 Helo: 1644 Subject: 248 From: 65 Attachment: 62 Header Length: 22 Sender Regex: 90 Sender Blocked: 237 Sender Verify: 168 Sender Invalid: 1460 Sender Spoofed: 96 Sender Parked: 13 Spam-TLD: 328 PTR Missing: 297 PTR Generic: 499 SPF: 494
signature.asc
Description: OpenPGP digital signature
