[Techtalk] Re: filtering spam with spamassassin
Siobhan Elliott
siobhan+lc at spiderland.net
Sun Sep 14 13:15:37 EST 2003
begin electrogrammati illius Carla Schroder
> On Friday 12 September 2003 9:19 am, Siobhan Elliott wrote:
> > begin electrogrammati illius showercurtain:
> > > Also, postfix documentation says add lines to main.cf file such as:
> > >
> > > maps_rbl_domains = dun.dnsrbl.net
> > > smtpd_client_restrictions = reject_maps_rbl
> > >
> > > Suppose I want to use both ordb and dnsrbl - how do I include both of
> > > them in main.cf?
> >
> > If you are using the newer postfixes (2 and up) (which is of course
> > advisable) the syntax is simpler, as below (I have this in my main.cf):
> >
> > smtpd_client_restrictions = hash:/etc/postfix/access, reject_rbl_client
> > blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org, reject_rbl_client
> > taiwan.blackholes.us, reject_rbl_client cn-kr.blackholes.us,
> > reject_rbl_client proxies.relays.monkeys.com, permit
> >
> > This combo I've hit upon after some fiddling, and it works *very* well.
> >
>
> Would you mind explaining how you chose your RBLs? That's the difficult part,
> when an admin decides to use them, it would be helpful to explain a little
> how you chose the ones you use.
I compiled a list of possible RBLs to use, and tried each
one individually for a day for so to see what it was blocking
(grepping the logs each day to see what was dropped, and for any
false positives, I still do this with a shell script + cron.)
Then just started using them together.
The blackholes.easynet.nl RBL blocks over half our incoming spam
(hence it's is set first; if you just want to try one, I'd start
there.) These blocklists are all pretty "conservative" - note
the absence of SPEWS and the <$ENTIRE_ISP>.blackholes.us ones -
a business' mail comes in through here and they're understandably
vehement re: no legit mail being rejected. Some spam *does* still
get through, but is caught and tagged by spamassassin, it's about
10% of what it was pre-RBL and we can live with that. I was using
just spamassassin before but got sick of the load on the machine
necessary to process the junk, and the draining of bandwidth. I
should add that this works for the situation here, YMMV, &c.
Kind regards,
Siobhan
> thanks, Carla
--
"Go and use a library. If you don't know what a library is, it's sort
of like the Internet but with better pictures." --Struan Gray,
photo.net
More information about the Techtalk
mailing list