info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Postscreen DNSBL weights
43 views
Skip to first unread message
Rod K
May 4, 2012, 11:29:01 AM5/4/12
to
Hi all,
Was wondering if anyone would be willing to share what DNSBL and weights
they are using with Postscreen.
Thanks,
Rod
Was wondering if anyone would be willing to share what DNSBL and weights
they are using with Postscreen.
Thanks,
Rod
Andrea gabellini - SC
May 5, 2012, 5:59:17 AM5/5/12
to
Hello,
this is my configuration:
postscreen_dnsbl_sites = list.dnswl.org=127.0.[0..255].[2..3]*-2,
iadb.isipp.com=127.[0;3].[1;100].[255;10;100]*-2,
wl.mailspike.net=127.0.0.[18..20]*-2, dnsbl.ahbl.org,
combined.njabl.org=127.0.0.[2;4;9]*2,
dnsbl.sorbs.net=127.0.0.[2;3;7;10], zen.spamhaus.org=127.0.0.[10;11]*2,
bl.spamcop.net, bl.mailspike.net=127.0.0.[2;10;11;12]*2,
b.barracudacentral.org, ix.dnsbl.manitu.net
postscreen_dnsbl_threshold = 2
Andrea
this is my configuration:
postscreen_dnsbl_sites = list.dnswl.org=127.0.[0..255].[2..3]*-2,
iadb.isipp.com=127.[0;3].[1;100].[255;10;100]*-2,
wl.mailspike.net=127.0.0.[18..20]*-2, dnsbl.ahbl.org,
combined.njabl.org=127.0.0.[2;4;9]*2,
dnsbl.sorbs.net=127.0.0.[2;3;7;10], zen.spamhaus.org=127.0.0.[10;11]*2,
bl.spamcop.net, bl.mailspike.net=127.0.0.[2;10;11;12]*2,
b.barracudacentral.org, ix.dnsbl.manitu.net
postscreen_dnsbl_threshold = 2
Andrea
Sahil Tandon
May 10, 2012, 11:38:07 PM5/10/12
to
On Fri, 2012-05-04 at 11:29:01 -0400, Rod K wrote:
> Was wondering if anyone would be willing to share what DNSBL and
> weights they are using with Postscreen.
Mine are adapted from a previous post by /dev/rob0:
> Was wondering if anyone would be willing to share what DNSBL and
> weights they are using with Postscreen.
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
zen.spamhaus.org*3
b.barracudacentral.org*3
dnsbl.njabl.org*2
bl.spameatingmonkey.net*2
bl.spamcop.net
dnsbl.ahbl.org
spamtrap.trblspam.com
swl.spamhaus.org*-5
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-4
list.dnswl.org=127.[0..255].[0..255].[2..255]*-6
And FWIW, the below statistics correspond to a recent 24hr period; TOTAL
is the number of IPs listed by a given zone, and UNIQ is the number of
IPs listed *only* by that zone. Regarding overlap with whitelists, I've
noticed that it's consistently highest for spamtrap.trblspam.com.
UNIQ/TOTAL DNSBL DNSWL
1022/17454 b.barracudacentral.org 17
54/6841 bl.spamcop.net 25
4/5502 bl.spameatingmonkey.net 0
5/96 dnsbl.ahbl.org 0
7/134 dnsbl.njabl.org 3
587/3842 spamtrap.trblspam.com 469
1609/18263 zen.spamhaus.org 5
UNIQ/TOTAL DNSWL DNSBL
2514/2520 list.dnswl.org 510
0/6 swl.spamhaus.org 0
--
Sahil Tandon
/dev/rob0
May 11, 2012, 8:35:28 AM5/11/12
to
On Thu, May 10, 2012 at 11:38:07PM -0400, Sahil Tandon wrote:
> On Fri, 2012-05-04 at 11:29:01 -0400, Rod K wrote:
>
> > Was wondering if anyone would be willing to share what DNSBL and
> > weights they are using with Postscreen.
>
> Mine are adapted from a previous post by /dev/rob0:
Mine is still very similar. I think I need to add a few more
> On Fri, 2012-05-04 at 11:29:01 -0400, Rod K wrote:
>
> > Was wondering if anyone would be willing to share what DNSBL and
> > weights they are using with Postscreen.
>
> Mine are adapted from a previous post by /dev/rob0:
one-point sites.
> postscreen_dnsbl_threshold = 3
> postscreen_dnsbl_sites =
> zen.spamhaus.org*3
> b.barracudacentral.org*3
reject_rbl_client for most of my recipient domains, so in effect I'm
doing the same. But BRBL requires at least one other DNSBL to cause
postscreen rejection.
> dnsbl.njabl.org*2
> bl.spameatingmonkey.net*2
> bl.spamcop.net
> dnsbl.ahbl.org
Not very effective, but very accurate. I give AHBL 2 points.
> spamtrap.trblspam.com
> swl.spamhaus.org*-5
> list.dnswl.org=127.[0..255].[0..255].0*-2
> list.dnswl.org=127.[0..255].[0..255].1*-4
> list.dnswl.org=127.[0..255].[0..255].[2..255]*-6
>
> And FWIW, the below statistics correspond to a recent 24hr period;
> TOTAL is the number of IPs listed by a given zone, and UNIQ is the
> number of IPs listed *only* by that zone. Regarding overlap with
> whitelists, I've noticed that it's consistently highest for
> spamtrap.trblspam.com.
>
> UNIQ/TOTAL DNSBL DNSWL
> 1022/17454 b.barracudacentral.org 17
> 54/6841 bl.spamcop.net 25
> 4/5502 bl.spameatingmonkey.net 0
> 5/96 dnsbl.ahbl.org 0
> 7/134 dnsbl.njabl.org 3
> 587/3842 spamtrap.trblspam.com 469
> 1609/18263 zen.spamhaus.org 5
with the idea of using that as a one-point DNSBL. :) I actually did
configure a per-recipient-domain restriction class which does a
reject_rbl_client for list.dnswl.org=127.0.15.0, but it's not used
for any domains which receive significant mail from outside.
(This idea, of using dnswl.org as a DNSBL, has been discussed on
SDLU.)
SWL is so good that it's useless. :) They're being very careful with
invitations such that the list is small, and as pure as the driven
snow, but here in postscreen, you might as well not use SWL. No host
on SWL has any significant DNSBL listing -- I bet if it did, it would
come off of SWL pretty quick.
I'm sure SWL has its use in content filtering, however.
Excellent post, Sahil, thanks.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Andrea gabellini - SC
May 11, 2012, 10:23:21 AM5/11/12
to
Hello,
with your suggestions I modified my config:
bl.mailspike.net*3
b.barracudacentral.org*2
combined.njabl.org=127.0.0.[2;4;9]*2
dnsbl.ahbl.org*2
bl.spameatingmonkey.net
bl.spamcop.net
spamtrap.trblspam.com
dnsbl.sorbs.net=127.0.0.[2;3;6;7;10]
ix.dnsbl.manitu.net
list.dnswl.org=127.0.[0..255].0*-1
list.dnswl.org=127.0.[0..255].1*-2
list.dnswl.org=127.0.[0..255].[2..3]*-3
iadb.isipp.com=127.0.[0..255].[0..255]*-2
iadb.isipp.com=127.3.100.[6..200]*-2
wl.mailspike.net=127.0.0.[17;18]*-1
wl.mailspike.net=127.0.0.[19;20]*-2
Thanks,
Andrea
0 new messages