Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RBL for e-mail addresses POSTFIX

289 views
Skip to first unread message

KIKI

unread,
Sep 26, 2020, 5:19:21 PM9/26/20
to
On 26.09.2020 22:33, William Unruh wrote:
> You might want to make the Subject have something to do with the
> content. Why should anyone read this message since the Subject line is so
> silly.

You are right...

> An global RBL list can be somewhat dangerous since you never have any
idea of
> why name/addresses/etc are on the list. Some malicious actor could
> decide that you belong there and submit/enter your name into the list.
> FAr better for you to have your own where you know why you entered the
> location.

My own is not enough. There are plenty of covid scams and spams and our
local community would solve this problem quickly. There are plenty of
spammers who use several gmail, yahoo and local free mailboxes to
snowshoe traffic because they are affraid of being listed quickly.

There is such list in Poland, for emails which spam Polish users. It is
on https://polspam.pl RBL website.

bl-emails.rbl.polspam.pl

You can try it:

nslookup em...@address.tld.bl-emails.rbl.polspam.pl

The problem is that this mechanism is only available for EXIM. If you
want to read more go to the polspam.pl and select polish language from
the hamburger menu, next select exim and put it in the google
translator. No English version yet since it is still experimental as
they say.

KIKI

unread,
Sep 26, 2020, 5:33:18 PM9/26/20
to
It should be something like ordinary rejecting spammers:

...
reject_rhsbl_sender rhsbl.rbl.polspam.pl,
reject_rhsbl_reverse_client rhsbl.rbl.polspam.pl,
reject_rhsbl_client rhsbl.rbl.polspam.pl,
reject_rbl_client bl.rbl.polspam.pl,
reject_rbl_client bl-h5.rbl.polspam.pl,
...
there should be also:
...
reject_email_sender bl-emails.rbl.polspam.pl,
reject_email_client bl-emails.rbl.polspam.pl,
...
and so on... to test all fields where potential e-mail could exist.

It would be extremely powerful. One gets e-mail from Nigerian uncle with
$23 millions and immediately all other RBL users are protected. You get
covid masks spam so you report it and all other users will never get
this shit.


William Unruh

unread,
Sep 26, 2020, 5:52:39 PM9/26/20
to
On 2020-09-26, KIKI <hf...@ueur.dl> wrote:
> On 26.09.2020 22:33, William Unruh wrote:
>> You might want to make the Subject have something to do with the
>> content. Why should anyone read this message since the Subject line is so
>> silly.
>
> You are right...
>
>> An global RBL list can be somewhat dangerous since you never have any
> idea of
>> why name/addresses/etc are on the list. Some malicious actor could
>> decide that you belong there and submit/enter your name into the list.
>> FAr better for you to have your own where you know why you entered the
>> location.
>
> My own is not enough. There are plenty of covid scams and spams and our
> local community would solve this problem quickly. There are plenty of
> spammers who use several gmail, yahoo and local free mailboxes to
> snowshoe traffic because they are affraid of being listed quickly.

Sure. And when the hackers get into your RBL list and start to blackball
people you actually want to hear from (whether political party or your
bank) what do you do then? Unfortunately your model of the world (good
guys who make the list of bad people, and bad people who do not know
anything about computers and would never alter your RBL) is not one of
the world we actually live in.

KIKI

unread,
Sep 26, 2020, 6:55:16 PM9/26/20
to
On 26.09.2020 23:52, William Unruh wrote:

> Sure. And when the hackers get into your RBL list and start to blackball
> people you actually want to hear from (whether political party or your
> bank) what do you do then? Unfortunately your model of the world (good
> guys who make the list of bad people, and bad people who do not know
> anything about computers and would never alter your RBL) is not one of
> the world we actually live in.

I don't know how is such list maintained, I don't have idea but I use 3
US RBLs and one local polspam. This bundle works very well. 95% or more
spam is filtered, almost no false positives. I have a small whitelist
and that's all.

Let's don't talk about politics. BL lists work and I don't care who runs
them and for what reason. We should be happy they exist. The same
situation is with ad blockers. I don't care who is behind. They simply work.

Do you have idea how to do it in Postfix?
Is it possible to suggest such functionality to the Postfix team?

Bit Twister

unread,
Sep 26, 2020, 7:46:07 PM9/26/20
to
On Sun, 27 Sep 2020 00:55:14 +0200, KIKI wrote:

>
> Do you have idea how to do it in Postfix?

Not me but I would try putting
postfix rbl configuration
in the first box at
https://www.google.com/advanced_search
which gets me
About 40,400 results (0.41 seconds)

Scrolled down the page, picked
How-To: Fight SPAM with Postfix RBL - Debuntu

and at a glance looked like it might be what you want.

KIKI

unread,
Sep 26, 2020, 8:14:51 PM9/26/20
to
On 27.09.2020 01:46, Bit Twister wrote:

> and at a glance looked like it might be what you want.

Thank you for your answer but this part is well known. It describes
usual RBL usage. My problem is slightly different. I would like to use
e-mail address not the domain as an argument to the RBL check.

Filtering by domains in any combination is well done in Postfix. We are
lacking RBL check for e-full e-maills like "y...@yourdomain.com" or
"spa...@gmail.com".
RBL can't blacklist the whole gmail and if there are spammers with gmail
accounts they can't blacklist them.

Can you imagine a company with already blacklisted primary domains? Such
company can create some free accounts just only for spamming because
it's primary domains are rejected. This company may also hide behind
gmail in order to save it's primary domains. The later is not the case
because when found who is behind the spam the primary domains will also
be blacklisted so it is not a good choice for a spammer.

The worst case scenario is gmail/yahoo/freemail only. If you don't have
gmail account you can't fill the complain ticket because there is no
such thing in google.

In such case you could report spam to your local/country RBL and this
e-mail would be blacklisted.



William Unruh

unread,
Sep 26, 2020, 9:01:49 PM9/26/20
to
Rewrite postfix to include this.

What you are advocating is to alter the way that RBL works, and then
persuading someone else to host such a list and to administer it and
then also take the flak when some gets wrongly included because some bad
actors decided to get them blacklisted. None of that works right now.
You could use procmail or spamassassin to impliment all of this on your
own machine trivially, but you would rather someone else do it for you.
Am I getting your position correctly?
>
>
>

Gary R. Schmidt

unread,
Sep 26, 2020, 11:54:05 PM9/26/20
to
"man postscreen" - it does this out of the box.

Although if you aren't building postfix from source it may not be there.

Cheers,
Gary B-)

--
Waiting for a new signature to suggest itself...

KIKI

unread,
Sep 27, 2020, 12:46:49 AM9/27/20
to
On 27.09.2020 05:49, Gary R. Schmidt wrote:

> "man postscreen" - it does this out of the box.
>
> Although if you aren't building postfix from source it may not be there.


I can't find any statement about dnsbl, rbl o whatever else containing
e-mail addresses instead of domains.

It should be in the form of e-mail_address dot dnsbl.list.domain.tld

KIKI

unread,
Oct 14, 2020, 9:31:35 AM10/14/20
to
On 14.10.2020 09:51, Johann Beretta wrote:
> On 9/26/20 3:55 PM, KIKI wrote:
>
>> Let's don't talk about politics. BL lists work and I don't care who runs
>> them and for what reason. We should be happy they exist. The same
>> situation is with ad blockers. I don't care who is behind. They simply work.
>
> Reveling in your ignorance isn't noble, it's sad. You would not last
> long in the I.T. world.

I am not I.T. world - I am "self MTA" and please let me decide the way
of fighting with spam.

> Decent lists require multiple confirmations before the IP address is
> blacklisted. Blocking email is serious. You don't want to fuck up and
> block legit senders.

It depends of the way the list works. For me it is enough when I get one
unsolicited email. Listing in RBL is only an information that someone
got a spam like this. Nothing more.

> Decent lists also expire entries when no spam is detected coming from
> those IP addresses for some predetermined amount of time.

You can use such lists as you feel are good for you. This is not
obligatory.

> IP addresses sometimes change hands... You don't want to blacklist
> blocks forever.. You just want to block them while they are sending
> spam. Nothing worse than getting a new IP block from your ISP and
> finding out every goddamn one of them is on a blacklist.

Before you get a new IP you should check the reputation of the ISP. For
example we have very big problems with Aruba s.p.a. Poland is spammed by
Polish citizens from abroad from hundred thousands of IPs, snowshoe,
every time from a random, different IP classes so all Aruba's IP ranges
and AS are listed. MTA administrator like me can decide which lists are
suitable for him. There is no obligation of using them, but the truth is
that all penis enlargement and other fake shit are gone. Immediate silence.
I don't have senders from Aruba so I don't care. When I find a problem
with one or two domains I will whitelist them, period. The rest can
bounce away.

KIKI

unread,
Oct 14, 2020, 9:39:18 AM10/14/20
to
On 14.10.2020 09:54, Johann Beretta wrote:

> Have at it. It's going to be a giant waste of time, but there's no law
> against that.

Maybe a waste of time, maybe not. At least it would be more flexible MTA
and some people may find it useful :-) Like me :-)

In the meantime you can test it:

put email before it with trailing dot

....bl-emails.rbl.polspam.pl

Use dig, nslookup whatever... Exim can handle it, why not Postfix?

KIKI

unread,
Nov 28, 2020, 9:20:37 PM11/28/20
to
On 28.11.2020 21:48, Johann Beretta wrote:

> Email addresses in spam are ALWAYS forged. ALWAYS ALWAYS ALWAYS ALWAYS.
>
> That fucking clear enough? No spammer uses a legit email address to


Unfortunately spammers use gmail these days. I receive many spam emails
from legit domains and ban for the whole domain is not an option. This
is not fucking clear :-)

> send spam.. So adding these fucking email addresses to a black list
> accomplishes nothing other than blocking legit emails if the sender
> happens to forge a legit domain.

I don't want to ban fucking domains but only particular fucking email
addresses composed of us...@domain.tld. The domain itself will not be
affected.

The mechanism is ready, RBL is working but I don't have such option in
Postfix. This is the problem.

> Hell, I've seen spam come from blah...@whitehouse.gov. You think
> blocking whitehouse.gov to your retarded list is going to stop spam?
> The spammers rotate through FROM addresses for LEGIT domains
> specifically to get through stupid-ass filters like yours.

I also check legitimacy of emails and I am sure when it comes from the
real Gmail.

KIKI

unread,
Nov 28, 2020, 9:30:43 PM11/28/20
to
On 28.11.2020 21:50, Johann Beretta wrote:

> No.. My goal will be to prevent others from using your system because it
> is NOT useful.

This is public RBL, you can't block anything :-) This is local
initiative for this part of Europe, particular this one.
I am a user who can't use it because I use Postfix and I feel the most
comfortable with.

> You're like the moron who takes an antibiotic to fight a viral infection
> because you "think it will work". Think all you want.. Antibiotics
> don't fight viruses and your system won't block spam.. Doesn't matter
> how much you want it to, it will not work.

You are in the US right?
Isn't it the highest death toll in your country because people don't
believe in this virus? :-)

0 new messages