RBL

[Gokan Atmaca <li...@gmail.com>]

Hello

I'm using Postfix and Dovecot. I use Spamassassin as an antispam
service. I don't know how to do RBL checks.
How do I control RBL? (I don't want to do it with Postfix, because I
don't want to do two different whitelists.)

Thanks.

Re: RBL

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

>On 10/11/2018 01:35 AM, Matus UHLAR - fantomas wrote:
>>I for example run spamass-milter with -r 10 (rejects score over 10) 
>>at one machine, and amavisd-milter with "spam_kill_level_maps    => 
>>10", along with postscreen.
>>
>>This way mail gets refused when listed in DNSBLs, while not when 
>>DNSWL (but still when DNSBL score is higher than DNSWL) and also 
>>when SA detects it's score is over 10.

On 11.10.18 09:03, Grant Taylor wrote:
>But that's doing the RBL checks in SpamAssassin, not directly in the 
>MTA. 

postscreen does the hecks as part of the MTA. both DNS and manual whitelists
are applicable.

>>...clients from internal networks run SA as content_filter 
>>(post-queue) so they don't complain sending mail (SA scanning at MTA 
>>level) taked too long.

>That's why I tended to have different email hygiene configurations on 
>the MSA and MTA(s).  Ideally the client submits to the MSA with 
>minimal checks, after all we know who the message originated from 
>based on authentication.  The MSA will then smart host the message 
>through the MTA, which does more hygiene checking.

MSAs should run on ports 465 and 587, which are easy to configure
differently.

different configuration of port 25 (many clients use because of backward
compatibility) can be achieved by listening on different interface, e.g.  by
redirecting internet traffic to different IP or port (on gateway or in the
local firewall)

>I originally migrated to this configuration when I had clients on dial 
>up connections run into timeouts whens   s l o w l y   sending 
>attachments.  So they can take as long as they need to (or not) to 
>send to the MSA, which can then quickly send to the MTA with 
>filtering.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

Re: RBL

[Grant Taylor <gt...@tnetconsulting.net>]

On 10/11/2018 01:35 AM, Matus UHLAR - fantomas wrote:
> note that spamassassin can run at MTA level, refusing mail when it's 
> found to be sure spam and tagging when it's not.

Yes.

That's how and why I recommend that people run SpamAssassin if they have 
the choice to do so.

> I for example run spamass-milter with -r 10 (rejects score over 10) at 
> one machine, and amavisd-milter with "spam_kill_level_maps    => 10", 
> along with postscreen.
> 
> This way mail gets refused when listed in DNSBLs, while not when DNSWL 
> (but still when DNSBL score is higher than DNSWL) and also when SA 
> detects it's score is over 10.

Agreed on all accounts.

But that's doing the RBL checks in SpamAssassin, not directly in the 
MTA.  Read:  It's not the MTA making the choice based on the RBL data. 
Rather it's the MTA making a choice based on the data from SpamAssassin, 
which is partially making a choice based on RBL data.

> ...clients from internal networks run SA as content_filter (post-queue) 
> so they don't complain sending mail (SA scanning at MTA level) taked 
> too long.

That's why I tended to have different email hygiene configurations on 
the MSA and MTA(s).  Ideally the client submits to the MSA with minimal 
checks, after all we know who the message originated from based on 
authentication.  The MSA will then smart host the message through the 
MTA, which does more hygiene checking.

I originally migrated to this configuration when I had clients on dial 
up connections run into timeouts whens   s l o w l y   sending 
attachments.  So they can take as long as they need to (or not) to send 
to the MSA, which can then quickly send to the MTA with filtering.



-- 
Grant. . . .
unix || die

Re: RBL

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

>On 10/10/2018 01:56 PM, Tom Hendrikx wrote:
>>However, in general it's better to use DNSBLs at the MTA level, 
>>which uses a lot less resources than implementing them in 
>>Spamassassin. So try and set them up in postfix first.

On 10.10.18 14:09, Grant Taylor wrote:
>I conceptually agree.
>
>However, I prefer to do some RBL testing in SpamAssassin because I can 
>easily check multiple RBLs and tag messages as spam, or reject, based 
>on spam score.  Conversely, most MTA's implement RBLs as a binary pass 
>/ fail situation.  Thus SpamAssassin gives more flexibility and 
>provides a configurable gray area that MTA's can't do themselves.

note that spamassassin can run at MTA level, refusing mail when it's found
to be sure spam and tagging when it's not.

I for example run spamass-milter with -r 10 (rejects score over 10) at one
machine, and amavisd-milter with "spam_kill_level_maps    => 10", along with
postscreen. 

This way mail gets refused when listed in DNSBLs, while not when DNSWL (but
still when DNSBL score is higher than DNSWL) and also when SA detects it's
score is over 10.

...clients from internal networks run SA as content_filter (post-queue) so
they don't complain sending mail (SA scanning at MTA level) taked too long.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !

Re: RBL

[David Jones <dj...@ena.com>]

On 10/10/18 3:12 PM, Kevin Miller wrote:
> I may be wrong, as I haven't implemented it yet, but postscreen may give you that same functionality at the MTA level.
> 
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
> 
> -----Original Message-----
> From: Grant Taylor [mailto:gtaylor@tnetconsulting.net]
> Sent: Wednesday, October 10, 2018 12:09 PM
> To: users@spamassassin.apache.org
> Subject: Re: RBL
> 
> On 10/10/2018 01:56 PM, Tom Hendrikx wrote:
>> However, in general it's better to use DNSBLs at the MTA level, which
>> uses a lot less resources than implementing them in Spamassassin. So
>> try and set them up in postfix first.
> 
> I conceptually agree.
> 
> However, I prefer to do some RBL testing in SpamAssassin because I can
> easily check multiple RBLs and tag messages as spam, or reject, based on
> spam score.  Conversely, most MTA's implement RBLs as a binary pass /
> fail situation.  Thus SpamAssassin gives more flexibility and provides a
> configurable gray area that MTA's can't do themselves.
> 
> 
> 

Yes.  Search the SA archive lists for postscreen.  There was a thread a 
couple of years ago where we listed a good weighted list to allow 
combining the power of multiple RBLs for better results.

I also mentioned implementing postwhite at the same time to bypass 
postscreen for some senders so you can increase the sensitivity of your 
postscreen_dnsbl_sites safely.

https://github.com/stevejenkins/postwhite

-- 
David Jones

RE: RBL

[Kevin Miller <ke...@juneau.org>]

I may be wrong, as I haven't implemented it yet, but postscreen may give you that same functionality at the MTA level.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

-----Original Message-----
From: Grant Taylor [mailto:gtaylor@tnetconsulting.net] 
Sent: Wednesday, October 10, 2018 12:09 PM
To: users@spamassassin.apache.org
Subject: Re: RBL

On 10/10/2018 01:56 PM, Tom Hendrikx wrote:
> However, in general it's better to use DNSBLs at the MTA level, which 
> uses a lot less resources than implementing them in Spamassassin. So 
> try and set them up in postfix first.

I conceptually agree.

However, I prefer to do some RBL testing in SpamAssassin because I can 
easily check multiple RBLs and tag messages as spam, or reject, based on 
spam score.  Conversely, most MTA's implement RBLs as a binary pass / 
fail situation.  Thus SpamAssassin gives more flexibility and provides a 
configurable gray area that MTA's can't do themselves.



-- 
Grant. . . .
unix || die

Re: RBL

[Grant Taylor <gt...@tnetconsulting.net>]

On 10/10/2018 01:56 PM, Tom Hendrikx wrote:
> However, in general it's better to use DNSBLs at the MTA level, which 
> uses a lot less resources than implementing them in Spamassassin. So 
> try and set them up in postfix first.

I conceptually agree.

However, I prefer to do some RBL testing in SpamAssassin because I can 
easily check multiple RBLs and tag messages as spam, or reject, based on 
spam score.  Conversely, most MTA's implement RBLs as a binary pass / 
fail situation.  Thus SpamAssassin gives more flexibility and provides a 
configurable gray area that MTA's can't do themselves.



-- 
Grant. . . .
unix || die

Re: RBL

[Tom Hendrikx <to...@whyscream.net>]

On 10-10-18 21:51, Tom Hendrikx wrote:
> On 10-10-18 21:05, Gokan Atmaca wrote:
>> Hello
>>
>> I'm using Postfix and Dovecot. I use Spamassassin as an antispam
>> service. I don't know how to do RBL checks.
>> How do I control RBL? (I don't want to do it with Postfix, because I
>> don't want to do two different whitelists.)
>>
>> Thanks.
>>
> 
> Hi,
> 
> See: http://lmgtfy.com/?q=postfix+rbl
> 
> Please ask further questions on the Postfix mailinglist, as you have a
> postfix question, and this is the spamassassin list.
> 

Excuse me, that was read and replied too quick. You can find more
information about using DNSBLs in spamassasin at:
https://wiki.apache.org/spamassassin/DnsBlocklists.

However, in general it's better to use DNSBLs at the MTA level, which
uses a lot less resources than implementing them in Spamassassin. So try
and set them up in postfix first.


Kind regards,
	Tom

Re: RBL

[Tom Hendrikx <to...@whyscream.net>]

On 10-10-18 21:05, Gokan Atmaca wrote:
> Hello
> 
> I'm using Postfix and Dovecot. I use Spamassassin as an antispam
> service. I don't know how to do RBL checks.
> How do I control RBL? (I don't want to do it with Postfix, because I
> don't want to do two different whitelists.)
> 
> Thanks.
> 

Hi,

See: http://lmgtfy.com/?q=postfix+rbl

Please ask further questions on the Postfix mailinglist, as you have a
postfix question, and this is the spamassassin list.

Kind regards,

	Tom

Re: RBL

[John Hardin <jh...@impsec.org>]

On Wed, 10 Oct 2018, Gokan Atmaca wrote:

> Hello
>
> I'm using Postfix and Dovecot. I use Spamassassin as an antispam
> service. I don't know how to do RBL checks.
> How do I control RBL? (I don't want to do it with Postfix, because I
> don't want to do two different whitelists.)

Search the mailing list archives for Postfix and RBL, there have been 
discussions and good suggestions for weighted multi-RBL checks before.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Therapeutic Phrenologist - send email for affordable rate schedule.
-----------------------------------------------------------------------
  559 days since the first commercial re-flight of an orbital booster (SpaceX)