Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Wed Jun 16, 2010 8:56 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
Hi all,
I configured postfix to use this two "spam filter"
zen.spamhaus.org
bl.spamcop.net

this two servers are well know to work well togheter and they are famous to report really few false positive.

recently I noticed that they are catching more false positive,
spamcop now blocks facebook for example.
do you know some better server to block spam with false positive near to zero?


Top
   
PostPosted: Wed Jun 16, 2010 9:16 pm 
Offline
Senior Member

Joined: Fri Dec 07, 2007 1:37 am
Posts: 385
Location: NC, USA
sblantipodi wrote:
this two servers are well know to work well togheter and they are famous to report really few false positive.

www.spamcop.net wrote:
The SCBL is aggressive and often errs on the side of blocking mail.

Spamcop is hardly famous for few false positives. zen.spamhaus.org is the only list I would recommend for low false positives.


Top
   
 Post subject:
PostPosted: Thu Jun 17, 2010 5:17 am 
Offline
Junior Member

Joined: Fri May 29, 2009 8:40 am
Posts: 37
If you want to lose legitimate emails at some point in time then you've done the right thing - adding an RBL to your mail server to immediately reject email.

Don't do this. You're relying on the owner/organisation of each RBL to be fairly cautious when blocking IPs. Maybe Facebook was a bit too spammy for spamcop and they legitimately blocked them for a reason - however you obviously don't consider Facebook to be an evil spammer (neither do I). However if your mail server is set to blindly trust those RBLs, you'll always get false positives.

Use a spam scanning filter which uses RBLs to filter email accordingly and remove them from Postfix. Try using amavisd-new with SpamAssassin enabled - by default it should come up with a list of RBLs it checks, you can always edit these if you want a different set with alternative scores if you trust a specific RBL more.

This way an email will get a higher spam score if the source of the message is from a blacklisted IP, but won't be immediately rejected. It gives SpamAssassin a chance to evaluate a message and see if the message is genuine spam if other RBLs say so, if all the other various rules make it look like spam - or if it's just a single RBL which is being overzealous in blocking certain IPs.

Don't use RBLs directly in your mail server unless you absolutely trust them.


Top
   
 Post subject:
PostPosted: Thu Jun 17, 2010 5:32 am 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
-Alex- wrote:
If you want to lose legitimate emails at some point in time then you've done the right thing - adding an RBL to your mail server to immediately reject email.

Don't do this. You're relying on the owner/organisation of each RBL to be fairly cautious when blocking IPs. Maybe Facebook was a bit too spammy for spamcop and they legitimately blocked them for a reason - however you obviously don't consider Facebook to be an evil spammer (neither do I). However if your mail server is set to blindly trust those RBLs, you'll always get false positives.

Use a spam scanning filter which uses RBLs to filter email accordingly and remove them from Postfix. Try using amavisd-new with SpamAssassin enabled - by default it should come up with a list of RBLs it checks, you can always edit these if you want a different set with alternative scores if you trust a specific RBL more.

This way an email will get a higher spam score if the source of the message is from a blacklisted IP, but won't be immediately rejected. It gives SpamAssassin a chance to evaluate a message and see if the message is genuine spam if other RBLs say so, if all the other various rules make it look like spam - or if it's just a single RBL which is being overzealous in blocking certain IPs.

Don't use RBLs directly in your mail server unless you absolutely trust them.


yes yes, you are right, I always used amavisd-new with spamassassin but I tryed adding an RBL to block some more positive so I'm asking for a trusty RBL :)


Top
   
 Post subject:
PostPosted: Thu Jun 17, 2010 11:36 am 
Offline
Senior Member
User avatar

Joined: Fri Oct 24, 2003 3:51 pm
Posts: 965
Location: Netherlands
sblantipodi wrote:
… so I'm asking for a trusty RBL …

If you must RBL directly, just use zen.spamhaus.org -- it's conservative enough to not cause too many problems.

_________________
/ Peter


Top
   
 Post subject:
PostPosted: Thu Jun 17, 2010 1:01 pm 
Offline
Senior Member

Joined: Fri Dec 07, 2007 1:37 am
Posts: 385
Location: NC, USA
Before you add any postfix restriction to try and reduce spam, I highly recommend that you test it for a few weeks/months with the "warn_if_reject" feature of postfix.
www.postfix.org wrote:
warn_if_reject
Change the meaning of the next restriction, so that it logs a warning instead of rejecting a request (look for logfile records that contain "reject_warning"). This is useful for testing new restrictions in a "live" environment without risking unnecessary loss of mail.

Then you can review your logs and decide for yourself if the proposed restriction is useful and/or harmful in your own judgement.


Top
   
 Post subject:
PostPosted: Thu Jun 17, 2010 1:18 pm 
Offline
Senior Member

Joined: Sat Mar 28, 2009 4:23 pm
Posts: 415
Website: http://jedsmith.org/
Location: Out of his depth and job-hopping without a clue about network security fundamentals
pclissold wrote:
sblantipodi wrote:
… so I'm asking for a trusty RBL …

If you must RBL directly, just use zen.spamhaus.org -- it's conservative enough to not cause too many problems.

I do this, and it works very well for my low-volume e-mail accounts. Checking for a lot of definitely-suspicious stuff before you ask Zen is a good thing, too. I think I stole this from a mailing list, and there's probably more and better ways to do some of this:

Code:
smtpd_recipient_restrictions = 
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_non_fqdn_recipient,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_rbl_client zen.spamhaus.org,
   reject_unauth_destination

_________________
Disclaimer: I am no longer employed by Linode; opinions are my own alone.


Top
   
 Post subject:
PostPosted: Thu Jun 17, 2010 1:28 pm 
Offline
Senior Member

Joined: Wed May 13, 2009 1:32 pm
Posts: 737
Location: Italy
thanks for all your replys.
I will follow your suggestion.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group