Relay Blacklist Optimization

Discussion in 'Mail Gateway: Installation and configuration' started by heutger, Jun 17, 2018.

  1. Robert Schuster

    Robert Schuster New Member

    Joined:
    Feb 18, 2009
    Messages:
    16
    Likes Received:
    0
    Where does your rbl setting come from? Is this the extract from /etc/pmg/pmg.conf or from the GUI?
    I'm just wondering what the *2 means?
     
  2. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    462
    Likes Received:
    107
    Recent it was in main.cf.in directly, with last update it’s from GUI. *2 weights a list as double score, so I have two kinds of lists: Some with single score, some with double score. As my threshold is 2, it needs just one list double score (so this ones need to have absolutely no false positives) or two lists single score (as there are more than two this ones need to have really rare false positives).
     
  3. Robert Schuster

    Robert Schuster New Member

    Joined:
    Feb 18, 2009
    Messages:
    16
    Likes Received:
    0
    Cool - I'll try that out with my "normal" pmg test installation.
    Yesterday I've made a new setup with all your other modifications and let point some test domains to that system during the next days.

    May I've found just one typo in your excellent howto:
    In the "additional signatures for ClamAV" section should be a cd/tmp at the first line. Otherwise the "
    cp /tmp/clamav-unofficial-sigs-master/systemd/* /etc/systemd/" will fail if you are not in /tmp from the last script anymore like I was.
     
  4. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    462
    Likes Received:
    107
    Good luck and if you have any suggestions, you’re welcome. Don’t forget, training bayes is a very important step to get the filter better.

    Many thanks, as I did the steps sometimes in other order before by testing around, they may miss sth. like this.
     
  5. Robert Schuster

    Robert Schuster New Member

    Joined:
    Feb 18, 2009
    Messages:
    16
    Likes Received:
    0
    Last xmas question:
    Directly in main.cf.in? Where do I have to copy them in that form? (zen.spamhaus.org*2,bl.spamcop.net*2,psbl.surriel.com*2,spamrbl.imp.ch*2,noptr.spamrats.com*2,escalations.dnsbl.sorbs.net*2,bl.score.senderscore.com*2,bl.spameatingmonkey.net*2,rbl.realtimeblacklist.com*2,dnsbl.dronebl.org*2,ix.dnsbl.manitu.net,b.barracudacentral.org,db.wpbl.info,truncate.gbudb.net,bl.blocklist.de)

    In my original pmg system I've just this
    postscreen_dnsbl_sites = zen.spamhaus.org,bl.spamcop.net,psbl.surriel.com,spamrbl.imp.ch
    postscreen_dnsbl_threshold = 2

    in my main.cf (which represents the aded sites thru the GUI

    Would be interesting where to put it in for both versions the original and the modified (your howto)

    Of course is bayes training also an important step. But one after another, I don't like to do things which I don't fully understand. If I've the lists in place I'll switch some semi-productiv domains on that server and than I'll hopefully have enough mails for do a bayes training. Now with a fgew test mails this makes no sense...
     
  6. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    462
    Likes Received:
    107
    main.cf is the one, which will be overwritten each time, you change sth. in the GUI. main.cf.in you need to copy the templates first therefor to /etc/pmg/templates

    Code:
    mkdir -p /etc/pmg/templates
    cp /var/lib/pmg/templates/* /etc/pmg/templates/.
    Then you fill find the template code in main.cf.in

    Code:
    [% IF postfix.dnsbl_sites %]
    postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
    postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
    [% END %]
    Instead of the template code you can also paste the blacklists there hardcoded. However, I won’t see any sense to do that, use the GUI, where it’s available. I would prefer much more things in the GUI, somehow everything or most things, I did. I understand, that DCC has license issues to be integrated but maybe there could be a script provided to install it on GUI control, or could be integrated in subscriptions, same for some of the ClamAV sigs or use Avast official and provide it as an option with or without subscription, ... DKIM is asked for many times, however, I don’t see DKIM an option, ...

    Merry Christmas ;-)
     
  7. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    462
    Likes Received:
    107
    I test a set of new lists after seeing some occurrence in multirbl.valli.org:

    bl.0spam.org DNSBL | 0spam Spam Trap Primary Database
    0spam.fusionzero.com DNSBL Mirror

    nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
    0spam-n.fusionzero.com Network DNSBL Mirror

    url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
    0spamurl.fusionzero.com URL Black List Mirror

    Will see, how they work out.
     
    killmasta93 likes this.
  8. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    462
    Likes Received:
    107
    Hmm, my set seems to be still perfect. I continue testing with the url filters, but both ip lists (either hosts or networks) had too much false-positives, I removed them from my testing environment again.
     
    killmasta93 likes this.
  9. killmasta93

    killmasta93 Member

    Joined:
    Aug 13, 2017
    Messages:
    348
    Likes Received:
    10
    So these lists lot of false positives?
     
  10. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    462
    Likes Received:
    107
    Right, e.g. eBay Canada.
     
    killmasta93 likes this.
  11. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    462
    Likes Received:
    107
    Tested two new lists but no success, removed them again:

    dnsbl.rv-soft.info
    st.technovision.dk
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice