Relay Blacklist Optimization

Discussion in 'Mail Gateway: Installation and configuration' started by heutger, Jun 17, 2018.

  1. Robert Schuster

    Robert Schuster New Member

    Joined:
    Feb 18, 2009
    Messages:
    16
    Likes Received:
    0
    Where does your rbl setting come from? Is this the extract from /etc/pmg/pmg.conf or from the GUI?
    I'm just wondering what the *2 means?
     
  2. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    370
    Likes Received:
    88
    Recent it was in main.cf.in directly, with last update it’s from GUI. *2 weights a list as double score, so I have two kinds of lists: Some with single score, some with double score. As my threshold is 2, it needs just one list double score (so this ones need to have absolutely no false positives) or two lists single score (as there are more than two this ones need to have really rare false positives).
     
  3. Robert Schuster

    Robert Schuster New Member

    Joined:
    Feb 18, 2009
    Messages:
    16
    Likes Received:
    0
    Cool - I'll try that out with my "normal" pmg test installation.
    Yesterday I've made a new setup with all your other modifications and let point some test domains to that system during the next days.

    May I've found just one typo in your excellent howto:
    In the "additional signatures for ClamAV" section should be a cd/tmp at the first line. Otherwise the "
    cp /tmp/clamav-unofficial-sigs-master/systemd/* /etc/systemd/" will fail if you are not in /tmp from the last script anymore like I was.
     
  4. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    370
    Likes Received:
    88
    Good luck and if you have any suggestions, you’re welcome. Don’t forget, training bayes is a very important step to get the filter better.

    Many thanks, as I did the steps sometimes in other order before by testing around, they may miss sth. like this.
     
  5. Robert Schuster

    Robert Schuster New Member

    Joined:
    Feb 18, 2009
    Messages:
    16
    Likes Received:
    0
    Last xmas question:
    Directly in main.cf.in? Where do I have to copy them in that form? (zen.spamhaus.org*2,bl.spamcop.net*2,psbl.surriel.com*2,spamrbl.imp.ch*2,noptr.spamrats.com*2,escalations.dnsbl.sorbs.net*2,bl.score.senderscore.com*2,bl.spameatingmonkey.net*2,rbl.realtimeblacklist.com*2,dnsbl.dronebl.org*2,ix.dnsbl.manitu.net,b.barracudacentral.org,db.wpbl.info,truncate.gbudb.net,bl.blocklist.de)

    In my original pmg system I've just this
    postscreen_dnsbl_sites = zen.spamhaus.org,bl.spamcop.net,psbl.surriel.com,spamrbl.imp.ch
    postscreen_dnsbl_threshold = 2

    in my main.cf (which represents the aded sites thru the GUI

    Would be interesting where to put it in for both versions the original and the modified (your howto)

    Of course is bayes training also an important step. But one after another, I don't like to do things which I don't fully understand. If I've the lists in place I'll switch some semi-productiv domains on that server and than I'll hopefully have enough mails for do a bayes training. Now with a fgew test mails this makes no sense...
     
  6. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    370
    Likes Received:
    88
    main.cf is the one, which will be overwritten each time, you change sth. in the GUI. main.cf.in you need to copy the templates first therefor to /etc/pmg/templates

    Code:
    mkdir -p /etc/pmg/templates
    cp /var/lib/pmg/templates/* /etc/pmg/templates/.
    Then you fill find the template code in main.cf.in

    Code:
    [% IF postfix.dnsbl_sites %]
    postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
    postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
    [% END %]
    Instead of the template code you can also paste the blacklists there hardcoded. However, I won’t see any sense to do that, use the GUI, where it’s available. I would prefer much more things in the GUI, somehow everything or most things, I did. I understand, that DCC has license issues to be integrated but maybe there could be a script provided to install it on GUI control, or could be integrated in subscriptions, same for some of the ClamAV sigs or use Avast official and provide it as an option with or without subscription, ... DKIM is asked for many times, however, I don’t see DKIM an option, ...

    Merry Christmas ;-)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice