Relay Blacklist Optimization

Robert Schuster

New Member
Feb 18, 2009
16
0
1
Where does your rbl setting come from? Is this the extract from /etc/pmg/pmg.conf or from the GUI?
I'm just wondering what the *2 means?
 

heutger

Active Member
Apr 25, 2018
691
183
43
Fulda, Hessen, Germany
www.heutger.net
Recent it was in main.cf.in directly, with last update it’s from GUI. *2 weights a list as double score, so I have two kinds of lists: Some with single score, some with double score. As my threshold is 2, it needs just one list double score (so this ones need to have absolutely no false positives) or two lists single score (as there are more than two this ones need to have really rare false positives).
 

Robert Schuster

New Member
Feb 18, 2009
16
0
1
Cool - I'll try that out with my "normal" pmg test installation.
Yesterday I've made a new setup with all your other modifications and let point some test domains to that system during the next days.

May I've found just one typo in your excellent howto:
In the "additional signatures for ClamAV" section should be a cd/tmp at the first line. Otherwise the "
cp /tmp/clamav-unofficial-sigs-master/systemd/* /etc/systemd/" will fail if you are not in /tmp from the last script anymore like I was.
 

heutger

Active Member
Apr 25, 2018
691
183
43
Fulda, Hessen, Germany
www.heutger.net
Cool - I'll try that out with my "normal" pmg test installation.
Yesterday I've made a new setup with all your other modifications and let point some test domains to that system during the next days.

May I've found just one typo in your excellent howto:
In the "additional signatures for ClamAV" section should be a cd/tmp at the first line. Otherwise the "
cp /tmp/clamav-unofficial-sigs-master/systemd/* /etc/systemd/" will fail if you are not in /tmp from the last script anymore like I was.
Good luck and if you have any suggestions, you’re welcome. Don’t forget, training bayes is a very important step to get the filter better.

Many thanks, as I did the steps sometimes in other order before by testing around, they may miss sth. like this.
 

Robert Schuster

New Member
Feb 18, 2009
16
0
1
Last xmas question:
Directly in main.cf.in? Where do I have to copy them in that form? (zen.spamhaus.org*2,bl.spamcop.net*2,psbl.surriel.com*2,spamrbl.imp.ch*2,noptr.spamrats.com*2,escalations.dnsbl.sorbs.net*2,bl.score.senderscore.com*2,bl.spameatingmonkey.net*2,rbl.realtimeblacklist.com*2,dnsbl.dronebl.org*2,ix.dnsbl.manitu.net,b.barracudacentral.org,db.wpbl.info,truncate.gbudb.net,bl.blocklist.de)

In my original pmg system I've just this
postscreen_dnsbl_sites = zen.spamhaus.org,bl.spamcop.net,psbl.surriel.com,spamrbl.imp.ch
postscreen_dnsbl_threshold = 2

in my main.cf (which represents the aded sites thru the GUI

Would be interesting where to put it in for both versions the original and the modified (your howto)

Of course is bayes training also an important step. But one after another, I don't like to do things which I don't fully understand. If I've the lists in place I'll switch some semi-productiv domains on that server and than I'll hopefully have enough mails for do a bayes training. Now with a fgew test mails this makes no sense...
 

heutger

Active Member
Apr 25, 2018
691
183
43
Fulda, Hessen, Germany
www.heutger.net
main.cf is the one, which will be overwritten each time, you change sth. in the GUI. main.cf.in you need to copy the templates first therefor to /etc/pmg/templates

Code:
mkdir -p /etc/pmg/templates
cp /var/lib/pmg/templates/* /etc/pmg/templates/.
Then you fill find the template code in main.cf.in

Code:
[% IF postfix.dnsbl_sites %]
postscreen_dnsbl_sites = [% postfix.dnsbl_sites %]
postscreen_dnsbl_threshold = [% postfix.dnsbl_threshold %]
[% END %]
Instead of the template code you can also paste the blacklists there hardcoded. However, I won’t see any sense to do that, use the GUI, where it’s available. I would prefer much more things in the GUI, somehow everything or most things, I did. I understand, that DCC has license issues to be integrated but maybe there could be a script provided to install it on GUI control, or could be integrated in subscriptions, same for some of the ClamAV sigs or use Avast official and provide it as an option with or without subscription, ... DKIM is asked for many times, however, I don’t see DKIM an option, ...

Merry Christmas ;-)
 

heutger

Active Member
Apr 25, 2018
691
183
43
Fulda, Hessen, Germany
www.heutger.net
I test a set of new lists after seeing some occurrence in multirbl.valli.org:

bl.0spam.org DNSBL | 0spam Spam Trap Primary Database
0spam.fusionzero.com DNSBL Mirror

nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
0spam-n.fusionzero.com Network DNSBL Mirror

url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
0spamurl.fusionzero.com URL Black List Mirror

Will see, how they work out.
 
  • Like
Reactions: killmasta93

killmasta93

Member
Aug 13, 2017
510
18
18
26
I test a set of new lists after seeing some occurrence in multirbl.valli.org:

bl.0spam.org DNSBL | 0spam Spam Trap Primary Database
0spam.fusionzero.com DNSBL Mirror

nbl.0spam.org Network Black List | Spam Source Networks, high volume of spam trap hits in a Class C block will result in network listings in this DNSBL.
0spam-n.fusionzero.com Network DNSBL Mirror

url.0spam.org URL Black List | This list contains the IP address of domains found to be in the source of spam emails found in our traps.
0spamurl.fusionzero.com URL Black List Mirror

Will see, how they work out.
So these lists lot of false positives?
 

heutger

Active Member
Apr 25, 2018
691
183
43
Fulda, Hessen, Germany
www.heutger.net
I consider a new test and would be happy for any input:

Recently someone encountered in another thread a problem with one of my "kick lists" (one of the lists with score 2) and decided to change all lists to be only "hit lists" (ones with score 1). I just checked my mail logs and recognized that the amount of DNSBL rank 2 hits are about 3% of total mails, so maybe it's an idea to test, if that prevents false positives against decreasing the no spam quota, as some of this hits are real "two lists" hits, meanwhile others are "one list" hits (I'm not such good with RegEx to check the real value).

How do you think about?
 

heutger

Active Member
Apr 25, 2018
691
183
43
Fulda, Hessen, Germany
www.heutger.net
It was bl.score.senderscore.com, but I already saw really rare FP with Spamcop or Spamhaus, but as it's not possible (efficient) to check all blacklists each day, maybe increasing potential spam by being more offensive on rejects is an idea to thought about.
 

heutger

Active Member
Apr 25, 2018
691
183
43
Fulda, Hessen, Germany
www.heutger.net
not sure what you mean *1 ?
Recently, I had some lists with *2 (so with a threshold of 2 they directly reached the threshold) and some without any weight, this one are rated similar to *1 and it need two of them to reach threshold. Now I changed them all to *1 (the ones in the advancing thread), so always 2 lists are required to reach threshold. So I'm a bit more conservative on kicking potential spam.
 
  • Like
Reactions: killmasta93

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!