spamhaus dbl implementation
in [Postfix]
|
Prev: postfix as "dispatcher"
Next: outbound sender
From: Ralf Hildebrandt on 4 Mar 2010 02:55 * Stan Hoeppner <stan(a)hardwarefreak.com>: > What's the best way to integrate the Spamhaus DBL for folks not already > using SA et al? None. Quote: "The Spamhaus DBL is a realtime database of domains (typically web site domains) found in spam messages. Mail server software capable of scanning email message body contents for URIs can use the DBL to identify, classify or reject spam containing DBL-listed domains." Note the key words "email message body contents" Postfix cannot do that on it's own. You need something to examine the body of the mail (content_filter, milter, smtpd_proxy_filter) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Stan Hoeppner on 4 Mar 2010 06:05 Ralf Hildebrandt put forth on 3/4/2010 1:55 AM: > "The Spamhaus DBL is a realtime database of domains (typically web site > domains) found in spam messages. Mail server software capable of > scanning email message body contents for URIs can use the DBL to > identify, classify or reject spam containing DBL-listed domains." Two paragraphs later, on the same Spamhaus web page: "The DBL is both a domain URI Blocklist and RHSBL. It is intended primarily for message body URI checks but it can additionally be used for connection checks at the SMTP level and header domain checks (HELO, connecting IP rDNS domain, From & Reply-To domains, Message-ID domain) and other checks involving domains." So, can I use the following to reject connections whose A record is in the Spamhaus DBL? Does this also query for the domain in the PTR/FQrDNS record? smtpd_client_restrictions = ... reject_rhsbl_client dbl.spamhaus.org ... Thanks. -- Stan
From: Ralf Hildebrandt on 4 Mar 2010 07:09
* Stan Hoeppner <stan(a)hardwarefreak.com>: > Ralf Hildebrandt put forth on 3/4/2010 1:55 AM: > > > "The Spamhaus DBL is a realtime database of domains (typically web site > > domains) found in spam messages. Mail server software capable of > > scanning email message body contents for URIs can use the DBL to > > identify, classify or reject spam containing DBL-listed domains." > > Two paragraphs later, on the same Spamhaus web page: > > "The DBL is both a domain URI Blocklist and RHSBL. It is intended primarily > for message body URI checks but it can additionally be used for connection > checks at the SMTP level and header domain checks (HELO, connecting IP rDNS > domain, From & Reply-To domains, Message-ID domain) and other checks > involving domains." Oh wow :) > So, can I use the following to reject connections whose A record is in the > Spamhaus DBL? Does this also query for the domain in the PTR/FQrDNS record? > > smtpd_client_restrictions = > ... > reject_rhsbl_client dbl.spamhaus.org > ... reject_rhsbl_client dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org etc. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de |