cut off by spamhaus free use?

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Tue Dec 4 22:05:10 GMT 2007 

Matt Hayes a écrit :
> Denis Beauchemin wrote:
>   
>> Scott Silva a écrit :
>>     
>>> on 12/3/2007 11:35 AM Denis Beauchemin spake the following:
>>>       
>>>> Jeff A. Earickson a écrit :
>>>>         
>>>>> On Mon, 3 Dec 2007, Jeff Mills wrote:
>>>>>
>>>>>           
>>>>>> Yes!
>>>>>> One of the things I have done in my servers is move the spamhaus
>>>>>> list to
>>>>>> the bottom of my list of RBL's.
>>>>>> That way, spamhaus is only queried when none of the others match. I
>>>>>> find
>>>>>> that spamcop gets more than the others.
>>>>>>             
>>>> I did the same and so far it is still working:
>>>> cbl.abuseat.org
>>>> dul.dnsbl.sorbs.net
>>>> web.dnsbl.sorbs.net
>>>> relays.dnsbl.sorbs.net
>>>> rhsbl.dnsbl.sorbs.net
>>>> bl.spamcop.net
>>>> list.dsbl.org
>>>> zen.spamhaus.org
>>>>         
>>> I would move cbl right above zen, as they also have a usage limit.
>>>       
>> I didn't see any on their web site...
>>     
>>>> So far today, they blocked:
>>>>           bl.spamcop.net :  13188 (  5 %)
>>>>          cbl.abuseat.org : 131946 ( 57 %)
>>>>      dul.dnsbl.sorbs.net :  57306 ( 25 %)
>>>>            list.dsbl.org :   1320 (  0 %)
>>>>   relays.dnsbl.sorbs.net :     42 (  0 %)
>>>>      web.dnsbl.sorbs.net :   1225 (  0 %)
>>>>         zen.spamhaus.org :  24122 ( 10 %)
>>>>         
>>> What do you run to get this info? Or was it hand compiled? I have been
>>> looking for something I could get some good stats with. 
>>>       
>> I run the attached Bash/Perl script.  It parses my maillog looking for
>> sendmail rejection messages.
>>
>> Denis
>>
>>     
>
>
> Nice script.. too bad it doesn't seem to work with postfix :(
>
> -Matt
>   

Matt,

It really is just a matter of parsing the maillog.

For my script to work, it must be paired with config lines like this one 
in sendmail.mc:
FEATURE(`dnsbl',`dul.dnsbl.sorbs.net',`"554 Rejected " $&{client_addr} " 
found in dul.dnsbl.sorbs.net"')dnl

This gives me log lines like this one:
Dec  4 00:13:47 132.210.244.13 sendmail[15936]: ruleset=check_relay, 
arg1=68-185-139-62.dhcp.jcsn.tn.charter.com, arg2=127.0.0.10, 
relay=68-185-139-62.dhcp.jcsn.tn.charter.com [68.185.139.62], reject=554 
5.7.1 Rejected 68.185.139.62 found in dul.dnsbl.sorbs.net


If you can provide me with sample RBL blocks in Postfix, I'm sure I 
could make it work for you in no time.  Same for Exim if I get log entries.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045

More information about the MailScanner mailing list