RBLs

Julian Field MailScanner at ecs.soton.ac.uk
Thu Sep 13 21:59:11 IST 2007 


Scott Silva wrote:
> Mikael Syska spake the following on 9/13/2007 1:17 PM:
>> Hi,
>>
>> Just wondering ... is this a busy system or private home server ? 
>> What are the mail flow ?
>>
>> // ouT
>>
>> Scott Silva wrote:
>>> Gareth spake the following on 9/12/2007 6:33 AM:
>>>> Has anyone configured spamassassin to use additional RBLs other than
>>>> what comes in the default configuration?
>>>>
>>>> I use Spamhaus and Spamcop in postfix but there are lots of 
>>>> alternatives
>>>> available and the best way to test them would be to configure them in
>>>> spamassassin and use the mailwatch report to see the % of ham and spam
>>>> it matches.
>>>>
>>> I have a few.
>>>
>>> ---snip----
>>>
>>>
>>> header   RCVD_IN_PSBL          eval:check_rbl('psbl', 
>>> 'psbl.surriel.com.')
>>> describe RCVD_IN_PSBL          Received via a relay in PSBL
>>> tflags   RCVD_IN_PSBL          net
>>> score    RCVD_IN_PSBL          0 1.50 0 1.50
>>>
>>> header   RCVD_IN_UCE_PFSM_1          eval:check_rbl('UCE_PFSM_1', 
>>> 'dnsbl-1.uceprotect.net')
>>> describe RCVD_IN_UCE_PFSM_1          Received via a relay in UCE_PFSM_1
>>> tflags   RCVD_IN_UCE_PFSM_1          net
>>> score    RCVD_IN_UCE_PFSM_1          0 1.50 0 1.50
>>>
>>> header   RCVD_IN_UCE_PFSM_2          eval:check_rbl('UCE_PFSM_2', 
>>> 'dnsbl-2.uceprotect.net')
>>> describe RCVD_IN_UCE_PFSM_2          Received via a relay in UCE_PFSM_2
>>> tflags   RCVD_IN_UCE_PFSM_2          net
>>> score    RCVD_IN_UCE_PFSM_2          0 1.50 0 1.50
>>>
>>> header   RCVD_IN_UCE_PFSM_3          eval:check_rbl('UCE_PFSM_3', 
>>> 'dnsbl-3.uceprotect.net')
>>> describe RCVD_IN_UCE_PFSM_3          Received via a relay in UCE_PFSM_3
>>> tflags   RCVD_IN_UCE_PFSM_3          net
>>> score    RCVD_IN_UCE_PFSM_3          0 1.50 0 1.50
>>>
>>>
>>> header   DNS_FROM_MPBULK_RHSBL    eval:check_rbl_from_host('mprhs', 
>>> 'bulk.rhs.mailpolice.com.')
>>> describe DNS_FROM_MPBULK_RHSBL    From: sender listed in 
>>> bulk.rhs.mailpolice.com
>>> tflags   DNS_FROM_MPBULK_RHSBL    net
>>> score    DNS_FROM_MPBULK_RHSBL    2.0
>>>
>>>
>>> urirhsbl  URIBL_BULK_MPRHS  bulk.rhs.mailpolice.com.   A
>>> body      URIBL_BULK_MPRHS  eval:check_uridnsbl('URIBL_BULK_MPRHS')
>>> describe  URIBL_BULK_MPRHS  Contains a URL listed in the MailPolice 
>>> bulk senders list
>>> tflags    URIBL_BULK_MPRHS  net
>>> score     URIBL_BULK_MPRHS  2.0
>>>
>>>
>>> urirhsbl  URIBL_PORN_MPRHS  porn.rhs.mailpolice.com.   A
>>> body      URIBL_PORN_MPRHS  eval:check_uridnsbl('URIBL_PORN_MPRHS')
>>> describe  URIBL_PORN_MPRHS  Contains a URL listed in the MailPolice 
>>> porn domains list
>>> tflags    URIBL_PORN_MPRHS  net
>>> score     URIBL_PORN_MPRHS  2.0
>>>
>>>
>>> urirhsbl  URIBL_FRAUD_MPRHS  fraud.rhs.mailpolice.com.   A
>>> body      URIBL_FRAUD_MPRHS  eval:check_uridnsbl('URIBL_FRAUD_MPRHS')
>>> describe  URIBL_FRAUD_MPRHS  Contains a URL listed in the MailPolice 
>>> fraud domains list
>>> tflags    URIBL_FRAUD_MPRHS  net
>>> score     URIBL_FRAUD_MPRHS  2.0
>>>
>>> header   RCVD_IN_SPAMCANNIBAL          
>>> eval:check_rbl('spamcannibal', 'bl.spamcannibal.org.')
>>> describe RCVD_IN_SPAMCANNIBAL          Received via a relay in 
>>> SpamCannibal
>>> tflags   RCVD_IN_SPAMCANNIBAL          net
>>> score    RCVD_IN_SPAMCANNIBAL          0 1.50 0 1.50
>>>
>>> header   RCVD_IN_MSRBL          eval:check_rbl('msrbl', 
>>> 'combined.rbl.msrbl.net.')
>>> describe RCVD_IN_MSRBL          Received via a relay in MSRBL
>>> tflags   RCVD_IN_MSRBL          net
>>> score    RCVD_IN_MSRBL          0 1.50 0 1.50
>>>
>>> ---snip---
>>>
>>>
>>> Some are better than others, as I haven't had time to evaluate them 
>>> for a while.
>>>
>>
> Corporate mailservers serving about 100 users each in California, US.
> We are a public utility serving about 80,000 plus consumers in parts 
> of 6 cities.  Mail is usually around 10,000 to 15,000 per day before 
> filtering. Usually 1000 or less legitimate mails, some are rather 
> large word documents going back and forth with attorneys.
To save space on your mail servers, have you considered trying out the 
auto-zip functionality in MailScanner? It will squash Word documents a lot.

Jules

-- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list