Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Contribs.org Forums
  3. General Discussion
  4. Topic: Spam Filter Settings
« previous next »
Pages: [1]   Go Down

Spam Filter Settings

  • 2 Replies
  • 1379 Views

Offline mmccarn

  • *
  • 2,651
  • +10/-0
Spam Filter Settings
« on: February 16, 2012, 07:01:00 PM »
[edit]
Subject changed from RBLList Changes to Spam Filter Settings
[/edit]

I've recently been seeing an increase in SPAM passing through my SME server.

My current RBLList setting is:
    RBLList=zen.spamhaus.org:combined.njabl.org

Doing some research on one recently received SPAM, I found this online check tool:
http://multirbl.valli.org/lookup

Which clearly showed the spam source as being listed on several different RBL Lists, some of which I'd never heard of before:
   blackholes.five-ten-sg.com
   b.barracudacentral.org
   bb.barracudacentral.org
   l4.bbfh.ext.sorbs.net
   ip.v4bl.org
   problems.dnsbl.sorbs.net
   spam.dnsbl.sorbs.net
   old.spam.dnsbl.sorbs.net
   bl.tiopan.com
   dnsbl.webequipped.com
   list.quorum.to

I've added 'ip.v4bl.org' and 'spam.dnsbl.sorbs.net' to my RBLList; I'll report back any success or failure here.
« Last Edit: February 18, 2012, 04:22:47 PM by mmccarn »
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: RBLList Changes
« Reply #1 on: February 16, 2012, 08:06:58 PM »
Be cautious about adding RBLs - if those RBLs are poorly maintained, or over-zealous, you will spend more time chasing rejected mail than you will save by receiving less spam.
Logged

Offline mmccarn

  • *
  • 2,651
  • +10/-0
Re: RBLList Changes
« Reply #2 on: February 18, 2012, 04:01:47 PM »
Quote from: CharlieBrady on February 16, 2012, 08:06:58 PM
Be cautious about adding RBLs

Right you are -- I had to revert the two new RBLs less than 12 hrs later.

Before trying any more lists, I figured out a command to let me test them first.

The command below:
- scans /var/log/qpsmtpd/current for all email that was successfully delivered
- looks up the sending IP address using the blocklist specified (b.barracudacentral.org in the sample below)
- for each email that would be blocked by the test blocklist, outputs:
  - the spam score assigned by the system
  - the 'from' email address
  - the 'to' email address(es)
  - the dnsbl A result (127.0.0.x)
  - the dnsbl TXT result
Code: [Select]
TESTBL=b.barracudacentral.org
#
grep logging::logterse.*\(queue\) /var/log/qpsmtpd/current \
|awk -v DNSBL=$TESTBL '{split($7,ip,".");print "echo -ne \"" ($15) \
"\tFrom: " gensub("[<>]","","g",$10) \
"\tTo: " gensub("[<>]","","g",$11) \
"\tA: `dig +short " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL \
"`\tTXT: \" ; echo -e \"`dig +short txt " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL "`\""}' \
|bash | grep 127\.0 |less -S

Digging a little more, I found that pyzor wasn't working on my system (apparently it stopped working around the time of the 7.5 update), so I got that working again (Bug 5973).

I also tried enabling auto_whitelisting using config setprop spamassassin UseAutoWhitelist 1, and ran into some issues with that.  My notes on how I got that working have been added to Bug 6130.

« Last Edit: February 18, 2012, 04:21:03 PM by mmccarn »
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Contribs.org Forums
  3. General Discussion
  4. Topic: Spam Filter Settings