devtay
Yes. We are using rbl but not sbl. The sbl lists are too aggressive and legit email gets blocked.
RBLList=zen.spamhaus.org,b.barracudacentral.org,bl.spamcop.net
RHSBL=enabled
I personally find the bl.spamcop.net list too aggressive, spamhaus & barracudacentral are OK.
Re SBL lists, the default install settings are way too aggressive.
I find that the conservative list in the Email Howto is OK for me (ie not aggressive)
ie
A conservative setting for the associated DNSBL SBLList is:
config setprop qpsmtpd SBLList dbl.spamhaus.org
config setprop qpsmtpd RHSBL enabled
signal-event email-update
I can't block the normal type attachments (pdf, word doc, excel, etc) we use them in day to day business.
All the zip variants should be blocked in my opinion & experience, they are used by spammers.
You can set that in server manager without any coding needed.
Get your users to pack to the rar format, seems much less used by spammers.
I haven't had much luck with the attachment filtering anyways. I did the instructions to block .rtf .img and .iso and it doesn't work. I've also tried attachment filtering with the hash. When I run the commands to get the hash it comes out all A's for the .iso filtering.
I have followed posts here about this & also investigated extensively, it is hard to find common signatures for those formats, they change so much between sources of file creation, so yes I agree it is difficult for these types of attachments.
There is also another blocking list type that can be configured:
config setprop qpsmtpd UBLList rhsbl.sorbs.net
config setprop qpsmtpd URIBL enabled
signal-event email-update
Spam rejection is really a multi factored approach, so every little bit helps.
Can I ask is your sme server in server & gateway mode with a bridged modem in front of it, or is it in server only mode with another firewall in front of it (the former is better for spam rejection & various mechanisms employed by sme server).
I quote these comments from the Email Howto:
Server Only
Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules. For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address.
Unfortunately, many admins believe that port-forwarding SMTP provides additional security. It doesn't, it limits the SMESERVER's ability to apply some rules