DNSBL
Tested: 2+ weeks live, test written and passed
Description^
Check external DNS based blackhole lists (DNSBL). Allows weighting per blacklist or harsh policies (first hit serves).
Blacklists are huge directories of known IP addresses or IP ranges of known UCE senders, RFC ignorants, virus senders or alike sources of spam/malware.
You should keep in mind that each blacklist is run by a private person, group or commercial organization. Therefore make sure you can trust the admins of the particular list. A good start would be to read their removal policies (from time to time there are some fake black listsĀ which try to get a lot of subscribers, so that they can blackmail mail server operators, threatening to put them on these lists .. look out for: any removal costs) and of course try to google for reviews.
For the beginning, I suggest to have a look at SpamCop, Spamhaus, SORBS and UCEPROTECT. However, the quality of the expected results (false positives, false negatives) depends on your mail traffic (especially where your users mainly live, where the correspondents mainly live). Eg in Germany, a very good list would be the NiX Spam list from iX Magazin, which might produce poor results for North America.
However, you can and should use multiple blacklists and evaluate and weight their results over time.
Configuration^
harsh^
Default: 0
Allowed values: 0, 1
Any blacklist hit will reject the mail. First of: careful. Second: better use the postfix built in reject_rbl_client, which does exactly this.
blacklist^
Allowed values: Array of { host: “hostname”, weight: <integer> }
You can use as much blacklists as you want. Don’t overdo, 3-6 should be sufficient. Put the most trusted (reads: highest negative hit rate with least false-positive rate) in front with highest weight and less trusted below, with less weight.
Example^
---
disable: 0
harsh: 0
blacklist:
-
host: ix.dnsbl.manitu.net
weight: -80
-
host: bl.spamcop.net
weight: -80
-
host: dnsbl.sorbs.net
weight: -60
Performance^
Runtime: average (8 black lists) 0.05 secs
My Name is Ulrich Kautz and this is my private blog about server administration, perl programming and some other stuff that is on my mind. I study part-time computer sience at FU Berlin and work as sys admin and web developer at our hosting company