Postfix Spam Control – Blackholes

September 14, 2008 Spam Control

Using a Blackhole

The one thing that is important to understand when using blackholes is that these DNS blacklists require Postfix to do a DNS lookup which will take resources from your server and create latency. However, this can be a significant reduction in SPAM. In the example below two kinds of lists are used to block spam, these are only illustrations you should research your list carefully. Each list will have an address that you can enter to access the list. These two are combined in one address. That address is then entered into your smtpd restrictions.

Exploits Block List (http://www.spamhaus.org/xbl/index.lasso)The following information is taken from spamhaus site.

“The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.”

The Spamhaus Block List (http://www.spamhaus.org/sbl/index.lasso)
The following information is taken from spamhaus site.

“The SBL is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help email administrators better manage incoming email streams.

The SBL is queriable in realtime by mail systems thoughout the Internet, allowing email administrators to identify, tag or block incoming connections from IP addresses which Spamhaus deems to be involved in the sending or origination of Unsolicited Bulk Email (aka “Spam”).

The SBL database is maintained by a dedicated international Spamhaus team based in 9 countries, working 24 hours a day, 7 days a week to list new confirmed spam issues and – just as importantly – to delist resolved issues.”

These two lists are combined into this address.

sbl-xbl.spamhaus.org

Update
Now Spamhaus also has combined their PBL list -Non-MTA IP address ranges set by outbound mail policy, to one option called “zen.spamhaus.org”.

zen.spamhaus.org

smtpd_recipient_restrictions =

warn_if_reject reject_non_fqdn_recipient

reject_non_fqdn_sender

reject_unknown_sender_domain

reject_unknown_recipient_domain

permit_mynetworks

reject_unauth_destination

reject_non_fqdn_hostname

reject_invalid_hostname

check_helo_access pcre:/etc/postfix/helo_checks

check_sender_mx_access cidr:/etc/postfix/bogus_mx

reject_rbl_client zen.spamhaus.org

permit

Copyright CyberMontana Inc. and Postfixmail.com
All rights reserved. Cannot be reproduced without written permission. Box 1262 Trout Creek, MT 59874

Tags: ,

Comments (2)

 

  1. Adam says:
    December 22, 2008 at 6:18 pm

    Hey Mike, this is Adam from njedge. Spamhaus combined their sbl-xbl to zen.spamhaus.org.
    This is what I am using for the postfix mail server you helped me set up.
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client dnsbl-1.uceprotect.net,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client dnsbl-2.uceprotect.net,
    reject_rbl_client dnsbl-3.uceprotect.net,

    Great tutorials!

  2. mike says:
    December 26, 2008 at 4:01 am

    Thanks for the tip, I have updated the entry.