From owner-freebsd-questions@FreeBSD.ORG Sat Jan 19 19:32:52 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4724416A417 for ; Sat, 19 Jan 2008 19:32:52 +0000 (UTC) (envelope-from jorn@wcborstel.com) Received: from mail.wcborstel.com (www.wcborstel.com [82.93.93.17]) by mx1.freebsd.org (Postfix) with ESMTP id D040D13C447 for ; Sat, 19 Jan 2008 19:32:51 +0000 (UTC) (envelope-from jorn@wcborstel.com) Received: from mail.wcborstel.com (localhost [10.0.0.2]) by mail.wcborstel.com (Postfix) with ESMTP id 946C3433B4E; Sat, 19 Jan 2008 20:33:16 +0100 (CET) Received: by mail.wcborstel.com (Postfix, from userid 58) id 3BBF9433B4D; Sat, 19 Jan 2008 20:33:16 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mail.wcborstel.com X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.3 X-Spam-Report: * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] Received: from [10.0.1.26] (unknown [10.0.1.26]) by mail.wcborstel.com (Postfix) with ESMTP id CB7E7433A60; Sat, 19 Jan 2008 20:33:11 +0100 (CET) Message-ID: <4792505B.5000004@wcborstel.com> Date: Sat, 19 Jan 2008 20:32:43 +0100 From: Jorn Argelo User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: John Almberg References: <87A9631B-EAC5-41B8-B4C2-001C3ADBA486@identry.com> <200801150237.m0F2bqEg000116@banyan.cs.ait.ac.th> <360AB6AE-B3C1-4CA6-AFC1-378B48B3C6DF@identry.com> <200801160254.m0G2skn2022882@banyan.cs.ait.ac.th> <6FF7BE89-140E-4D61-9FB3-247F88A42998@identry.com> In-Reply-To: <6FF7BE89-140E-4D61-9FB3-247F88A42998@identry.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-questions@freebsd.org Subject: Re: No spam??? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jan 2008 19:32:52 -0000 John Almberg wrote: >>> 2008-01-14 09:30:37.074087500 rblsmtpd: 123.20.89.67 pid 72121: 451 >>> http://www.spamhaus.org/query/bl?ip=123.20.89.67 >> >> Just one comment, in my installation of SpamAssassin, it reports in >> syslog as spamd, not at rblsmtpd. This looks like logs from the >> rblsmtpd program that is not SpamAssasin. >> >> As some one mentionned, one way to prevent false positive and too >> agressive black lists is to use them through SpamAssassin only, where >> the black list score is only part of the spaminess. The draw back is >> that it puts more load the server and SpamAssassin that has to >> scrutinize every email, while dropping at the SMTP level is fast and >> uses very low resources. >> > > Ah... I see. Yes, you are correct. It is rblsmtpd that is doing the > filtering. > > One of my goals with this mail server set up (primarily pf, qmail, > spamassassin, maildrop, courier) was to minimize processing, since my > last set up got totally bogged down handling my, and my client's > email, frequently running with a load of 8 or more with several spam > per second. A real drag. > > This set up runs at a much lower load, and seems to do a better job > filtering spam. Since you're already using PF, why not use OpenBSD spamd (not spamassassin) as well? You don't need rblsmtpd then, and OpenBSD spamd operates together with PF. Maybe rblsmtpd does as well, I don't know - I never tried it. Also in combination with relaydb to create your own blacklists it can be pretty interesting. Check out http://www.openbsd.org/spamd/ for additional info. Anyway, to go a little more on the background about blacklists; we were troubled by a lot of "false positive" entries in the blacklists (we use uatraps and nixspam, and spamassassin checks on blacklists like spamhaus since they only allow DNS queries if you don't want to pay). We had big ISPs blacklisted, and seeing at the amount of mailservers they have you don't want to check all of that by hand. And I'm sure somebody else noticed Gmail's awkward way of handling outgoing e-mail. They apparently have one global mail queue or something and try another mail server (of the hundereds they have) when the delivery fails once - a horrible situation for greylisting. So what we did is create a Perl script that checks every blacklisted entry for a PTR record and tried to give an SMTP HELO command. We filter the PTR record on several keywords (like dsl, dynamic, cable, ip address, stuff like that). If a valid PTR record or a valid SMTP HELO reply has been recieved we remove that entry automatically from the blacklist. So you still blacklist the zillions of DSL connection and filter out the big ISPs or other customers. Naturally you will filter some spammers out using this method, but we still have SpamAssassin as a second layer doing a fine job.(And FYI: it picks a random IP address and has a 1 second delay on everything it checks - we don't want to cause a fuss at ISPs with a lot of blacklisted entries). There's more stuff in this script but the point of this e-mail is not a lecture of that :P Anyway, ever since we put this script into place we got zero complains about blacklists, while still effectively trapping spammers into OpenBSD spamd and keeping them busy. Quite a story - I hope someone might find this info useful one way or another. As always, YMMV. - Jorn > > -- John > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"