HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   RBL - spam blacklists howto (http://www.howtoforge.com/forums/showthread.php?t=5050)

alexnz 21st June 2006 06:12

RBL - spam blacklists howto
 
can someone point me in the direction on how i setup my postfix system with maildir too support the RBL anti-spam blacklist system

thanks,

sjau 21st June 2006 09:26

That is quite simple. You need them to add to the "smtpd_recipient_restrictions" in your main.cf file.

All of mien looks like that:

Code:

smtpd_recipient_restrictions =
        reject_invalid_hostname,
        permit_sasl_authenticated,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit_mynetworks,
#      permit_sasl_authenticated,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/recipient_checks,
        check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
        check_helo_access hash:/etc/postfix/helo_checks,
        check_sender_access hash:/etc/postfix/sender_checks,
        check_client_access hash:/etc/postfix/client_checks,
        check_client_access pcre:/etc/postfix/client_checks.pcre,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rhsbl_client blackhole.securitysage.com,
        reject_rhsbl_sender blackhole.securitysage.com,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client proxies.blackholes.wirehub.net,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client dnsbl.njabl.org,
        permit

As you can see in the first part I do some other checks and the RBLs start with that here:
Quote:

reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client relays.ordb.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.njabl.org,
Just add those rbls that you want to use :)

After you have altered the main.cf restart postfix ^^

alexnz 22nd June 2006 00:25

thanks!

ive added the full string too main.cf and restarted postfix with no issues

ive installed rblcheck and rbldnsd using apt-get install - is this all i need too do for RBL blacklists too be added to my server?

thanks!!!

falko 22nd June 2006 15:41

Quote:

Originally Posted by alexnz
ive installed rblcheck and rbldnsd using apt-get install - is this all i need too do for RBL blacklists too be added to my server?

You don't need this. Just configure Postfix as outlined above. :)

alexnz 23rd June 2006 01:20

thanks for that falko!

keybd_user 17th August 2006 20:29

Hi Falko,

Quote:

Originally Posted by falko
You don't need this. Just configure Postfix as outlined above. :)

I have a SuSE 10.1 64bit system.
In this case is this also the only thing necessary to put RBL's to work.

My problem is that I have setup this in main.cf but in my postfix directory I still keep getting an enormous amount of trash mail going to :

/var/spool/postfix/ ...

either the emails are
/deferred
/defer
/bounced (a bit less) or

/active
and
/incomming

At this point I have no user in the system! So I should get 0 emails. This is clearly spam :mad: .

Regards,
Pedro

sjau 17th August 2006 21:09

if you want to use some more checks you could also add this:

Code:

        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,

Those are just standards checks on whether the email "appears" to be from a legit site.
In order to see whether you rbls work you can look at your mail.log and see if any of the lists rbls will appear in there.

keybd_user 17th August 2006 21:49

Hi,



Quote:

Originally Posted by sjau
if you want to use some more checks you could also add this:

Code:

        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,

Those are just standards checks on whether the email "appears" to be from a legit site.
In order to see whether you rbls work you can look at your mail.log and see if any of the lists rbls will appear in there.

Thanks,

I did already looked at the mail logs.
and making :
prompt:/ less mail.log | grep blackhole.securitysage.com ... and the others rbnl's

does not return nothing ?!!?

Where can I see if the black lists servers are working?

regards,
Pedro

keybd_user 17th August 2006 22:13

Hi,

Sorry once again.
The RBL's are working!
Just found several:
bl.spamcop.net blocks for certain ip's!
Funny but on 170MB of log :eek: no other RBL is invoked :confused:
Is it necessary any type of registration for the others ?
They seem free in a first glimpse. ...

Well it escaped me.

Quote:

Originally Posted by sjau
if you want to use some more checks you could also add this:

Code:

        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,

Those are just standards checks on whether the email "appears" to be from a legit site.
In order to see whether you rbls work you can look at your mail.log and see if any of the lists rbls will appear in there.

Your line are allready in your first post. The forced identification of hostname, sender and recipient, (fqdn).

Even like this the problem maintains.
In the mail logs I see a lot of emails sent!
That means postfix is still making relay for some of those emails!
In my server this at this current rate it will be 1,5GB in the end of the month! :mad:

Regards,
Pedro

sjau 17th August 2006 22:15

Do you haven an open relay server?


All times are GMT +2. The time now is 08:52.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.