RBL - spam blacklists howto

[alexnz]

can someone point me in the direction on how i setup my postfix system with maildir too support the RBL anti-spam blacklist system

thanks,

[sjau]

That is quite simple. You need them to add to the "smtpd_recipient_restrictions" in your main.cf file.

All of mien looks like that:

Code:

smtpd_recipient_restrictions =
        reject_invalid_hostname,
        permit_sasl_authenticated,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        permit_mynetworks,
#       permit_sasl_authenticated,
        reject_unauth_destination,
        check_recipient_access hash:/etc/postfix/recipient_checks,
        check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
        check_helo_access hash:/etc/postfix/helo_checks,
        check_sender_access hash:/etc/postfix/sender_checks,
        check_client_access hash:/etc/postfix/client_checks,
        check_client_access pcre:/etc/postfix/client_checks.pcre,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rhsbl_client blackhole.securitysage.com,
        reject_rhsbl_sender blackhole.securitysage.com,
        reject_rbl_client relays.ordb.org,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client proxies.blackholes.wirehub.net,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client dnsbl.njabl.org,
        permit

As you can see in the first part I do some other checks and the RBLs start with that here:

Quote:

reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,
reject_rbl_client relays.ordb.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client dnsbl.njabl.org,

Just add those rbls that you want to use

After you have altered the main.cf restart postfix ^^

[alexnz]

thanks!

ive added the full string too main.cf and restarted postfix with no issues

ive installed rblcheck and rbldnsd using apt-get install - is this all i need too do for RBL blacklists too be added to my server?

thanks!!!

[falko]

Quote:

Originally Posted by alexnz

ive installed rblcheck and rbldnsd using apt-get install - is this all i need too do for RBL blacklists too be added to my server?

You don't need this. Just configure Postfix as outlined above.

[alexnz]

thanks for that falko!

[keybd_user]

Hi Falko,

Quote:

Originally Posted by falko

You don't need this. Just configure Postfix as outlined above.

I have a SuSE 10.1 64bit system.
In this case is this also the only thing necessary to put RBL's to work.

My problem is that I have setup this in main.cf but in my postfix directory I still keep getting an enormous amount of trash mail going to :

/var/spool/postfix/ ...

either the emails are
/deferred
/defer
/bounced (a bit less) or

/active
and
/incomming

At this point I have no user in the system! So I should get 0 emails. This is clearly spam .

Regards,
Pedro

[sjau]

if you want to use some more checks you could also add this:

Code:

        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,

Those are just standards checks on whether the email "appears" to be from a legit site.
In order to see whether you rbls work you can look at your mail.log and see if any of the lists rbls will appear in there.

[RicochetPeter]

[QUOTE=sjau]

Code:

        check_recipient_access hash:/etc/postfix/recipient_checks,
        check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
        check_helo_access hash:/etc/postfix/helo_checks,
        check_sender_access hash:/etc/postfix/sender_checks,
        check_client_access hash:/etc/postfix/client_checks,
        check_client_access pcre:/etc/postfix/client_checks.pcre,

Hi all,

sorry for the bump, but those lines gave me a hickup. What do the mentioned files contain? I don't have them by default, so I think they have to be created by myself. (I admit I'm too lazy now to look up those paramters in the postfix docs in the first place )

[sjau]

Those are additional checks. Please see here:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

[RicochetPeter]

Thank you for the link. It's a very ... extensive document