|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: ORBS question
From: Jim Seymour (jseymour
LinxNet.com)Date: Sat Jun 24 2000 - 11:50:27 CDT
- Next message: Wietse Venema: "Re: Bug in local delivery? (does username case matter?)"
- Previous message: Vivek Khera: "Re: SMTP for local users but from different ISP's"
- In reply to: Brandis Jaroslav: "ORBS question"
- Next in thread: Franck Martin: "RE: ORBS question"
- Reply: Jim Seymour: "Re: ORBS question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brandis Jaroslav <brandissavba.sk> wrote:
>
> hi ...
>
> I would like apply ORBS filters for my postfix.
You'll get a lot of folks recommending you not use ORBS because of too
many "false positives." (They're not *really* "false positives." ORBS
says the MTA is an open relay. [Or untestable.] They're only "false
positives" in the sense that frequently what gets rejected isn't spam.)
I have a cron job that adds ORBS into my maps_rbl_domains well after
normal operating hours (for us) and on weekends. Spammers do a lot of
their work when they think the cat's away. During the rest of the
time, I run rbl.maps.vix.com, dul.maps.vix.com and relays.mail-abuse
only.
I tried eliminating ORBS entirely. Too much spam came back :-(.
> I know how do it. But My
> users has problems with receiving mails from theirs friends and colegue,
> because many of their mail servers are in ORBS db. ...
[snip]
For the "false positives", I add the appropriate "pre-approvals" to
recipient, sender and client access checks. This, of course, requires
that I keep a close eye on what's getting rejected. And that
*somebody* *tell* *me* when they're getting bounced. But I've found
that even with the MAPS checks, I sometimes have to add a
"pre-approval" entry. (Tho not nearly as often.)
You must make sure you have a recipient check before the rbl checks and
have, at a minimum, a pre-approval for "Postmaster" (and I recommend
"abuse"). You're supposed to *always* accept email for Postmaster.
Here is what my UCE checks look like on my firewall mail gateways:
/etc/postfix/main.cf (partial):
header_checks = pcre:/etc/postfix/rejlist
smtpd_helo_required = yes
maps_rbl_domains =
rbl.maps.vix.com,
dul.maps.vix.com,
relays.mail-abuse.org,
relays.orbs.org
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
check_sender_access dbm:/etc/postfix/sender_checks,
check_client_access dbm:/etc/postfix/client_checks,
reject_maps_rbl,
permit
/etc/postfix/recipient_checks.pcre (minimum):
/^\/ 550 Invalid address format.
/[!%\].*\/ 550 This server disallows weird address syntax.
/^postmaster\/ OK
/^abuse\/ OK
At least I *think* that's what I've got in them. Being as I'm on-
line at the moment: I can't call up the office and check. The
"relays.orbs.org" entry is the thing that get automagically added
and removed.
Use at your own risk. Caveat emptor. YMMV. Etc.
Regards,
Jim
-- Jim Seymour | PGP Public Key available at: jseymour
- Next message: Wietse Venema: "Re: Bug in local delivery? (does username case matter?)"
- Previous message: Vivek Khera: "Re: SMTP for local users but from different ISP's"
- In reply to: Brandis Jaroslav: "ORBS question"
- Next in thread: Franck Martin: "RE: ORBS question"
- Reply: Jim Seymour: "Re: ORBS question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]