NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-05

Re: Other good RBLs, apart from Zen?

From: Noel Jones (njonesmegan.vbhcs.org)
Date: Fri May 02 2008 - 12:04:57 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Arturo 'Buanzo' Busleiman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Victor Duchovni wrote:
> | Beyond Zen, your efforts are probably best directed at message content
> | filtering say SpamAssassin with SURBL lookups to filter spam URLs, ...
>
> Thanks everyone for your comments, both on and off-list. I think I'll
> not be adding an extra RBL
> after all. Maybe the German-spam one. I'd really like to find a
> Russian-spam RBL. I get lots of it.
>
> OTOH, I'm using clamsmtp, zen, greylisting and spf. I don't want to use
> amavisd-new or any other
> "everything included" tools. What do you recommend? Of course, I'm
> interested in SpamAssassin. My
> servers are used 99% for relaying to internal mail servers in other
> companies (I'm the smarthost and
> public MX for them), so something like spamc via xfilter in a maildrop
> rules file is not good.
>
> I've read many guides and checked-out the addons page at postfix.org,
> but for my situation, what
> would the group recommend?
>

If you're already using clamav, I would highly recommend the
add-on signatures from Sanesecurity, which are targeted at
phish and scam mail. I have found these signatures to be safe
and very effective. Adding these signatures add virtually no
extra time to clamd scanning.
You will need a script run from cron to get updates a couple
times a day; there are some very good user-contributed scripts
available on the Sanesecurity web site.
http://www.sanesecurity.com/clamav/usage.htm

MSRBL also has some add-on signatures for clamav. These appear
to also be safe, but mostly ineffective here - I suspect most
of the spam they would stop is already rejected here by smtpd
restrictions. Others have reported better results, so YMMV.
http://www.msrbl.com/msrbl-spam
http://www.msrbl.com/msrbl-images

If you're interested in using SpamAssassin, running it under
the control of amavisd-new as a post-queue content_filter is a
good choice. Note that SpamAssassin adds quite a bit of
overhead in terms of CPU, RAM, and time.

There are a number of milters that use SpamAssassin that
should work with postfix. However, doing that kind of
resource-intensive content inspection pre-queue will severely
limit the number of smtpd processes that can be safely run.
If you go this route, you will likely need to add more MX
boxes to spread the load out.

--
Noel Jones

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]