From owner-freebsd-questions@FreeBSD.ORG Tue Jan 15 16:04:22 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8951716A421 for ; Tue, 15 Jan 2008 16:04:22 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.ilk.org (dsl092-078-145.bos1.dsl.speakeasy.net [66.92.78.145]) by mx1.freebsd.org (Postfix) with ESMTP id 1813613C465 for ; Tue, 15 Jan 2008 16:04:22 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: by be-well.ilk.org (Postfix, from userid 1147) id A98702844C; Tue, 15 Jan 2008 11:04:20 -0500 (EST) To: cpghost References: <87A9631B-EAC5-41B8-B4C2-001C3ADBA486@identry.com> <200801150237.m0F2bqEg000116@banyan.cs.ait.ac.th> <360AB6AE-B3C1-4CA6-AFC1-378B48B3C6DF@identry.com> <20080115154527.GA15932@epia-2.farid-hajji.net> From: Lowell Gilbert Date: Tue, 15 Jan 2008 11:04:20 -0500 In-Reply-To: <20080115154527.GA15932@epia-2.farid-hajji.net> (cpghost@cordula.ws's message of "Tue\, 15 Jan 2008 16\:45\:27 +0100") Message-ID: <44bq7noz23.fsf@be-well.ilk.org> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: John Almberg , freebsd-questions@freebsd.org Subject: Re: No spam??? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 16:04:22 -0000 cpghost writes: > On Tue, Jan 15, 2008 at 08:48:32AM -0500, John Almberg wrote: >> I've been doing some more digging since my last post, and have figured out >> that the spam is not being blocked by pf, as I suspected (since it wasn't >> showing up in my spam folder), but by spamassassin blacklists. >> >> The smtp log file has lots of entries like: >> >> 2008-01-14 09:30:37.074087500 rblsmtpd: 123.20.89.67 pid 72121: 451 >> http://www.spamhaus.org/query/bl?ip=123.20.89.67 >> 2008-01-14 09:31:05.271514500 rblsmtpd: 58.227.241.97 pid 72122: 451 >> Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?58.227.241.97 >> 2008-01-14 09:31:17.404943500 rblsmtpd: 41.196.155.56 pid 72123: 451 >> http://www.spamhaus.org/query/bl?ip=41.196.155.56 >> 2008-01-14 09:31:18.304682500 rblsmtpd: 123.20.89.67 pid 72124: 451 >> http://www.spamhaus.org/query/bl?ip=123.20.89.67 >> >> So raises the same point that Oliver makes: how trustworthy are these >> blacklists? > > YMMV, of course! > > I'm using spamhaus.org's blacklists for quite some time (many years) > to block spam in postfix and they've been VERY trustworthy so far. > > But I can't say the same for the others, which seem occasionally a > little bit too eager/aggressive and accumulate way too many false > positives. The OP was using spamassassin, which can score a mail as more likely to be spam based on an RBL. This makes even an untrustworthy RBL useful while still protecting yourself against its mistakes. For example, I use spamhaus blacklists in postfix myself, but I let messages come in from SORBS-blacklisted sites. Then the messages will get a point or two (of 4 or 5 needed to be marked as spam) as a result of the SORBS blacklist. At least, I think I've got the list names correct; I haven't touched my configurations for either postfix or spamassassin in quite a while.