General RBL handling inside EFA

[ovizii]

so I see that by default inside postfix/main.cf there is:

Code: Select all

smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org

and inside /etc/MailScanner/MailScanner.conf there is:

Code: Select all

Spam List = # spamhaus-ZEN # You can un-comment this to enable them

and inside spam.lists.conf I see:

Code: Select all

# http://barracudacentral.org/rbl
BARRACUDA                       b.barracudacentral.org

# aggregate list - http://www.sorbs.net/using.shtml
SORBS                           dnsbl.sorbs.net

# aggregate list - http://www.spamhaus.org/zen/
SPAMHAUS                        zen.spamhaus.org

# aggregate list - https://www.spamcop.net/bl.shtml
SPAMCOP                         bl.spamcop.net

For one its weird that spamhaus-ZEN != SPAMHAUS

would it not be better to remove it from main.cf and use the more complex Mailscanner options? Especially seeing that I can use:

Code: Select all

Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 3

[ovizii]

Anyone using RBLs? Which one of these two methods are you using?

[iridium1191]

Hi ovizii,

We've run postfix & mailscanner for a few years (but only recently in EFA) and were advised that that it's more efficient to leave RBL's to Postfix. If enough RBL's returned positive then Postfix could handle the message without passing it onto Mailscanner.

However we decided to disable the RBL checks in Postfix and consolidate all SPAM checks in mailscanner/spamassassin. This was mostly for statistics and to be able to run querys on RBL's from the database but also because many RBL's give false positives. A false positive in Spamassassin only influences the SPAM score and in the worst case sends the message to quarantine where we can examine, release, blacklist or whitelist it if necessary. As far as I know a false positive in Postfix (at least in earlier versions) leaves you with no email in quarantine to check (although I think Postfix now lets you weigh the results from different RBL's).

So we find it more convenient to manage SPAM checks, including RBL's in Mailscanner/Spamassassin and leave more basic checks like greylisting or protocol checks to Postfix.

[ovizii]

Thanks for the detailed answer, that all makes more sense to me now.

[pdwalker]

Useful information.