This is for VirtualMin, WebMin users and Postfix users especially.
(If I made any mistake please let me know, I’m still learning.)
I had so many hosts trying to connect to my server that performance was actually affected.
I reduced all the timeouts in Postfix, reduced the amount of ERRORS allowed before disconnecting clients as well. Disabled plain text connections, but had already been using full secure SMTP and IMAP SSL.
How to apply the SPAM block list.
. Go to Webmin->Servers->Postfix->SMTP Client Restrictions or using this link and replace with URL, https://your.domain.com:10000/postfix/client.cgi
I put it both the list in bost fields. According to Postfix documentation separate the hosts by whitespace is the format for multiple values.
Reject if client IP address is in RBL :
Reject if client hostname is in RBL :
truncate.gbudb.net dnsbl.proxybl.org dnsbl-1.uceprotect.net dnsbl-2.uceprotect.net dnsbl-3.uceprotect.net dnsbl.sorbs.net safe.dnsbl.sorbs.net http.dnsbl.sorbs.net socks.dnsbl.sorbs.net misc.dnsbl.sorbs.net smtp.dnsbl.sorbs.net web.dnsbl.sorbs.net new.spam.dnsbl.sorbs.net recent.spam.dnsbl.sorbs.net old.spam.dnsbl.sorbs.net spam.dnsbl.sorbs.net escalations.dnsbl.sorbs.net block.dnsbl.sorbs.net dul.dnsbl.sorbs.net zombie.dnsbl.sorbs.net rhsbl.sorbs.net badconf.rhsbl.sorbs.net nomail.rhsbl.sorbs.net rbl.orbitrbl.com cbl.abuseat.org psbl.surriel.com intercept.datapacket.net db.wpbl.info bl.spamcop.net noptr.spamrats.com dyna.spamrats.com spam.spamrats.com bl.spamcannibal.org any.dnsl.ipquery.org dnsbl.njabl.org bhnc.njabl.org spamtrap.drbl.drand.net dnsbl.ahbl.org dnsbl.dronebl.org list.quorum.to rbl.atlbl.net hbl.atlbl.net access.atlbl.net ix.dnsbl.manitu.net dnsbl.inps.de
I copy/pasted all the hosts from this list and used aggregate lists of each provider when it was possible to avoid duplication of lookups on the margin.
Your feedback is welcome. I’m not sure if this is the proper approach but I have to say I saw an immediate boost in my server performance even with the WebMin GUI and the logs show that the lookups are occurring to blocks hosts.
It seems to me kind of strange that nobody has yet created the ‘ultimate’ spam DNS block list which simply aggregates all the data from the lists above. This would mean a single lookup to a single host instead of potentially a very large amount of new traffic to various the DNS blocks lists to avoid SPAM, which might actually create more issues for resource usage that the SPAM itself.
Also, I installed DKIM but not yet configured… is it worth it?
Anyone have ideas on how to improve this SPAM blocklist?
Following on the on my OP, here’s an additional layer of security to deal with spammers.
Go to your Postfix settings in WebMin, click on Edit Config Files… Choose the config file main.cf…
WARNING: You should only a 2-3 settings at a time to be on the safe side…
Add these lines to the bottom of your main.cf file to zap even more spammers and bad hosts…
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 2
smtpd_client_connection_count_limit = 2
smtpd_client_connection_rate_limit = 2
smtpd_client_new_tls_session_rate_limit = 2
Basically, YOUR REAL users shouldn’t have any issues with these settings and this will prevent bad hosts from sucking up all your resources and hammering your server all day.
Get familiar with what these settings do by doing a bit of reading here… http://www.postfix.org/
There are a number of reasons why you possibly wouldn’t want to take this approach.
You’ve included a long list of RBLs there. Some RBLs give higher rates of false positive than others - that is the rate at which they mistakenly reject legitimate IP addresses. The more RBLs you include, the greater the chance you’ll be blocking genuine email. Some people for example swear against using SORBS blacklists due to problems they’ve had in the past. You’ll find supporters and opponents of almost every list - they all have pros and cons, and it can take some research to decide which ones are safest and best for your specific situation.
Also, RBLs have been known come and go. Sometimes an RBL will die in such a way that it will reject all of your incoming emails. Are you prepared to keep tabs on each and every one of these RBLs to make sure they’re all working correctly?
You’ve also included a combination of DNSBLs and RHSBLs - the first of these are lists of IP addresses, the latter are lists of domains. I see Postfix has separate options for IP and hostname, so you’d want to split these as appropriate.
Personally, I’ve found zen.spamhaus.org to be by far the most reliable RBL to use, and it catches the vast majority of spam coming to my boxes with only VERY rare false positives. I’d sooner use that alone than the entire list above.
bl.spamcop.net is another highly regarded RBL, but I tend to only use it in combination with a whitelist, so that it’s not checking against every single email. For me, I find it handy in picking up the few that get past Spamhaus.
Some other things I find helpful are clamav & scamp.sh, careful greylisting (which itself has been implemented very badly by some ISPs) and SURBL, but use of these probably goes beyond the scope of this post
It’s really all about getting the right mix of anti-spam options for your specific circumstance - which is also one reason why there is no single ‘ultimate’ RBL.
Anyway, I hope that’s of some help to you. I also find http://www.dnsbl.com/ to be an interesting resource for this sort of thing.
Postscreen blocks bot spam with ease, and, allows postfix to apply weights to each rbl, allowing you to use more risky rbls and only block on weighted totals. Like several postfix addons do, but, with the additional benefit of being postfix only and adding the extra features for bot spam.