From: Grayhat <gr...@gm...> - 2013-05-30 15:15:05
|
> I'm fairly new to ASSP, and looking to add Barracuda to the DNSBL. > The RBl is located at b.barracudacentral.org > > My current setting, which is the default looks like this... > > zen.spamhaus.org=>0.84|cbl.abuseat.org=>0.94|bl.mailspike.net=>0.84| > ix.dnsbl.manitu.net=>0.98|dnsbl-1.uceprotect.net=>1|bl.spamcop.net=>1.1| > psbl.surriel.com=>1.2|dnsrbl.swinog.ch=>1.3|dsn.rfc-ignorant.org=>1.4| > bl.spameatingmonkey.net=>1.5|dnsbl.inps.de=>1.6|dnsbl.sorbs.net=>1.8 > > Would I be right, and sensible in simply adding something like the > following to the end of the line? > > |b.barracudacentral.org=>1 Let's start from the meaning of the RBL entries; assuming your spam score is 50, by entering a line like (e.g.) some.dnsbl.org=>2 would mean that, a hit on such a DNSBL would increase the spamscore for the incoming message of 25 (50/2) so, in your case, adding the entry b.barracudacentral.org=>1 would mean that, if a given incoming IP is listed on "barracuda" the spamscore would be raised by 50 points so, basically, causing the incoming message to be rejected That said, I'd suggest you to use files to store such "multiple entries" settings, this would ease dealing with them, so you may enter into your "RBLServiceProvider" something like file:files/dnsbls.txt the above would then tell ASSP to load the RBL data from a (text) file sitting inside ASSP/files and named "dnsbls.txt", the contents of such a file may then be something like (e.g.) zen.spamhaus.org=>1 bb.barracudacentral.org=>1 ix.dnsbl.manitu.net=>1 bl.spamcop.net=>1 bl.mailspike.net=>2 psbl.surriel.com=>2 ipbl.zeustracker.abuse.ch=>2 db.wpbl.info=>2 v4.fullbogons.cymru.com=>2 dnsbl-1.uceprotect.net=>2 dul.dnsbl.sorbs.net=>3 bl.spamcannibal.org=>3 dnsbl-2.uceprotect.net=>3 blackholes.five-ten-sg.com=>3 dnsbl-3.uceprotect.net=>4 dnsbl-0.uceprotect.net=>5 that is, an RBL "name" on each line followed by "=>" and the score you want to assign to that particular list; in the above case, for example, some "aggressive" lists are only using for "scoring", that is, they won't immediately reject an incoming message but they'll just increase its spam score by a fraction of the given total score (50 by default) this is a good thing, since it allows you to also use "aggressive" lists while, at the same time, limiting the false positives rate Notice that the above is JUST AN EXAMPLE, so you may (and probably will) need to tailor it to fit your preferences/needs; also notice that the same approach may be used for whitelists, so, you may have another file (say assp/dnswls.txt) containing the names of the whitelists you want to use, for example, such a file may contain something like swl.spamhaus.org iadb.isipp.com hul.habeas.com query.bondedsender.org the idea is to reduce false-positives by querying such whitelists and, if an IP is whitelisted by them, skip the DNS blacklists checks HTH |