postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Postscreen update

Re: Postscreen update

From: Kris Deugau <kdeugau_at_nospam>
Date: Fri Oct 01 2010 - 15:15:24 GMT
To: postfix-users@postfix.org

Stan Hoeppner wrote:
> I was going by information I received from another list. I don't use
> the data feed service. Does this include the CBL data set within Zen?

Yes; CBL is a subset of XBL. It's not provided separately, at least
not by Spamhaus. XBL alone is at least ~50x the size (on-disk) of the
other Zen subcomponents (PBL being the next largest).

> I would make an educated guess that the size of the CBL data set would
> be over 100MB alone. 25 million 32bit IP addresses (4 bytes) would be
> 100MB, if my math is correct. 25 million bot infected hosts around the
> world seems like a very conservative estimate.

Since Spamhaus ZEN is intended to be used as a no-FP blocklist, it's
probably a lot less aggressive about listing these than some other lists
might be.

> Yeah, running the Spamhaus zones on local rbldnsd instances on each MX
> would require some distribution magic, as you state. Never done this
> myself. I'd be more inclined to go the route you've taken, if I were
> ever in a position to manage such a thing.

The "magic" amounts to a couple of crontab entries:

*/5 * * * * root rsync /path/to/spamhaus-in resolver1::rbldns
*/5 * * * * root rsync /path/to/spamhaus-in resolver2::rbldns

(I set up a script to only copy the actual zone data files - the inbound
Spamhaus sync sometimes leaves extra files lying around, I have to build
the local blacklist zone data from the database, and it's always nice to
trap errors of various kinds. But it's trivial enough any ISP sysadmin
should be able to hack out a similar wrapper in an hour or two.)

-kgd