I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.
I would suspect that it is due the fact that we are exceeding their low volume limits for free use.
I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.
What other DNSBL lists are you using and are they free?
Thanks in advance,
David
Zimbra 8.6 community edition
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.7 + Zimbra Connector for Outlook 8.8.7 are available.. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
Which DNSBL lists are you using?
-
- Outstanding Member
- Posts: 204
- Joined: Sat Sep 13, 2014 2:26 am
- ZCS/ZD Version: 8.8.15.GA.3829.UBUNTU14.64 -Patch 1
Re: Which DNSBL lists are you using?
davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.
I would suspect that it is due the fact that we are exceeding their low volume limits for free use.
I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.
What other DNSBL lists are you using and are they free?
Thanks in advance,
David
Zimbra 8.6 community edition
Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.
With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.
Our hard blocks are:
Code: Select all
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
Our postscreen scoring is:
Code: Select all
zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2
Although that's always subject to tweaks.
Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Re: Which DNSBL lists are you using?
quanah wrote:davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.
I would suspect that it is due the fact that we are exceeding their low volume limits for free use.
I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.
What other DNSBL lists are you using and are they free?
Thanks in advance,
David
Zimbra 8.6 community edition
Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.
With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.
Our hard blocks are:Code: Select all
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
Our postscreen scoring is:Code: Select all
zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2
Although that's always subject to tweaks.
Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.
quanah,
Thank you for this input always been curious about postscreen beyond static blocks - just now testing a fine tune of it.
Do you find native Zimbra sec measures as or near as effective as having added platforms like a Barracuda Spam Firewall - on edge?
-
- Posts: 3
- Joined: Mon Oct 09, 2017 9:51 pm
Re: Which DNSBL lists are you using?
Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?
-
- Outstanding Member
- Posts: 204
- Joined: Sat Sep 13, 2014 2:26 am
- ZCS/ZD Version: 8.8.15.GA.3829.UBUNTU14.64 -Patch 1
Re: Which DNSBL lists are you using?
carlosbetiol wrote:Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?
Try this:
To display all Postscreen configurations
Code: Select all
zmprov gacf | grep zimbraMtaPostscreen*
or just this for DnsblSites
Code: Select all
zmprov gacf | grep zimbraMtaPostscreenDnsblSites
-
- Posts: 3
- Joined: Mon Oct 09, 2017 9:51 pm
Re: Which DNSBL lists are you using?
Great! Thank you dalvik.
I have a SPAM problem. I installed now another server with ZCS 8.7 and I used the quanah sugestions to postscreen and MTA restrictions, but a lot of email messages SPAM obvious are received on INBOX instead SPAM folder. I have a server with ZCS 8.6 using DSPAM and all ok.
Have you any SPAM configuration sugestion to minimize my problema ?
thank you.
I have a SPAM problem. I installed now another server with ZCS 8.7 and I used the quanah sugestions to postscreen and MTA restrictions, but a lot of email messages SPAM obvious are received on INBOX instead SPAM folder. I have a server with ZCS 8.6 using DSPAM and all ok.
Have you any SPAM configuration sugestion to minimize my problema ?
thank you.
Re: Which DNSBL lists are you using?
Why don#t you take a look at Rspamd on both of your servers (after suitable testing, of course), see the thread mentioned in my sig.
Regards
Bill
Rspamd: A high performance spamassassin replacement
If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Bill
Rspamd: A high performance spamassassin replacement
If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
- stefaniu.criste
- Posts: 39
- Joined: Wed Feb 12, 2014 5:40 am
- Location: Romania
- ZCS/ZD Version: 8.8.8_GA_1728 20180614052922 201806
- Contact:
Re: Which DNSBL lists are you using?
Besides the above mentioned solutions, we are also using the Romanian service abuse.ro, for the in-country spam.
Stefaniu Criste - managing partner
Hangar Hosting - a safe place for your business
proudly delivering Zimbra services in Romania
Hangar Hosting - a safe place for your business
proudly delivering Zimbra services in Romania
Who is online
Users browsing this forum: No registered users and 17 guests