Which DNSBL lists are you using?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
davidkillingsworth
Advanced member
Advanced member
Posts: 138
Joined: Sat Sep 13, 2014 2:26 am
ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64

Which DNSBL lists are you using?

Postby davidkillingsworth » Thu Jun 30, 2016 4:06 am

I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition


User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1655
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

Re: Which DNSBL lists are you using?

Postby quanah » Fri Jul 01, 2016 6:50 pm

davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition


Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.

With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.

Our hard blocks are:

Code: Select all

zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org


Our postscreen scoring is:

Code: Select all

zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2


Although that's always subject to tweaks.

Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.
--
Quanah Gibson-Mount https://github.com/quanah/
Systems Architect, Synacor http://wwwsynacor.com/
A Zetalliance Founder http://www.zetalliance.org/
OpenLDAP Core team http://www.openldap.org/project/
User avatar
arkitoure
Posts: 10
Joined: Fri Feb 10, 2017 9:16 am

Re: Which DNSBL lists are you using?

Postby arkitoure » Tue Mar 14, 2017 4:43 pm

quanah wrote:
davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition


Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.

With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.

Our hard blocks are:

Code: Select all

zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org


Our postscreen scoring is:

Code: Select all

zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2


Although that's always subject to tweaks.

Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.




quanah,

Thank you for this input always been curious about postscreen beyond static blocks - just now testing a fine tune of it.
Do you find native Zimbra sec measures as or near as effective as having added platforms like a Barracuda Spam Firewall - on edge?
carlosbetiol
Posts: 3
Joined: Mon Oct 09, 2017 9:51 pm

Re: Which DNSBL lists are you using?

Postby carlosbetiol » Mon Oct 09, 2017 9:54 pm

Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?
davidkillingsworth
Advanced member
Advanced member
Posts: 138
Joined: Sat Sep 13, 2014 2:26 am
ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64

Re: Which DNSBL lists are you using?

Postby davidkillingsworth » Tue Oct 10, 2017 9:19 am

carlosbetiol wrote:Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?


Try this:
To display all Postscreen configurations

Code: Select all

zmprov gacf | grep zimbraMtaPostscreen*

or just this for DnsblSites

Code: Select all

zmprov gacf | grep zimbraMtaPostscreenDnsblSites
carlosbetiol
Posts: 3
Joined: Mon Oct 09, 2017 9:51 pm

Re: Which DNSBL lists are you using?

Postby carlosbetiol » Wed Oct 11, 2017 2:03 pm

Great! Thank you dalvik.

I have a SPAM problem. I installed now another server with ZCS 8.7 and I used the quanah sugestions to postscreen and MTA restrictions, but a lot of email messages SPAM obvious are received on INBOX instead SPAM folder. I have a server with ZCS 8.6 using DSPAM and all ok.

Have you any SPAM configuration sugestion to minimize my problema ?

thank you.
phoenix
Ambassador
Ambassador
Posts: 25021
Joined: Fri Sep 12, 2014 9:56 pm

Re: Which DNSBL lists are you using?

Postby phoenix » Wed Oct 11, 2017 5:44 pm

Why don#t you take a look at Rspamd on both of your servers (after suitable testing, of course), see the thread mentioned in my sig.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implement in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
User avatar
stefaniu.criste
Posts: 20
Joined: Wed Feb 12, 2014 5:40 am
Location: Romania
ZCS/ZD Version: 8.7.11_GA_1854.RHEL6_64_20170531151
Contact:

Re: Which DNSBL lists are you using?

Postby stefaniu.criste » Thu Oct 12, 2017 12:13 pm

Besides the above mentioned solutions, we are also using the Romanian service abuse.ro, for the in-country spam.
Stefaniu Criste - managing partner
Hangar Hosting - a safe place for your business
proudly delivering Zimbra services in Romania

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 69 guests