Page 1 of 1

Which DNSBL lists are you using?

Posted: Thu Jun 30, 2016 4:06 am
by davidkillingsworth
I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition

Re: Which DNSBL lists are you using?

Posted: Fri Jul 01, 2016 6:50 pm
by quanah
davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition


Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.

With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.

Our hard blocks are:

Code: Select all

zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org


Our postscreen scoring is:

Code: Select all

zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2


Although that's always subject to tweaks.

Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.

Re: Which DNSBL lists are you using?

Posted: Tue Mar 14, 2017 4:43 pm
by arkitoure
quanah wrote:
davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition


Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.

With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.

Our hard blocks are:

Code: Select all

zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org


Our postscreen scoring is:

Code: Select all

zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2


Although that's always subject to tweaks.

Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.




quanah,

Thank you for this input always been curious about postscreen beyond static blocks - just now testing a fine tune of it.
Do you find native Zimbra sec measures as or near as effective as having added platforms like a Barracuda Spam Firewall - on edge?

Re: Which DNSBL lists are you using?

Posted: Mon Oct 09, 2017 9:54 pm
by carlosbetiol
Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?

Re: Which DNSBL lists are you using?

Posted: Tue Oct 10, 2017 9:19 am
by davidkillingsworth
carlosbetiol wrote:Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?


Try this:
To display all Postscreen configurations

Code: Select all

zmprov gacf | grep zimbraMtaPostscreen*

or just this for DnsblSites

Code: Select all

zmprov gacf | grep zimbraMtaPostscreenDnsblSites

Re: Which DNSBL lists are you using?

Posted: Wed Oct 11, 2017 2:03 pm
by carlosbetiol
Great! Thank you dalvik.

I have a SPAM problem. I installed now another server with ZCS 8.7 and I used the quanah sugestions to postscreen and MTA restrictions, but a lot of email messages SPAM obvious are received on INBOX instead SPAM folder. I have a server with ZCS 8.6 using DSPAM and all ok.

Have you any SPAM configuration sugestion to minimize my problema ?

thank you.

Re: Which DNSBL lists are you using?

Posted: Wed Oct 11, 2017 5:44 pm
by phoenix
Why don#t you take a look at Rspamd on both of your servers (after suitable testing, of course), see the thread mentioned in my sig.

Re: Which DNSBL lists are you using?

Posted: Thu Oct 12, 2017 12:13 pm
by stefaniu.criste
Besides the above mentioned solutions, we are also using the Romanian service abuse.ro, for the in-country spam.