Which DNSBL lists are you using?
-
- Outstanding Member
- Posts: 251
- Joined: Sat Sep 13, 2014 2:26 am
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU14.64-Patch 24
Which DNSBL lists are you using?
I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.
I would suspect that it is due the fact that we are exceeding their low volume limits for free use.
I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.
What other DNSBL lists are you using and are they free?
Thanks in advance,
David
Zimbra 8.6 community edition
I would suspect that it is due the fact that we are exceeding their low volume limits for free use.
I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.
What other DNSBL lists are you using and are they free?
Thanks in advance,
David
Zimbra 8.6 community edition
Re: Which DNSBL lists are you using?
Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.
I would suspect that it is due the fact that we are exceeding their low volume limits for free use.
I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.
What other DNSBL lists are you using and are they free?
Thanks in advance,
David
Zimbra 8.6 community edition
With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Col ... Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.
Our hard blocks are:
Code: Select all
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
Code: Select all
zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2
Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Re: Which DNSBL lists are you using?
quanah wrote:Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.
I would suspect that it is due the fact that we are exceeding their low volume limits for free use.
I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.
What other DNSBL lists are you using and are they free?
Thanks in advance,
David
Zimbra 8.6 community edition
With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Col ... Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.
Our hard blocks are:Our postscreen scoring is:Code: Select all
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org zimbraMtaRestriction: reject_rbl_client bl.spamcop.net zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
Although that's always subject to tweaks.Code: Select all
zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7 zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7 zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8 zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6 zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4 zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3 zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2 zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3 zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4 zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5 zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5 zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4 zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1 zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1 zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4 zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4 zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1 zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3 zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4 zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2 zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2
Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.
quanah,
Thank you for this input always been curious about postscreen beyond static blocks - just now testing a fine tune of it.
Do you find native Zimbra sec measures as or near as effective as having added platforms like a Barracuda Spam Firewall - on edge?
-
- Posts: 3
- Joined: Mon Oct 09, 2017 9:51 pm
Re: Which DNSBL lists are you using?
Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?
-
- Outstanding Member
- Posts: 251
- Joined: Sat Sep 13, 2014 2:26 am
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU14.64-Patch 24
Re: Which DNSBL lists are you using?
Try this:carlosbetiol wrote:Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?
To display all Postscreen configurations
Code: Select all
zmprov gacf | grep zimbraMtaPostscreen*
Code: Select all
zmprov gacf | grep zimbraMtaPostscreenDnsblSites
-
- Posts: 3
- Joined: Mon Oct 09, 2017 9:51 pm
Re: Which DNSBL lists are you using?
Great! Thank you dalvik.
I have a SPAM problem. I installed now another server with ZCS 8.7 and I used the quanah sugestions to postscreen and MTA restrictions, but a lot of email messages SPAM obvious are received on INBOX instead SPAM folder. I have a server with ZCS 8.6 using DSPAM and all ok.
Have you any SPAM configuration sugestion to minimize my problema ?
thank you.
I have a SPAM problem. I installed now another server with ZCS 8.7 and I used the quanah sugestions to postscreen and MTA restrictions, but a lot of email messages SPAM obvious are received on INBOX instead SPAM folder. I have a server with ZCS 8.6 using DSPAM and all ok.
Have you any SPAM configuration sugestion to minimize my problema ?
thank you.
Re: Which DNSBL lists are you using?
Why don#t you take a look at Rspamd on both of your servers (after suitable testing, of course), see the thread mentioned in my sig.
- stefaniu.criste
- Posts: 41
- Joined: Wed Feb 12, 2014 5:40 am
- Location: Romania
- ZCS/ZD Version: 8.8.8_GA_1728 20180614052922 201806
- Contact:
Re: Which DNSBL lists are you using?
Besides the above mentioned solutions, we are also using the Romanian service abuse.ro, for the in-country spam.
Stefaniu Criste - managing partner
Hangar Hosting - a safe place for your business
proudly delivering Zimbra services in Romania
Hangar Hosting - a safe place for your business
proudly delivering Zimbra services in Romania