Spam:- RBL's Not working
-
- Posts: 3
- Joined: Mon Nov 27, 2017 9:28 pm
Spam:- RBL's Not working
Hi,
I'm after a bit of help please? I'm running Ubuntu 16.04 and Zimbra 8.7.11_GA_1854.FOSS
My RBL settings are not working at all. I get no evidence in Zimbra.log that mail is being checked at all and I am being spammed to death.
I'm a newbie to zimbra so would welcome any wisdom you experts can offer me.
Port 53 is open.
zimbra@exordium:/root$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: check_reverse_client_hostname_access pcre:/opt/zimbra/conf/fqrdns.pcre
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_unknown_helo_hostname
zimbraMtaRestriction: reject_unknown_reverse_client_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.emailbasura.org
zimbraMtaRestriction: reject_rbl_client bl.spamcannibal.org
zimbraMtaRestriction: reject_rbl_client blackholes.five-ten-sg.com
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbra@exordium:/root$ postconf | grep smtpd_recipient_restrictions
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_unknown_reverse_client_hostname, permit
Any help would be greatly received
I'm after a bit of help please? I'm running Ubuntu 16.04 and Zimbra 8.7.11_GA_1854.FOSS
My RBL settings are not working at all. I get no evidence in Zimbra.log that mail is being checked at all and I am being spammed to death.
I'm a newbie to zimbra so would welcome any wisdom you experts can offer me.
Port 53 is open.
zimbra@exordium:/root$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: check_reverse_client_hostname_access pcre:/opt/zimbra/conf/fqrdns.pcre
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_unknown_helo_hostname
zimbraMtaRestriction: reject_unknown_reverse_client_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.emailbasura.org
zimbraMtaRestriction: reject_rbl_client bl.spamcannibal.org
zimbraMtaRestriction: reject_rbl_client blackholes.five-ten-sg.com
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbra@exordium:/root$ postconf | grep smtpd_recipient_restrictions
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_unknown_reverse_client_hostname, permit
Any help would be greatly received
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: Spam:- RBL's Not working
Hello,
Please check the next wiki articles:
Thank you!
Please check the next wiki articles:
- https://wiki.zimbra.com/wiki/Clamav_unofficial_sigs
- https://wiki.zimbra.com/wiki/Rejecting_ ... _addresses
- https://wiki.zimbra.com/wiki/Enforcing_ ... ername_8.5
- https://wiki.zimbra.com/wiki/Zimbra_Col ... Postscreen
Thank you!
-
- Posts: 3
- Joined: Mon Nov 27, 2017 9:28 pm
Re: Spam:- RBL's Not working
Thank you for that,
I have implemented most of that already over the last month.
I'm seeing zero entries in my zimbra.log for any mail being checked against the RBL's that I have setup? Am I the only person seeing this?
I have implemented most of that already over the last month.
I'm seeing zero entries in my zimbra.log for any mail being checked against the RBL's that I have setup? Am I the only person seeing this?
Re: Spam:- RBL's Not working
I would guess so.Uncle_Limpy wrote:I'm seeing zero entries in my zimbra.log for any mail being checked against the RBL's that I have setup? Am I the only person seeing this?
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: Spam:- RBL's Not working
Hello,
What are you seeing on the mailbox.log, etc? Almost all of them, which of them to be precise, etc?
Without specific log entries it's difficult to know more.
What are you seeing on the mailbox.log, etc? Almost all of them, which of them to be precise, etc?
Without specific log entries it's difficult to know more.
-
- Posts: 3
- Joined: Mon Nov 27, 2017 9:28 pm
Re: Spam:- RBL's Not working
Thank you Jorge,
I've poured through the Mailbox.log this evening and there is no reference there to my RBL's being used either.
I'd copy and paste it hear but obviously its massive.
What should I be looking for in the log? Can you give me some examples so I can compare please?
Ian
I've poured through the Mailbox.log this evening and there is no reference there to my RBL's being used either.
I'd copy and paste it hear but obviously its massive.
What should I be looking for in the log? Can you give me some examples so I can compare please?
Ian
-
- Posts: 7
- Joined: Sat Sep 13, 2014 2:37 am
Re: Spam:- RBL's Not working
I have enabled RBL as well and am not seeing any entries in the log. I also verified spam messages in the inbox that are blocked on the RBL servers that I have included. What can I do to find out why the RBL is inactive? Here is some info from server
zimbraMtaRestriction: check_reverse_client_hostname_access pcre:/opt/zimbra/conf/fqrdns.pcre
zimbraMtaRestriction: reject_non_fqdn_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client spam.dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client spam.spamrats.com
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender multi.uribl.com
I can verify that "rejected: cannot find your reverse hostname" is present in the logs; however, rejected by rbl is not present and evidence that RBL is not working has been confirmed by manually looking up IP addresses on the servers listed above for messages that have already reached inbox but should really have been blocked with NOQUEUE.
Please help us investigate this issue.
Thanks,
Sarkis
zimbraMtaRestriction: check_reverse_client_hostname_access pcre:/opt/zimbra/conf/fqrdns.pcre
zimbraMtaRestriction: reject_non_fqdn_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client spam.dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client spam.spamrats.com
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender multi.uribl.com
I can verify that "rejected: cannot find your reverse hostname" is present in the logs; however, rejected by rbl is not present and evidence that RBL is not working has been confirmed by manually looking up IP addresses on the servers listed above for messages that have already reached inbox but should really have been blocked with NOQUEUE.
Please help us investigate this issue.
Thanks,
Sarkis
- zimico
- Outstanding Member
- Posts: 225
- Joined: Mon Nov 14, 2016 8:03 am
- Location: Vietnam
- ZCS/ZD Version: 8.8.15 P3
- Contact:
Re: Spam:- RBL's Not working
Hi,
To use barracuda rbl you should register to barracuda at https://barracudacentral.org/account/register
Spamassassin suggests to use non-forwarding caching DNS servers. Hence you should set up your own DNS server, for example BIND and disable forwarding for DNSBL queries (https://wiki.apache.org/spamassassin/Ca ... forwarding)
After doing those things, please show us message header and relative log of a incoming message (spam).
Regards,
Minh.
To use barracuda rbl you should register to barracuda at https://barracudacentral.org/account/register
Spamassassin suggests to use non-forwarding caching DNS servers. Hence you should set up your own DNS server, for example BIND and disable forwarding for DNSBL queries (https://wiki.apache.org/spamassassin/Ca ... forwarding)
After doing those things, please show us message header and relative log of a incoming message (spam).
Regards,
Minh.
-
- Posts: 7
- Joined: Sat Sep 13, 2014 2:37 am
Re: Spam:- RBL's Not working
Thanks for your reply. I have registered in barracuda and added the server IP there. That is not the issue. I think it has to do with the postfix config not being updated properly. Because postconf output did not include the rbl. Usually, I think that once the rbls are added via zmprov mcf command, they would automatically propagate to the postfix config. But in my case that process is not happening. I just manually entered it via postconf like this:
postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client spam.spamrats.com, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_client multi.surbl.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender multi.surbl.org, reject_rhsbl_sender rhsbl.sorbs.net, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_sender multi.uribl.com, permit"
And now I am able to confirm that postfix config contains all the RBL's. I will check the log to see if this helped and will report back with the results.
Thanks,
Sarkis
postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client spam.spamrats.com, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_client multi.surbl.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender multi.surbl.org, reject_rhsbl_sender rhsbl.sorbs.net, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_sender multi.uribl.com, permit"
And now I am able to confirm that postfix config contains all the RBL's. I will check the log to see if this helped and will report back with the results.
Thanks,
Sarkis
-
- Posts: 7
- Joined: Sat Sep 13, 2014 2:37 am
Re: Spam:- RBL's Not working
Just looked up the doc that you provided for caching. That makes total sense as I was able to confirm that my server IP was being refused for too many requests:
dig test.uribl.com.multi.uribl.com txt +short
"127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: xx.xxx.xx.x]
So maybe I need to get that cache setup so that I can avoid being rate-limited by the RBLs.
Thanks,
Sarkis
dig test.uribl.com.multi.uribl.com txt +short
"127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: xx.xxx.xx.x]
So maybe I need to get that cache setup so that I can avoid being rate-limited by the RBLs.
Thanks,
Sarkis