Spam:- RBL's Not working

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Uncle_Limpy
Posts: 3
Joined: Mon Nov 27, 2017 9:28 pm

Spam:- RBL's Not working

Post by Uncle_Limpy »

Hi,

I'm after a bit of help please? I'm running Ubuntu 16.04 and Zimbra 8.7.11_GA_1854.FOSS

My RBL settings are not working at all. I get no evidence in Zimbra.log that mail is being checked at all and I am being spammed to death.

I'm a newbie to zimbra so would welcome any wisdom you experts can offer me.

Port 53 is open.

zimbra@exordium:/root$ zmprov gacf | grep zimbraMtaRestriction

zimbraMtaRestriction: check_reverse_client_hostname_access pcre:/opt/zimbra/conf/fqrdns.pcre
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_unknown_helo_hostname
zimbraMtaRestriction: reject_unknown_reverse_client_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.emailbasura.org
zimbraMtaRestriction: reject_rbl_client bl.spamcannibal.org
zimbraMtaRestriction: reject_rbl_client blackholes.five-ten-sg.com
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org

zimbra@exordium:/root$ postconf | grep smtpd_recipient_restrictions

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_unknown_reverse_client_hostname, permit

Any help would be greatly received
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Re: Spam:- RBL's Not working

Post by jorgedlcruz »

Hello,
Please check the next wiki articles: I think following all that articles your protection will increase, let us know after following all of them.

Thank you!
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
Uncle_Limpy
Posts: 3
Joined: Mon Nov 27, 2017 9:28 pm

Re: Spam:- RBL's Not working

Post by Uncle_Limpy »

Thank you for that,

I have implemented most of that already over the last month.
I'm seeing zero entries in my zimbra.log for any mail being checked against the RBL's that I have setup? Am I the only person seeing this? :?:
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Spam:- RBL's Not working

Post by phoenix »

Uncle_Limpy wrote:I'm seeing zero entries in my zimbra.log for any mail being checked against the RBL's that I have setup? Am I the only person seeing this? :?:
I would guess so.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Re: Spam:- RBL's Not working

Post by jorgedlcruz »

Hello,
What are you seeing on the mailbox.log, etc? Almost all of them, which of them to be precise, etc?

Without specific log entries it's difficult to know more.
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
Uncle_Limpy
Posts: 3
Joined: Mon Nov 27, 2017 9:28 pm

Re: Spam:- RBL's Not working

Post by Uncle_Limpy »

Thank you Jorge,

I've poured through the Mailbox.log this evening and there is no reference there to my RBL's being used either.
I'd copy and paste it hear but obviously its massive.

What should I be looking for in the log? Can you give me some examples so I can compare please?

Ian
digitalray
Posts: 7
Joined: Sat Sep 13, 2014 2:37 am

Re: Spam:- RBL's Not working

Post by digitalray »

I have enabled RBL as well and am not seeing any entries in the log. I also verified spam messages in the inbox that are blocked on the RBL servers that I have included. What can I do to find out why the RBL is inactive? Here is some info from server

zimbraMtaRestriction: check_reverse_client_hostname_access pcre:/opt/zimbra/conf/fqrdns.pcre
zimbraMtaRestriction: reject_non_fqdn_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client spam.dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client spam.spamrats.com
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_sender multi.uribl.com

I can verify that "rejected: cannot find your reverse hostname" is present in the logs; however, rejected by rbl is not present and evidence that RBL is not working has been confirmed by manually looking up IP addresses on the servers listed above for messages that have already reached inbox but should really have been blocked with NOQUEUE.

Please help us investigate this issue.

Thanks,
Sarkis
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: Spam:- RBL's Not working

Post by zimico »

Hi,
To use barracuda rbl you should register to barracuda at https://barracudacentral.org/account/register
Spamassassin suggests to use non-forwarding caching DNS servers. Hence you should set up your own DNS server, for example BIND and disable forwarding for DNSBL queries (https://wiki.apache.org/spamassassin/Ca ... forwarding)
After doing those things, please show us message header and relative log of a incoming message (spam).
Regards,
Minh.
digitalray
Posts: 7
Joined: Sat Sep 13, 2014 2:37 am

Re: Spam:- RBL's Not working

Post by digitalray »

Thanks for your reply. I have registered in barracuda and added the server IP there. That is not the issue. I think it has to do with the postfix config not being updated properly. Because postconf output did not include the rbl. Usually, I think that once the rbls are added via zmprov mcf command, they would automatically propagate to the postfix config. But in my case that process is not happening. I just manually entered it via postconf like this:

postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client spam.dnsbl.sorbs.net, reject_rbl_client spam.spamrats.com, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_client multi.surbl.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender multi.surbl.org, reject_rhsbl_sender rhsbl.sorbs.net, reject_rhsbl_sender dbl.spamhaus.org, reject_rhsbl_sender multi.uribl.com, permit"

And now I am able to confirm that postfix config contains all the RBL's. I will check the log to see if this helped and will report back with the results.

Thanks,
Sarkis
digitalray
Posts: 7
Joined: Sat Sep 13, 2014 2:37 am

Re: Spam:- RBL's Not working

Post by digitalray »

Just looked up the doc that you provided for caching. That makes total sense as I was able to confirm that my server IP was being refused for too many requests:

dig test.uribl.com.multi.uribl.com txt +short
"127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: xx.xxx.xx.x]

So maybe I need to get that cache setup so that I can avoid being rate-limited by the RBLs.

Thanks,
Sarkis
Post Reply