Which DNSBL lists are you using?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
davidkillingsworth
Outstanding Member
Outstanding Member
Posts: 251
Joined: Sat Sep 13, 2014 2:26 am
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU14.64-Patch 24

Which DNSBL lists are you using?

Post by davidkillingsworth »

I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition
Top
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1668
Joined: Fri Sep 12, 2014 10:33 pm
Contact:
Contact quanah

Re: Which DNSBL lists are you using?

Post by quanah »

davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition
Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.

With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Col ... Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.

Our hard blocks are:

Code: Select all

zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
Our postscreen scoring is:

Code: Select all

zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2
Although that's always subject to tweaks.

Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
Top
User avatar
arkitoure
Posts: 18
Joined: Fri Feb 10, 2017 9:16 am

Re: Which DNSBL lists are you using?

Post by arkitoure »

quanah wrote:
davidkillingsworth wrote:I am using b.barracudacentral.org and zen.spamhaus.org, but we are getting blocked from using zen.spamhaus.org periodically.

I would suspect that it is due the fact that we are exceeding their low volume limits for free use.

I am pretty sure that it is because we are using Google DNS for our 3rd and 4th resolvers because our ISPs resolvers can sometimes be a little flaky and we want to be 100% sure that DNS queries are being resolved.

What other DNSBL lists are you using and are they free?

Thanks in advance,
David
Zimbra 8.6 community edition
Are you not using the dnscache service? That's one of the reasons we provide it, so that DNS lookups are cached. And yes, you generally should avoid relying on DNS servers like Googles. We set up our own internal DNS servers tied to the mail environment exactly for this purpose as the default DNS server we have is used by pretty much all of AWS.

With 8.7, we primarily rely on postscreen https://wiki.zimbra.com/wiki/Zimbra_Col ... Postscreen for blocking, although so far I've kept a few "hard" blocks active in the MTA restrictions as well.

Our hard blocks are:

Code: Select all

zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_client rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
Our postscreen scoring is:

Code: Select all

zimbraMtaPostscreenDnsblSites: b.barracudacentral.org=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: dnsbl.inps.de=127.0.0.2*7
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[10;11]*8
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.[4..7]*6
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.3*4
zimbraMtaPostscreenDnsblSites: zen.spamhaus.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].0*-2
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].1*-3
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].2*-4
zimbraMtaPostscreenDnsblSites: list.dnswl.org=127.0.[0..255].3*-5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.2*5
zimbraMtaPostscreenDnsblSites: bl.mailspike.net=127.0.0.[10;11;12]*4
zimbraMtaPostscreenDnsblSites: wl.mailspike.net=127.0.0.[18;19;20]*-2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.10*8
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.5*6
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.7*3
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.8*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.6*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.9*2
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.14*9
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.4*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.3*1
zimbraMtaPostscreenDnsblSites: dnsbl.sorbs.net=127.0.0.15*1
zimbraMtaPostscreenDnsblSites: bl.spamcop.net=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: psbl.surriel.com=127.0.0.2*4
zimbraMtaPostscreenDnsblSites: ips.backscatterer.org=127.0.0.2*1
zimbraMtaPostscreenDnsblSites: bl.spamcannibal.org=127.0.0.2*3
zimbraMtaPostscreenDnsblSites: bl.spameatingmonkey.net=127.0.0.[2;3]*4
zimbraMtaPostscreenDnsblSites: dnswl.inps.de=127.0.[0;1].[2..10]*-2
zimbraMtaPostscreenDnsblSites: all.spamrats.com=127.0.0.38*2
Although that's always subject to tweaks.

Yesterday, we blocked 2,043 emails at the postscreen level and 719 at the smtpd level. So 2762 total blocked emails, 74% via postscreen. Our threshold for blocking in postscreen is a score of 8 points.



quanah,

Thank you for this input always been curious about postscreen beyond static blocks - just now testing a fine tune of it.
Do you find native Zimbra sec measures as or near as effective as having added platforms like a Barracuda Spam Firewall - on edge?
Top
carlosbetiol
Posts: 3
Joined: Mon Oct 09, 2017 9:51 pm

Re: Which DNSBL lists are you using?

Post by carlosbetiol »

Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?
Top
davidkillingsworth
Outstanding Member
Outstanding Member
Posts: 251
Joined: Sat Sep 13, 2014 2:26 am
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU14.64-Patch 24

Re: Which DNSBL lists are you using?

Post by davidkillingsworth »

carlosbetiol wrote:Hello, I'm trying to get the zimbraMtaPostscreenDnsblSites list from my server, can anybody help me ?
Try this:
To display all Postscreen configurations

Code: Select all

zmprov gacf | grep zimbraMtaPostscreen*
or just this for DnsblSites

Code: Select all

zmprov gacf | grep zimbraMtaPostscreenDnsblSites
Top
carlosbetiol
Posts: 3
Joined: Mon Oct 09, 2017 9:51 pm

Re: Which DNSBL lists are you using?

Post by carlosbetiol »

Great! Thank you dalvik.

I have a SPAM problem. I installed now another server with ZCS 8.7 and I used the quanah sugestions to postscreen and MTA restrictions, but a lot of email messages SPAM obvious are received on INBOX instead SPAM folder. I have a server with ZCS 8.6 using DSPAM and all ok.

Have you any SPAM configuration sugestion to minimize my problema ?

thank you.
Top
phoenix
Ambassador
Ambassador
Posts: 27278
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Which DNSBL lists are you using?

Post by phoenix »

Why don#t you take a look at Rspamd on both of your servers (after suitable testing, of course), see the thread mentioned in my sig.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
Top
User avatar
stefaniu.criste
Posts: 41
Joined: Wed Feb 12, 2014 5:40 am
Location: Romania
ZCS/ZD Version: 8.8.8_GA_1728 20180614052922 201806
Contact:
Contact stefaniu.criste

Re: Which DNSBL lists are you using?

Post by stefaniu.criste »

Besides the above mentioned solutions, we are also using the Romanian service abuse.ro, for the in-country spam.
Stefaniu Criste - managing partner
Hangar Hosting - a safe place for your business
proudly delivering Zimbra services in Romania
Top
Post Reply

Return to “Administrators”