Trend Micro RBL doesn't work

[crowley]

Hi. I have a ZCS 3.1.4 Open source edition running in a CentOS 4.5 box and aside it has only 1GB en RAM, i'm very happy with the product.

Recently I tried to improve the antispam system with a commercial RBL, it's called 'Mail Transfer Agent for Email Reputation Services (ERS)' (Solution Details)., formerly known as MAIL-ABUSE.

You must register in order to receive an activation code and then configure your MTA, using the instructions in this page: Email Reputation Services Standard - Trend Micro USA

In this case, we use Postfix, this is a extract of the instructions:

1. Find if we use 'hash' in the environment with 'postconf -m'.

Quote:

[zimbra@server ~]# postconf -m
...
hash
...

2. Edit main.cf and add the RBL and rbl_reply_maps entries, with the structure '[ACTIVATION_CODE].r.mail-abuse.com' in 'smtpd_recipient_restrictions', like this:

Quote:

rbl_reply_maps = hash:/$config_directory/rbl_reply
smtpd_recipient_restrictions = permit_mynetworks,
reject_rbl_client [ACTIVATION_CODE].r.mail-abuse.com,
reject_unauth_destination

3. Create the rbl_reply map and "postmap" it

4. Reload postfix with 'postfix reload'.

Since almost everything is controlled within Zimbra, I only added the RBL with zmprov along other restrictions, like this:

Quote:

[zimbra@server ~]# zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction 'reject_rbl_client zen.spamhaus.org' zimbraMtaRestriction 'reject_rbl_client [ACTIVATION_CODE].r.mail-abuse.com' zimbraMtaRestriction 'reject_rbl_client bl.spamcop.net' zimbraMtaRestriction 'reject_rbl_client cbl.abuseat.org'

[zimbra@server ~]# zmprov gcf zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client [ACTIVATION_CODE].r.mail-abuse.com
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org

The others RBL are working fine, in /var/log/zimbra.log I found messages rejected by spamcop and abuseat but mail-abuse don't show any activity.

I sent this case to Trend Micro but since Zimbra rewrites the Postfix configuration, they couldn't give me recommendations about the issue. They asked me to verify if my server can find their servers and it worked.

Quote:

[zimbra@server ~]# nslookup
> [ACTIVATION_CODE].r.mail-abuse.com
Server: 10.10.10.215
Address: 10.10.10.215#53

Non-authoritative answer:
Name: [ACTIVATION_CODE].r.mail-abuse.com
Address: 127.1.0.15
> mail-abuse.com
Server: 10.10.10.215
Address: 10.10.10.215#53

Non-authoritative answer:
Name: mail-abuse.com
Address: 216.129.100.3
Name: mail-abuse.com
Address: 168.61.5.26

So i'm stuck and my boss wants to use this RBL because he found it very powerful in MS Exchange, but I don't know what else to do.

Please, help me. Best regards.

[Klug]

Hello & welcome to the forum.

As main.cf is rewritten by Zimbra each 30 minutes, you should not do any changes to it (see here : Zimbra MTA - ZimbraWiki).
Instead, you should add your changes to /opt/zimbra/conf/zmmta.cf

Anyway, there's no need to change any of these files as the RBL parameter are kept in the LDAP (as you used the zmprov command to add them to the MTA configuration) : using zmprov like you did is the "Zimbra way" to add the line in the main.cf file (as documented by TrendMicro).

Oh, and you should upgrade.
Really.

[crowley]

Hi Klug and thank you for your support. I agree with you, the command zmprov must be enough to feed the RBL but it isn't. I'm wondering if it's not related with the parameter 'rbl_reply_maps', since it's empty.

Quote:

postconf |grep rbl
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
maps_rbl_domains =
maps_rbl_reject_code = 554
rbl_reply_maps =

Any idea?