Results 1 to 3 of 3

Thread: Trend Micro RBL doesn't work

  1. #1
    crowley's Avatar
    crowley is offline Junior Member
    Join Date
    Jul 2007
    Posts
    9
    Rep Power
    8

    Unhappy Trend Micro RBL doesn't work

    Hi. I have a ZCS 3.1.4 Open source edition running in a CentOS 4.5 box and aside it has only 1GB en RAM, i'm very happy with the product.

    Recently I tried to improve the antispam system with a commercial RBL, it's called 'Mail Transfer Agent for Email Reputation Services (ERS)' (Solution Details)., formerly known as MAIL-ABUSE.

    You must register in order to receive an activation code and then configure your MTA, using the instructions in this page: Email Reputation Services Standard - Trend Micro USA

    In this case, we use Postfix, this is a extract of the instructions:

    1. Find if we use 'hash' in the environment with 'postconf -m'.

    [zimbra@server ~]# postconf -m
    ...
    hash
    ...
    2. Edit main.cf and add the RBL and rbl_reply_maps entries, with the structure '[ACTIVATION_CODE].r.mail-abuse.com' in 'smtpd_recipient_restrictions', like this:

    rbl_reply_maps = hash:/$config_directory/rbl_reply
    smtpd_recipient_restrictions = permit_mynetworks,
    reject_rbl_client [ACTIVATION_CODE].r.mail-abuse.com,
    reject_unauth_destination
    3. Create the rbl_reply map and "postmap" it

    4. Reload postfix with 'postfix reload'.

    Since almost everything is controlled within Zimbra, I only added the RBL with zmprov along other restrictions, like this:

    [zimbra@server ~]# zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction 'reject_rbl_client zen.spamhaus.org' zimbraMtaRestriction 'reject_rbl_client [ACTIVATION_CODE].r.mail-abuse.com' zimbraMtaRestriction 'reject_rbl_client bl.spamcop.net' zimbraMtaRestriction 'reject_rbl_client cbl.abuseat.org'

    [zimbra@server ~]# zmprov gcf zimbraMtaRestriction
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client [ACTIVATION_CODE].r.mail-abuse.com
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    The others RBL are working fine, in /var/log/zimbra.log I found messages rejected by spamcop and abuseat but mail-abuse don't show any activity.

    I sent this case to Trend Micro but since Zimbra rewrites the Postfix configuration, they couldn't give me recommendations about the issue. They asked me to verify if my server can find their servers and it worked.

    [zimbra@server ~]# nslookup
    > [ACTIVATION_CODE].r.mail-abuse.com
    Server: 10.10.10.215
    Address: 10.10.10.215#53

    Non-authoritative answer:
    Name: [ACTIVATION_CODE].r.mail-abuse.com
    Address: 127.1.0.15
    > mail-abuse.com
    Server: 10.10.10.215
    Address: 10.10.10.215#53

    Non-authoritative answer:
    Name: mail-abuse.com
    Address: 216.129.100.3
    Name: mail-abuse.com
    Address: 168.61.5.26
    So i'm stuck and my boss wants to use this RBL because he found it very powerful in MS Exchange, but I don't know what else to do.

    Please, help me. Best regards.
    Last edited by Klug; 07-24-2007 at 11:00 PM. Reason: Removing the activation code...

  2. #2
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,320
    Rep Power
    13

    Default

    Hello & welcome to the forum.

    As main.cf is rewritten by Zimbra each 30 minutes, you should not do any changes to it (see here : Zimbra MTA - ZimbraWiki).
    Instead, you should add your changes to /opt/zimbra/conf/zmmta.cf

    Anyway, there's no need to change any of these files as the RBL parameter are kept in the LDAP (as you used the zmprov command to add them to the MTA configuration) : using zmprov like you did is the "Zimbra way" to add the line in the main.cf file (as documented by TrendMicro).

    Oh, and you should upgrade.
    Really.

  3. #3
    crowley's Avatar
    crowley is offline Junior Member
    Join Date
    Jul 2007
    Posts
    9
    Rep Power
    8

    Default I agree, but...

    Hi Klug and thank you for your support. I agree with you, the command zmprov must be enough to feed the RBL but it isn't. I'm wondering if it's not related with the parameter 'rbl_reply_maps', since it's empty.

    postconf |grep rbl
    default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
    maps_rbl_domains =
    maps_rbl_reject_code = 554
    rbl_reply_maps =
    Any idea?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 42
    Last Post: 08-11-2006, 09:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •