Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: [SOLVED] Question on RBL

  1. #1
    jet
    jet is offline Junior Member
    Join Date
    Dec 2008
    Posts
    9
    Rep Power
    6

    Default [SOLVED] Question on RBL

    i'd like to know if it is still necessary to manually add rbl entries in globalsettings->mta of the admin console if i want zimbra to check incoming mails for blacklisted sender ip? i recall reading a post on this forum, saying that zimbra's spamassassin is already performing lookups on some predefined rbl list. i would appreciate if anyone could confirm this.

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Welcome to the forums

    Yes SA will perform RBL lookups by default, if you add RBLs through the Admin then they will be used by Postfix and block at the MTA level without performing any SA checks.

  3. #3
    Jbrabander's Avatar
    Jbrabander is offline Elite Member
    Join Date
    May 2008
    Location
    Park City, KS
    Posts
    342
    Rep Power
    6

    Default

    Just out of curiosity, is there any place to see if the RBL blocks are actually blocking anything?

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    If you are using them in the MTA then check /var/log/zimbra.log and you should see the rejection message. If you are using them from within SA you will need to increase the logging on amavisd. To do this change the log level too 2 in /opt/zimbra/conf/amavisd.conf.in and then restart ZCS. The additional information will then also appear in /var/log/zimbra.log.

  5. #5
    Jbrabander's Avatar
    Jbrabander is offline Elite Member
    Join Date
    May 2008
    Location
    Park City, KS
    Posts
    342
    Rep Power
    6

    Default

    Ah, sounds good. We did add zen.spamhaus.org to the RBL list under DNS Check in the global settings. I'll have to browse the zimbra.log sometime to see if it's catching anything.

    If I understand you right, if I add an RBL (like spamhaus) to the list, Zimbra uses that and not the spamassassin checks. Would that maybe be why my server statistics graphs for AV/AS activity show nothing for activity?

  6. #6
    mtorres is offline Trained Alumni
    Join Date
    May 2008
    Location
    Sierra Vista, Az
    Posts
    74
    Rep Power
    6

    Default

    Check out Configuring and Monitoring Postfix DNSBL - Zimbra :: Wiki

    I use it and it emails me everyday with the number of blocked emails using spamhaus RBL. But after a while, I kind of stopped paying attention to it . But it is interesting at the beginning to see how much stuff it blocks.

  7. #7
    jet
    jet is offline Junior Member
    Join Date
    Dec 2008
    Posts
    9
    Rep Power
    6

    Default

    hi uxbod, if i block mails at the mta level, i get the benefit of conserving on bandwidth because the actual junk mail does not get transmitted. do i get the same benefit if i do it on the level of SA? if so, then blocking at the mta level is totally unnecessary unless you want to include other rbl's not checked by SA or for some reason you want your zimbra installed without the sa/anti-spam feature but still wants to perform rbl lookups.

  8. #8
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,366
    Rep Power
    10

    Default

    Quote Originally Posted by Jbrabander View Post
    If I understand you right, if I add an RBL (like spamhaus) to the list, Zimbra uses that and not the spamassassin checks. Would that maybe be why my server statistics graphs for AV/AS activity show nothing for activity?
    Not exactly...

    If you list an RBL in the Zimbra Postfix and a sending server is on the RBL, Postfix will drop the connection.

    Whether you do that or not, SpamAssassin will check a number of RBLs, and a positive response from one or more RBLs will add to the email's spam score. If the score is high enough, the email will be blocked or marked as spam.

    Spamassassin has no clue as to whether you are doing RBL lookups in Postfix or not.

    And even if you are doing RBL lookups in Postfix, it's still a good idea to keep those same RBL lookups in SpamAssassin IMHO.

    Another trick is not to use the Postfix RBL lookups at all, but instead do the RBL lookups on a dedicated Postfix box or firewall in front of your Zimbra box. Since a conservative RBL like Spamhaus's Zen list will catch 85% or more of all spam, doing hard RBL blocking before the entire email stream hits your Zimbra server will reduce the load on your Zimbra server by 85% or more.

    You are right that if you do the hard RBL blocking in Postfix your statistics will show a pretty clean email stream overall, because the statistics collect only what Amavis does (SpamAssassin and ClamAV), and not what Postfix blocked outright before passing the email stream off to Amavis.

    Hope that helps,
    Mark

  9. #9
    jet
    jet is offline Junior Member
    Join Date
    Dec 2008
    Posts
    9
    Rep Power
    6

    Default

    everything is clear to me now. thanks for everyone's help.

  10. #10
    GCamp is offline Active Member
    Join Date
    Jul 2008
    Location
    New Paris, IN
    Posts
    44
    Rep Power
    6

    Default

    I have added zen.spamhaus.org to the GlobalSettings MTA tab in the Administrator GUI. I have made the necessary checks as outlined in Configuring and Monitoring Postfix DNSBL - Zimbra :: Wiki but I have yet to see any evidence in the Zimbra.log that zen.spamhaus.org is even being used. What could I be doing wrong?
    Last edited by GCamp; 05-02-2009 at 05:51 PM.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Accented characters shown as question marks
    By fcolpron in forum Administrators
    Replies: 5
    Last Post: 08-07-2008, 12:39 PM
  2. rbl config question
    By scottnelson in forum Administrators
    Replies: 4
    Last Post: 02-27-2008, 04:18 PM
  3. server configuration question
    By burnmage in forum Installation
    Replies: 0
    Last Post: 11-08-2007, 04:27 PM
  4. Trend Micro RBL doesn't work
    By crowley in forum Administrators
    Replies: 2
    Last Post: 07-25-2007, 06:41 AM
  5. Multiple Domains Question
    By kristiaan_d in forum Administrators
    Replies: 2
    Last Post: 03-14-2007, 04:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •