Results 1 to 2 of 2

Thread: Allowing some mail to pass through dnsbl checks

  1. #1
    mutuku is offline Active Member
    Join Date
    Jun 2009
    Posts
    49
    Rep Power
    6

    Default Allowing some mail to pass through dnsbl checks

    Hello,

    I have setup a zimbra server and setup dnsbl for spam checks. A few external senders are having issues sending mail to my mail server since the are listed on dnsbl lists.

    Is there a way to configure my server to allow specified external senders without disabling dnsbl checks

    Thanks

  2. #2
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Nope.

    You could start by analyzing why those senders are on dnsbl lists. From there you can decide which option to take:

    1. Stop using that list, if you think it isn't managed responsibly.
    2. Get the sender to pester their mail service provider to fix whatever caused them to end up on the list.
    3. Remove the list from mta-level dnsrbl check and create a custom spamassassin rule instead.

    Here's an example of what I appended to /opt/zimbra/conf/salocal.cf.in.
    Code:
    # Single-zone BLs for UCEPROTECT
    header		RCVD_IN_UCEPROTECT_2	eval:check_rbl('UCEPROTECT-1', 'dnsbl-1.uceprotect.net.')
    describe	RCVD_IN_UCEPROTECT_2	Received via a relay in dnsbl-1.uceprotect.net
    tflags		RCVD_IN_UCEPROTECT_2	net
    score		RCVD_IN_UCEPROTECT_2	6.5
    
    header		RCVD_IN_UCEPROTECT_2	eval:check_rbl('UCEPROTECT-2', 'dnsbl-2.uceprotect.net.')
    describe	RCVD_IN_UCEPROTECT_2	Received via a relay in dnsbl-2.uceprotect.net
    tflags		RCVD_IN_UCEPROTECT_2	net
    score		RCVD_IN_UCEPROTECT_2	1.1
    
    header		RCVD_IN_UCEPROTECT_3	eval:check_rbl('UCEPROTECT-3', 'dnsbl-3.uceprotect.net.')
    describe	RCVD_IN_UCEPROTECT_3	Received via a relay in dnsbl-3.uceprotect.net
    tflags		RCVD_IN_UCEPROTECT_3	net
    score		RCVD_IN_UCEPROTECT_3	0.5
    
    # Multi-zone BL for hostkarma, see http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples
    # also http://www.zimbra.com/forums/administrators/30801-spamassassin-additional-rules-botnet-plugin.html
    # I use Uxbod's scoring.
    header __RCVD_IN_JMF eval:check_rbl('JMF-lastexternal','hostkarma.junkemailfilter.com.')
    describe __RCVD_IN_JMF Sender listed in JunkEmailFilter
    tflags __RCVD_IN_JMF net
     
    header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF-lastexternal', '127.0.0.2')
    describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK
    tflags RCVD_IN_JMF_BL net
    score RCVD_IN_JMF_BL 1.5
     
    header RCVD_IN_JMF_BR eval:check_rbl_sub('JMF-lastexternal', '127.0.0.4')
    describe RCVD_IN_JMF_BR Sender listed in JMF-BROWN
    tflags RCVD_IN_JMF_BR net
    score RCVD_IN_JMF_BR 0.5
    
    # Single-zone BL for NiX Spam DNSBL
    header		RCVD_IN_NIXSPAM	eval:check_rbl('NIXSPAM', 'ix.dnsbl.manitu.net')
    describe	RCVD_IN_NIXSPAM	Received via a relay in ix.dnsbl.manitu.net
    tflags		RCVD_IN_NIXSPAM	net
    score		RCVD_IN_NIXSPAM	6.5
    You can find more documentation on this forum, in the wiki, and in the spamassassin docs. After modifying salocal.cf.in, you need to restart some or all of the system. With 5.x, zmamavisdctl stop && zmamavisdctl start is probably sufficient. But with 6.x, you may need to restart the whole server; at least that was my recent experience. To confirm that the changes have been applied, look in salocal.cf. (You shouldn't modify salocal.cf directly because it gets rewritten by zimbra.)

    If you have 6.x you can have user-level whitelists for the SA checks. Before 6.x, you need to modify /opt/zimbra/conf/amavisd.conf.in. There should be a section beginning with # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

    See Improving Anti-spam system - Zimbra :: Wiki

    What I did, as root, to blacklist a particular email address. (Whitelisting is similar.)

    cd /opt/zimbra/conf
    cp amavisd.conf.in amavisd.conf.in.bak
    vi amavisd.conf.in

    Now in the section following the line # soft-blacklisting (positive score) I added this:

    '<unwanted sender's address>' => 15.0,

    Then, as zimbra, I did zmamavisdctl stop && zmamavisdctl start . Note, the && means "do the second command if the first command exits successfully". See Combining UNIX Commands using && and ||.

    Finally, I looked in amavisd.conf and confirmed that the change had gone into it.
    Last edited by ewilen; 03-25-2010 at 11:38 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. Replies: 15
    Last Post: 11-19-2009, 12:16 AM
  3. Replies: 30
    Last Post: 01-13-2009, 08:00 AM
  4. server dropped connection
    By ferra in forum Installation
    Replies: 20
    Last Post: 10-06-2008, 04:32 PM
  5. fatal: Queue report unavailable - mail system is down
    By zzzzsg in forum Administrators
    Replies: 16
    Last Post: 08-24-2006, 02:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •