Allowing some mail to pass through dnsbl checks

[mutuku]

Hello,

I have setup a zimbra server and setup dnsbl for spam checks. A few external senders are having issues sending mail to my mail server since the are listed on dnsbl lists.

Is there a way to configure my server to allow specified external senders without disabling dnsbl checks

Thanks

[ewilen]

Nope.

You could start by analyzing why those senders are on dnsbl lists. From there you can decide which option to take:

1. Stop using that list, if you think it isn't managed responsibly.
2. Get the sender to pester their mail service provider to fix whatever caused them to end up on the list.
3. Remove the list from mta-level dnsrbl check and create a custom spamassassin rule instead.

Here's an example of what I appended to /opt/zimbra/conf/salocal.cf.in.

Code:

# Single-zone BLs for UCEPROTECT
header		RCVD_IN_UCEPROTECT_2	eval:check_rbl('UCEPROTECT-1', 'dnsbl-1.uceprotect.net.')
describe	RCVD_IN_UCEPROTECT_2	Received via a relay in dnsbl-1.uceprotect.net
tflags		RCVD_IN_UCEPROTECT_2	net
score		RCVD_IN_UCEPROTECT_2	6.5

header		RCVD_IN_UCEPROTECT_2	eval:check_rbl('UCEPROTECT-2', 'dnsbl-2.uceprotect.net.')
describe	RCVD_IN_UCEPROTECT_2	Received via a relay in dnsbl-2.uceprotect.net
tflags		RCVD_IN_UCEPROTECT_2	net
score		RCVD_IN_UCEPROTECT_2	1.1

header		RCVD_IN_UCEPROTECT_3	eval:check_rbl('UCEPROTECT-3', 'dnsbl-3.uceprotect.net.')
describe	RCVD_IN_UCEPROTECT_3	Received via a relay in dnsbl-3.uceprotect.net
tflags		RCVD_IN_UCEPROTECT_3	net
score		RCVD_IN_UCEPROTECT_3	0.5

# Multi-zone BL for hostkarma, see http://wiki.ctyme.com/index.php/Spam_DNS_Lists#Spam_Assassin_Examples
# also http://www.zimbra.com/forums/administrators/30801-spamassassin-additional-rules-botnet-plugin.html
# I use Uxbod's scoring.
header __RCVD_IN_JMF eval:check_rbl('JMF-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_JMF Sender listed in JunkEmailFilter
tflags __RCVD_IN_JMF net
 
header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF-lastexternal', '127.0.0.2')
describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK
tflags RCVD_IN_JMF_BL net
score RCVD_IN_JMF_BL 1.5
 
header RCVD_IN_JMF_BR eval:check_rbl_sub('JMF-lastexternal', '127.0.0.4')
describe RCVD_IN_JMF_BR Sender listed in JMF-BROWN
tflags RCVD_IN_JMF_BR net
score RCVD_IN_JMF_BR 0.5

# Single-zone BL for NiX Spam DNSBL
header		RCVD_IN_NIXSPAM	eval:check_rbl('NIXSPAM', 'ix.dnsbl.manitu.net')
describe	RCVD_IN_NIXSPAM	Received via a relay in ix.dnsbl.manitu.net
tflags		RCVD_IN_NIXSPAM	net
score		RCVD_IN_NIXSPAM	6.5

You can find more documentation on this forum, in the wiki, and in the spamassassin docs. After modifying salocal.cf.in, you need to restart some or all of the system. With 5.x, zmamavisdctl stop && zmamavisdctl start is probably sufficient. But with 6.x, you may need to restart the whole server; at least that was my recent experience. To confirm that the changes have been applied, look in salocal.cf. (You shouldn't modify salocal.cf directly because it gets rewritten by zimbra.)

If you have 6.x you can have user-level whitelists for the SA checks. Before 6.x, you need to modify /opt/zimbra/conf/amavisd.conf.in. There should be a section beginning with # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING

See Improving Anti-spam system - Zimbra :: Wiki

What I did, as root, to blacklist a particular email address. (Whitelisting is similar.)

cd /opt/zimbra/conf
cp amavisd.conf.in amavisd.conf.in.bak
vi amavisd.conf.in

Now in the section following the line # soft-blacklisting (positive score) I added this:

'<unwanted sender's address>' => 15.0,

Then, as zimbra, I did zmamavisdctl stop && zmamavisdctl start . Note, the && means "do the second command if the first command exits successfully". See Combining UNIX Commands using && and ||.

Finally, I looked in amavisd.conf and confirmed that the change had gone into it.