Results 1 to 9 of 9

Thread: How to monitor amount of messages rejected by RBLs

  1. #1
    oliver2uk is offline Senior Member
    Join Date
    Nov 2007
    Posts
    53
    Rep Power
    7

    Default How to monitor amount of messages rejected by RBLs

    Hi,

    Please, can anybody help me and tell me what do I need to enable / where to look / how to log messages rejected by RBLs?

    By enabling log_level in amavis.conf.in and seting it to 2 there is much more information in zimbra.log file, but not any info about messages rejected with the setup RBLs I have.

    Dnsblcount and simillar scripts won't work. I would like to log this information if possible. And yes, here is my setup:

    Release 7.0.0_BETA1_2816.DEBIAN5_64 DEBIAN5_64 FOSS edition.

    Many thanks.

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,580
    Rep Power
    57

    Default

    Quote Originally Posted by oliver2uk View Post
    Please, can anybody help me and tell me what do I need to enable / where to look / how to log messages rejected by RBLs?
    You shouldn't need to do anything, the Daily Mail Report has information about RBL rejections. Are you saying that the report isn't produced or doesn't have the information, have you tried running it manually?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    oliver2uk is offline Senior Member
    Join Date
    Nov 2007
    Posts
    53
    Rep Power
    7

    Default

    Bill,

    If you mean:

    56749 rejected

    from the daily report, than I have got it. However I would like to dig more information about which RBL's rejected the messages. That is what I am trying to achieve.

    Can you tell me in which log is this information saved so I can parse it for example with:

    Configuring and Monitoring Postfix DNSBL - Zimbra :: Wiki

    Many thanks for your speedy help.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,580
    Rep Power
    57

    Default

    No, I mean this sort of information (which is normally produced by the Daily Report, at least it is on my server ):

    Code:
    blocked using zen.spamhaus.org (total: 45)
               3   41.216.208.234
               2   190.207.218.83
               1   2.38.198.252
               1   12.27.234.88
               1   41.218.1.99
               1   65.48.204.58
               1   81.213.51.176
               1   89.122.124.138
               1   89.218.220.206
               1   92.54.177.17
               1   93.180.102.3
               1   supernet.com.bo
               1   98.143.149.22
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    oliver2uk is offline Senior Member
    Join Date
    Nov 2007
    Posts
    53
    Rep Power
    7

    Default

    Hi,

    No, I don't get that information in my daily report. It would be great if I would be able to see it there.

    I have multiple RBL's configured in the Zimbra admin.

    Why is this information missing? Can you point me to the right direction please?

    Thank you

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,580
    Rep Power
    57

    Default

    The daily mail report is based on 'pflogsumm', search the internet for that word and you'll find the authors web site with documentation details.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    oliver2uk is offline Senior Member
    Join Date
    Nov 2007
    Posts
    53
    Rep Power
    7

    Default

    Bill,

    I am familiar with pflogsumm and actually downloaded it separately and tried it to see if it makes any difference.

    The problem is in the zimbra.log file. The RBL rejected information is not logged there so I don't get the information.

    Or my RBL's are not rejecting anything. One or the other.

    How do I check that the RBL's are working? ZM command shows them applied but that is as far as I could go.

    ----
    zimbra:/opt/zimbra/libexec# su - zimbra
    zimbra@zimbra:~$ zmprov gacf | grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_client
    zimbraMtaRestriction: reject_unknown_hostname
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
    zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client hostkarma.junkemailfilter.com
    zimbraMtaRestriction: reject_rbl_client relays.mail-abuse.org
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client dnsbl.dronebl.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client combined.rbl.msrbl.net
    zimbraMtaRestriction: reject_rbl_client combined.njabl.org
    zimbraMtaRestriction: reject_rbl_client dyna.spamrats.com
    zimbraMtaRestriction: reject_rbl_client noptr.spamrats.com
    zimbraMtaRestriction: reject_rbl_client spam.spamrats.com
    zimbraMtaRestriction: reject_rbl_client relays.ordb.org
    zimbraMtaRestriction: reject_rbl_client b.barracuracentral.org
    zimbra@zimbra:~$
    ----

    Thank you.
    Last edited by oliver2uk; 11-10-2010 at 08:58 AM.

  8. #8
    dwill's Avatar
    dwill is offline Special Member
    Join Date
    Aug 2006
    Posts
    122
    Rep Power
    9

    Default

    cat mail.log | grep 'blocked using'
    Work
    8.0.3 UBUNTU10_04 UBUNTU10_04 NETWORK

    Home
    8.0.3 UBUNTU10_04 UBUNTU10_04 FOSS

  9. #9
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,580
    Rep Power
    57

    Default

    Quote Originally Posted by oliver2uk View Post
    Bill,

    I am familiar with pflogsumm and actually downloaded it separately and tried it to see if it makes any difference.

    The problem is in the zimbra.log file. The RBL rejected information is not logged there so I don't get the information.

    Or my RBL's are not rejecting anything. One or the other.

    How do I check that the RBL's are working? ZM command shows them applied but that is as far as I could go.
    You should find the information in the following file:

    Code:
    cat /var/log/maillog | grep 'blocked using'
    Quote Originally Posted by oliver2uk View Post
    zimbra:/opt/zimbra/libexec# su - zimbra
    zimbra@zimbra:~$ zmprov gacf | grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_client
    zimbraMtaRestriction: reject_unknown_hostname
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
    zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
    zimbraMtaRestriction: reject_rbl_client hostkarma.junkemailfilter.com
    zimbraMtaRestriction: reject_rbl_client relays.mail-abuse.org
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client dnsbl.dronebl.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client combined.rbl.msrbl.net
    zimbraMtaRestriction: reject_rbl_client combined.njabl.org
    zimbraMtaRestriction: reject_rbl_client dyna.spamrats.com
    zimbraMtaRestriction: reject_rbl_client noptr.spamrats.com
    zimbraMtaRestriction: reject_rbl_client spam.spamrats.com
    zimbraMtaRestriction: reject_rbl_client relays.ordb.org
    zimbraMtaRestriction: reject_rbl_client b.barracuracentral.org
    I've never found it necessary to have that many RBLs in Zimbra as spamhaus is likely to catch most of the spam, I also only have one Protocol check on my system. The following is all I need:

    Code:
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
    zimbraMtaRestriction: reject_rbl_client dnsbl.dronebl.org
    zimbraMtaRestriction: reject_rbl_client bl.spameatingmonkey.net
    With those settings I hget about 20 spam emails in the Junk folder per 30 days.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Re-creating the spam training e-mail account
    By richard-hdd in forum Administrators
    Replies: 21
    Last Post: 03-20-2012, 07:34 AM
  2. Replies: 2
    Last Post: 11-03-2010, 07:06 AM
  3. Invisible messages
    By deepblue in forum Administrators
    Replies: 1
    Last Post: 07-02-2007, 01:00 PM
  4. New messages not showing up in outlook
    By bersrker in forum Zimbra Connector for Outlook
    Replies: 4
    Last Post: 01-16-2007, 08:17 AM
  5. Spam assassain not traiing properly!
    By Mike T in forum Administrators
    Replies: 1
    Last Post: 10-09-2006, 01:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •