How to monitor amount of messages rejected by RBLs

[oliver2uk]

Hi,

Please, can anybody help me and tell me what do I need to enable / where to look / how to log messages rejected by RBLs?

By enabling log_level in amavis.conf.in and seting it to 2 there is much more information in zimbra.log file, but not any info about messages rejected with the setup RBLs I have.

Dnsblcount and simillar scripts won't work. I would like to log this information if possible. And yes, here is my setup:

Release 7.0.0_BETA1_2816.DEBIAN5_64 DEBIAN5_64 FOSS edition.

Many thanks.

[phoenix]

Quote:

Originally Posted by oliver2uk

Please, can anybody help me and tell me what do I need to enable / where to look / how to log messages rejected by RBLs?

You shouldn't need to do anything, the Daily Mail Report has information about RBL rejections. Are you saying that the report isn't produced or doesn't have the information, have you tried running it manually?

[oliver2uk]

Bill,

If you mean:

56749 rejected

from the daily report, than I have got it. However I would like to dig more information about which RBL's rejected the messages. That is what I am trying to achieve.

Can you tell me in which log is this information saved so I can parse it for example with:

Configuring and Monitoring Postfix DNSBL - Zimbra :: Wiki

Many thanks for your speedy help.

[phoenix]

No, I mean this sort of information (which is normally produced by the Daily Report, at least it is on my server ):

Code:

blocked using zen.spamhaus.org (total: 45)
           3   41.216.208.234
           2   190.207.218.83
           1   2.38.198.252
           1   12.27.234.88
           1   41.218.1.99
           1   65.48.204.58
           1   81.213.51.176
           1   89.122.124.138
           1   89.218.220.206
           1   92.54.177.17
           1   93.180.102.3
           1   supernet.com.bo
           1   98.143.149.22

[oliver2uk]

Hi,

No, I don't get that information in my daily report. It would be great if I would be able to see it there.

I have multiple RBL's configured in the Zimbra admin.

Why is this information missing? Can you point me to the right direction please?

Thank you

[phoenix]

The daily mail report is based on 'pflogsumm', search the internet for that word and you'll find the authors web site with documentation details.

[oliver2uk]

Bill,

I am familiar with pflogsumm and actually downloaded it separately and tried it to see if it makes any difference.

The problem is in the zimbra.log file. The RBL rejected information is not logged there so I don't get the information.

Or my RBL's are not rejecting anything. One or the other.

How do I check that the RBL's are working? ZM command shows them applied but that is as far as I could go.

----
zimbra:/opt/zimbra/libexec# su - zimbra
zimbra@zimbra:~$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_non_fqdn_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client
zimbraMtaRestriction: reject_unknown_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client hostkarma.junkemailfilter.com
zimbraMtaRestriction: reject_rbl_client relays.mail-abuse.org
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dnsbl.dronebl.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client combined.rbl.msrbl.net
zimbraMtaRestriction: reject_rbl_client combined.njabl.org
zimbraMtaRestriction: reject_rbl_client dyna.spamrats.com
zimbraMtaRestriction: reject_rbl_client noptr.spamrats.com
zimbraMtaRestriction: reject_rbl_client spam.spamrats.com
zimbraMtaRestriction: reject_rbl_client relays.ordb.org
zimbraMtaRestriction: reject_rbl_client b.barracuracentral.org
zimbra@zimbra:~$
----

Thank you.

[dwill]

cat mail.log | grep 'blocked using'

[phoenix]

Quote:

Originally Posted by oliver2uk

Bill,

I am familiar with pflogsumm and actually downloaded it separately and tried it to see if it makes any difference.

The problem is in the zimbra.log file. The RBL rejected information is not logged there so I don't get the information.

Or my RBL's are not rejecting anything. One or the other.

How do I check that the RBL's are working? ZM command shows them applied but that is as far as I could go.

You should find the information in the following file:

Code:

cat /var/log/maillog | grep 'blocked using'

Quote:

Originally Posted by oliver2uk

zimbra:/opt/zimbra/libexec# su - zimbra
zimbra@zimbra:~$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_non_fqdn_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_client
zimbraMtaRestriction: reject_unknown_hostname
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client hostkarma.junkemailfilter.com
zimbraMtaRestriction: reject_rbl_client relays.mail-abuse.org
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client dnsbl.dronebl.org
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client combined.rbl.msrbl.net
zimbraMtaRestriction: reject_rbl_client combined.njabl.org
zimbraMtaRestriction: reject_rbl_client dyna.spamrats.com
zimbraMtaRestriction: reject_rbl_client noptr.spamrats.com
zimbraMtaRestriction: reject_rbl_client spam.spamrats.com
zimbraMtaRestriction: reject_rbl_client relays.ordb.org
zimbraMtaRestriction: reject_rbl_client b.barracuracentral.org

I've never found it necessary to have that many RBLs in Zimbra as spamhaus is likely to catch most of the spam, I also only have one Protocol check on my system. The following is all I need:

Code:

zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client dnsbl.dronebl.org
zimbraMtaRestriction: reject_rbl_client bl.spameatingmonkey.net

With those settings I hget about 20 spam emails in the Junk folder per 30 days.