Results 1 to 8 of 8

Thread: Incorrect MtaRestrictions

  1. #1
    scottd is offline Junior Member
    Join Date
    Jun 2011
    Posts
    8
    Rep Power
    4

    Exclamation Incorrect MtaRestrictions

    About a month ago we started receiving lots of spam emails so I followed the instructions here:
    Configuring and Monitoring Postfix DNSBL - Zimbra :: Wiki
    to have our mail server use DNS Blacklists to reject spam and added all possible RBLs, including dnsbl.sorbs.net.

    Dnsblcount (setup as per the instructions listed on the above website) is showing that our server is rejecting around 1000 emails per day, and we are receiving markedly less spam.

    The issue is that several customers of ours are receiving bounce emails that indicate that the sorbs.net blacklist is causing our mail server to reject their emails. These false positives seem to be isolated to the sorbs.net RBL, so I re-did our DNSBL configuration to include all possible RBLs except sorbs.net and restarted the mail server.

    Here is the current output of "zmprov gacf | grep zimbraMtaRestriction"

    Code:
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client relays.mail-abuse.org
    This indicates to me that dnsbl.sorbs.net is no longer being used, however, we are still having sender's email rejected as a result of their being blacklisted on sorbs.net and dnsblcount is still showing sorbs.net as one of the rejectors

    Even though I removed sorbs.net from the MtaRestrictions list as of 06/02/11, today's (06/07/11) dnsblcount report shows:

    cbl.abuseat.org 904
    dnsbl.sorbs.net 376
    sbl.spamhaus.org 136
    bl.spamcop.net 86
    dnsbl.njabl.org 34
    =================================
    Total DNSBL rejections: 1536
    We need our server to stop rejecting email based on the sorbs.net RBL. Any followup on this is greatly appreciated.

    As an aside, is it possible to have postfix do other things with these emails rather than reject them (mark as spam, for example)?

    Thank you,
    Scott

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,495
    Rep Power
    56

    Default

    Despite what the dnsblcount report shows, are there actually any entries in the log files showing a rejection by "dnsbl.sorbs.net"? You will also see these entries in the Zimbra daily mail report, are there any for this RBL? I'd also suggest you use "zen.spamhaus.org" instead of the one you have listed, it's a more comprehensive list. You might want to consider changing the order or the RBLs so the one that catches the most spam is listed first otherwise you waste DNS lookups checking the RBLs.

    When you changed the RBLs did you actually reload postfix after making the changes? Do you also have Zimbra "smtpd_reject_unlisted_recipient" set to yes? What are your spam Kill/Tag percentages set to?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    scottd is offline Junior Member
    Join Date
    Jun 2011
    Posts
    8
    Rep Power
    4

    Default

    Bill,
    Thanks for your quick and thoughtful reply. There are indeed entries in the daily mail report showing that the sorbs.net blacklist is being used. The number of entries there closely matches the number in the dnsblcount report.

    As per your suggestions I have replaced the old sbl.spamhaus.org RBL with zen.spamhaus.org and attemted to re-order my RBLs from most to least catches (the number of catches vary a bit on a daily basis, so I made a best guess).

    I did not reload postfix after changing the RBLs, I assumed that restarting Zimbra would load the changes, however as per your suggestion I have reloaded it now, and will await tomorrows dnsblcount and mail report to see if that has solved the problem.

    "smtpd_reject_unlisted_recipient" was set to no, however after reading about it a bit more I edited the zmmta.cf file to set it to yes and reloaded postfix.

    Span Kill/Tag percentages as per Zimbra admin > global settings:
    Kill percent: 75
    Tag percent: 33

    Im still not sure how the percentages tie in to the information returned from the RBLs.

    Thanks again,
    Scott

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,495
    Rep Power
    56

    Default

    Quote Originally Posted by scottd View Post
    I did not reload postfix after changing the RBLs, I assumed that restarting Zimbra would load the changes, however as per your suggestion I have reloaded it now, and will await tomorrows dnsblcount and mail report to see if that has solved the problem.
    I should have clarified that comment, a restart of Zimbra also reloads postfix - for this type of change you just need to restart postfix to get any new RBLS to be used.

    Quote Originally Posted by scottd View Post
    "smtpd_reject_unlisted_recipient" was set to no, however after reading about it a bit more I edited the zmmta.cf file to set it to yes and reloaded postfix.
    You might find that this setting reduces a lot a spam, you'll see details in your daily report.

    Quote Originally Posted by scottd View Post
    Span Kill/Tag percentages as per Zimbra admin > global settings:
    Kill percent: 75
    Tag percent: 33
    You might want to consider tweaking those settings a bit, I have mine set to kill=66 and tag=25 - if you make any changes to those settings then monitor your Junk folders for any false positives. If there's no increase in false positives then leave the settings at their new percentages.

    Quote Originally Posted by scottd View Post
    Im still not sure how the percentages tie in to the information returned from the RBLs.
    There's a description of what the percentages are for in this post: Spam Tag / Kill Options
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    scottd is offline Junior Member
    Join Date
    Jun 2011
    Posts
    8
    Rep Power
    4

    Default

    Bill,
    Unfortunately, our server still appears to be using sorbs.net to block email.

    For the spam tag/kill:
    Is your server using RBLs? And if so, do your tag/kill percentages let some or all of the mail from senders listed on the RBLs through to your users (as spam or otherwise)?

    Any other ideas on how I might eliminate sorbs.net from my server? Dnsblcount and the daily mail report do not show any indication of any of the changes I made to the MTA Restrictions yesterday (zen is not present and sorbs is still there). Even though "zmprov gacf | grep zimbraMtaRestriction" now shows:

    Code:
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
    zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org

    Thanks again,
    Scott

  6. #6
    scottd is offline Junior Member
    Join Date
    Jun 2011
    Posts
    8
    Rep Power
    4

    Default

    Turns out, I had to go in and edit /opt/zimbra/postfix-version/conf/main.cf by hand. The old RBLS were still in there so I made changes to that file and now it works.

  7. #7
    mickier is offline Loyal Member
    Join Date
    Dec 2007
    Posts
    84
    Rep Power
    7

    Default similar problem here...

    I am having the same issue - sorbs was enabled, but has been turned off - 2 weeks ago - but I am still having email blocked because of sorbs

    my settings;
    postconf |grep smtpd_recipient_restrictions
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unknown_client, reject_unknown_hostname, reject_unknown_sender_domain, reject_rbl_client dnsbl.njabl.org reject_rbl_client zen.spamhaus.org reject_rbl_client b.barracudacentral.org, permit


    But last night again:
    Jan 23 18:12:48 mail postfix/smtpd[19253]: NOQUEUE: reject: RCPT from mail.keystops.com[68.156.173.226]: 554 5.7.1 Service unavailable; Client host [68.156.173.226] blocked using dnsbl.sorbs.net; Currently Sending Spam See: SORBS Database Lookup from=<nxxxxxx@yahoo.com> to=<ldoxxx@sxxx.com> proto=ESMTP helo=<keymailsvr2.KEYSTOPS.COM>

    I have done zmcontrol restart manually (plus zimbra restarts as part of my nightly backup)

    Also Tried this, but no instance of sorbs in this file either...
    Quote Originally Posted by scottd View Post
    Turns out, I had to go in and edit /opt/zimbra/postfix-version/conf/main.cf by hand. The old RBLS were still in there so I made changes to that file and now it works.
    Any ideas/help greatly appreciated!

    For now I am trying to avoid this by adding an invalid ip address to dnsbl.sorbs.net in my hosts file (!) probably a bad idea.

  8. #8
    mski123 is offline Starter Member
    Join Date
    Oct 2012
    Posts
    1
    Rep Power
    2

    Default

    Did anyone get any further answers regarding the above?
    I appear to have similar issues with: Release 8.0.0_GA_5434.RHEL6_64_20120907144743 RHEL6_64 NETWORK edition.

    Performing a tcpdump on port 53 shows DNSBL lookups on sites not configured in a reduced config with:
    zmprov gacf zimbraMtaRestriction
    zimbraMtaRestriction: reject_invalid_helo_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client b.barracudacentral.org

    A restart of Zimbra on the MTA has no affect.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Incorrect briefcase URL?
    By FlyingFish in forum Administrators
    Replies: 0
    Last Post: 12-30-2010, 10:53 AM
  2. Message Counts Incorrect
    By chewblocka in forum Migration
    Replies: 6
    Last Post: 05-22-2008, 05:52 AM
  3. Zimbra 5.0 RC2 Briefcase URL incorrect
    By routerguy in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 01:13 AM
  4. Received is showing incorrect date
    By sunshineknox in forum Administrators
    Replies: 5
    Last Post: 08-16-2007, 11:15 AM
  5. FC4 Test install getting SU: Incorrect Password
    By bbepristis in forum Installation
    Replies: 16
    Last Post: 08-11-2006, 10:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •