RBL log message?

**vshah** · 12-14-2006, 06:02 AM

We've setup RBLs in Zimbra and have for over a day now but I can't figure out what to look for in the /var/log/zimbra.log to see if the RBLs are working.

[zimbra@mrmailman ~]$ zmprov -l gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net

[zimbra@mrmailman ~]$ grep -i reject /var/log/zimbra.log

gets no results. What's the default message logged for RBLS? Any other ideas?

**phoenix** · 12-14-2006, 06:12 AM

I don't use RBL lists but shouldn't it say something like "blocked using"?

**phoenix** · 12-14-2006, 06:37 AM

You could use this (from a news group post):

the following one-liner searches the log file for RBL rejections, then prints
out the hostname[IP ADDR], From address, To address, and HELO hostname,
separated by spaces:

grep "reject:.*blocked using" /var/log/mail.log |
perl -n -e 's/.*RCPT from ([^:]+):.*from=<([^>]+)> to=<([^>]+)> .*helo=<([^>]+)>/$1 $2 $3 $4/ && print'

or this utility: dnsblcount

**vshah** · 12-14-2006, 07:12 AM

Thanks, Bill!

I tried the regexp (actually tried some broader regexps too) and again got no results, which doesn't seem likely if the RBLs are working. I'll wait a few days and if there's no results again then I'll put in a support case for this, I guess.

**phoenix** · 12-14-2006, 07:23 AM

Maybe there's just no hits on the RBL list or were you getting some spam that might have been blocked by the RBL before you activated them?

**vshah** · 12-14-2006, 07:40 AM

It's possible that we aren't getting connects from any sites on the RBL lists -- that's why I want to wait a few days before making this a support case. Currently we are in pilot group testing with around a dozen people getting mail on the zimbra box. That's only about 2500 msgs/day with about 40-50% of those being blocked or tagged as spam.
We were thinking of waiting for 4.5 before going into full production but if 4.5's not out till mid-Jan that's not going to be possible. Either way, we wanted the RBLs working before going into production.

Zimbra

Thread: RBL log message?

LinkBack

Thread Tools

Search Thread

Display

RBL log message?

Thread Information

Users Browsing this Thread

Similar Threads

Sending mail to china (!) fails with SMTP 551 error...

Curious log message in zmmtaconfig.log

Network Service Error with MIME encoded message

IMAPStore Replication/Failover IDEA - Multiple Virtual message stores

Recover single message from redo log?

Posting Permissions