Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: zen.spamhaus.org RBL

  1. #1
    keffa is offline Active Member
    Join Date
    Mar 2007
    Posts
    42
    Rep Power
    8

    Default zen.spamhaus.org RBL

    I recently followed the wiki advice located here...

    http://wiki.zimbra.com/index.php?tit...On_or_Off_RBLs

    Except instead of the listed RBL's, I just listed one, the Spamhaus Zen RBL which combines all their lists into one and is located at zen.spamhaus.org as follows...

    Code:
    zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non-
    fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction 
     “reject_rbl_client zen.spamhaus.org”
    It did not give me any error messages and I rebooted the server. I expected to be given some indication in the admin interface that this was now active but I can't see anything different. Is there anything else I need to do to activate this RBL or is it now just silently working away?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    There is no indication other than the fact that you've enabled it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    keffa is offline Active Member
    Join Date
    Mar 2007
    Posts
    42
    Rep Power
    8

    Default

    It doesn't appear to be working, I'm still getting connections from IP addresses listed in zen. I've followed the instructions to the letter, am I missing anything?

  4. #4
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    1. This ( WIKI you read ) is only meant to be used until DSPAM/SA got up to speed.
    As soon as they do ( week or two ), need to remove them as these RBL's are also being checked within SA.
    ( /opt/zimbra/conf/spamassassin/20_dnsbl_tests.cf to be exact )

    2. But to answer your question, for my server, I have to added/modified the following lines in /etc/syslog.conf ( make a copy first )

    mail.info -/var/log/mail.info
    mail.warn -/var/log/mail.warn
    mail.err /var/log/mail.err
    Then, /etc/rc.d/init.d/syslog restart

    This will give you the "Postfix" messages via the above files, so you can actually see what postfix is doing, since the WIKI referenced above tells Postfix to reject the message(s), not Zimbra MTA or SA or DSPAM.

    Some background: I am running FC4, may need to adjust for your flavor of OS.

    Hope this helps!

    Scotty

  5. #5
    captainmish is offline Loyal Member
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Question zen.spamhaus.org not added to postfix conf

    I have also had problems with adding zen.sa - sbl works fine though! Is there a specific set of rbls that zimbra will allow?
    Running NE (4.5.6_GA_1044.UBUNTU6) on ubuntu 6.06

    I become the zimbra user, then:

    zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non_fqdn_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction "reject_rbl_client zen.spamhaus.org" zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org"

    (yes, zen and sbl should not both be in the list, but this is to prove a point.)
    Now wait a few moments for zimbra to update the postfix config, just check that zimbra knows about it:

    zmprov gacf | grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_invalid_hostname
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
    zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org

    So zimbra has accepted the changes. Lets see what postfix thinks:
    postconf | grep smtpd_recipient_restrictions
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_rbl_client sbl.spamhaus.org, reject_unauth_destination, permit

    Only sbl.spamhaus.org is added! Whats going on here?

    Of course previously I added just zen.sa and wondered why nothing seemed to be happening, and postconf would not show any changes at all. It only seems to accept sbl.

    Is this by design (only a predefined set of rbls are accepted), or is this some kind of wierd bug? Searching bugzilla for zen.spamhaus.org and spamhaus.org showed zarro bugs.

    Any ideas?

  6. #6
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    A few things,
    -Be aware the sbl is already included in the zen
    -You can also enter them one at a time with +/-:
    Code:
    zmprov mcf +zimbraMtaRestriction "reject_rbl_client zen.spamhaus.org"
    -do a postfix reload - any change?

  7. #7
    captainmish is offline Loyal Member
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Default

    I also did a postfix reload, and a zmmtactl reload (it gives syntax errors, but seems to reload postfix anyway) - I also restarted with zmmtactl restart, all of these failed to add zen.

    Following the exact same steps to add the two, adding zen does not get added to the postconf, but sbl does (add zen, check postconf, no zen; add sbl, check postconf, sbl is there)

    Checking the zimbra config with zmprov gacf | grep zimbraMtaRestriction shows that zen has been added, but it is not in the postfix conf, only sbl is. Re-adding zen using the +zimbraMtaRestriction method and then reloading postfix also does not add it.

    The only thing I have not tried is a "full" restart, zmcontrol restart - maybe there is something else that needs reloading/restarting to inject the zen conf?

    Nice info for adding things one at a time, instead of the whole lot though, thanks

  8. #8
    captainmish is offline Loyal Member
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Default

    Looks like I hit this bug - Bug 11316 - postfix_recipient_restrictions.cf is missing some spamhaus entries.
    Editing $ZIMBRA_HOME/conf/postfix_recipient_restrictions.cf and adding a line for zen.spamhaus.org solves the problem, and it is added correctly to the postfix conf.

  9. #9
    preem is offline Active Member
    Join Date
    Jan 2007
    Location
    Slovenia
    Posts
    29
    Rep Power
    8

    Default

    Nice find.

    I tried it myself, was also affected by the mentioned bug so editing postfix_recipient_restrictions.cf solves this problem.

    But another one arises in my example. Lots of false-negatives or what is it called, i am no spam expert, sorry for that. Anyways, lots of messages rejected, even from well known hosts like google's gmail. I can't get it whitelisted using zen.

    I tried adding whole domain whitelisted in amavisd.conf.in with:
    'gmail.com' => -5.0,

    and according to wiki, to salocal.cf.in with lines:
    whitelist_from *.google.com
    whitelist_from *@gmail.com

    and other variants with wildcards, none of them work.

    Am i missing something or have i chosen the wrong path? How its done?

    Thanks

  10. #10
    captainmish is offline Loyal Member
    Join Date
    Mar 2007
    Location
    Plymouth, uk
    Posts
    93
    Rep Power
    8

    Default

    Are you sure its blocking the actual hosts, or just forged "from"? Ive had no problems with it since it went on, amazed at the amount its blocking.

    You will not be able to whitelist using amavis, because mail blocked with rbls wont get that far - its blocked on the initial smtp conversation. My guess is you are getting "false false positives" (not really false positives) because of forged "from"s

    Test it yourself by sending a message from your gmail, im pretty confident it will arrive. Spam sent from gmail will probably be blocked further down the process by sa.

    If you are actually getting false positives, try just using sbl.spamhaus.org - it is a lot smaller, so you will get more spam, but false positives should drop to zero.

    **EDIT**

    try using this (as the zabbix user) to list all the HOSTS (as opposed to from addresses) you are blocking (this is for ubuntu 6.06 - you may have to change your log location):

    grep spamhaus /var/log/mail.log | awk '{ print $10 }'
    or use it with tail to give you a constantly updating list on your console
    Last edited by captainmish; 11-08-2007 at 04:50 AM. Reason: added log grepping one-liner

Page 1 of 3 123 LastLast

LinkBacks (?)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. rbl config question
    By scottnelson in forum Administrators
    Replies: 4
    Last Post: 02-27-2008, 04:18 PM
  2. Trend Micro RBL doesn't work
    By crowley in forum Administrators
    Replies: 2
    Last Post: 07-25-2007, 06:41 AM
  3. SpamAssassin rbl and uribl checks not working
    By stuheiss in forum Administrators
    Replies: 0
    Last Post: 04-10-2007, 05:41 PM
  4. Postfix RBL lists debug ?
    By RaNd in forum Administrators
    Replies: 1
    Last Post: 03-30-2007, 11:44 PM
  5. RBL effectiveness
    By moniker in forum Administrators
    Replies: 2
    Last Post: 11-05-2006, 06:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •