How to set Spamhaus DNSBL correctly?

This does not answer my question. This is only a workaround by raising all blacklist checks to two hits.
 
Which is correct as the other return codes are "not relevant":
https://www.spamhaus.org/faq/section/DNSBL Usage#200
127.255.255.254 Any Query via public/open resolver
127.255.255.255 Any Excessive number of queries
Click to expand...

This means proxmox mgw blocks the mail, if we hit "excessive number of queries" or "query through public resolver" which happens as of my experience randomly.

We can solve this as follows:
- Not using spamhaus (they are the only one with this behaviour)
- Use your workaround which makes the filter weaker
- Let proxmox ignore the irrelevant return codes (which is my question how to set this up)
 
mgutt said:
Which is correct as the other return codes are "not relevant":
https://www.spamhaus.org/faq/section/DNSBL Usage#200


This means proxmox mgw blocks the mail, if we hit "excessive number of queries" or "query through public resolver" which happens as of my experience randomly.

We can solve this as follows:
- Not using spamhaus (they are the only one with this behaviour)
- Use your workaround which makes the filter weaker
- Let proxmox ignore the irrelevant return codes (which is my question how to set this up)
Click to expand...
Are your PMG using public DNS like google or cloudflare? It will cause those 2 error.
Set PMG to use a local resolver/DNS server will solve the problem.
 
  • Like
Reactions: Stoiko Ivanov
mgutt said:
Not possible. We are using 1.1.1.2 or 9.9.9.11 only (security guidelines).
Click to expand...
For E-mail I would agree with @hata_ph - you need a resolver of your own to get any decent spam-detection due to some very good dnsbls/uribls having a ratelimit

Alternatively you can consider getting a paid feed from them (these are usually quite well configurable with public resolvers as well)
 
  • Like
Reactions: eugenevdm
You must log in or register to reply here.
Top Bottom