Add postscreen_dnsbl_sites

kaito

Renowned Member
Oct 21, 2015
7
0
66
1. is there a way to add more "postscreen_dnsbl_sites=" within the gui

i am trying Mail Gateway 5.0-71

let me know if i missed the "option"

thanks a lot in adavance
 
Just use commas
For example:
zen.spamhaus.org,bl.spamcop.net,psbl.surriel.com,spamrbl.imp.ch,noptr.spamrats.com,escalations.dnsbl.sorbs.net,bl.score.senderscore.com,bl.spameatingmonkey.net,rbl.realtimeblacklist.com,dnsbl.dronebl.org
 
Hi,

We are getting some of the spams still, up on checking on mail header we cloud see the below message. See the message marked red. But we cannot find any clue from proxmox mail gateway log.


X-SPAM-LEVEL: Spam detection results: 2
HTML_IMAGE_ONLY_04 0.342 HTML: images with 0-400 bytes of words
HTML_MESSAGE 0.001 HTML included in message
HTML_SHORT_LINK_IMG_1 0.139 HTML is very short with a linked image
MAILING_LIST_MULTI -1 Multiple indicators imply a widely-seen list manager
MPART_ALT_DIFF 0.724 HTML and text parts are different
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_ABUSE_SURBL 1.948 Contains an URL listed in the ABUSE SURBL blocklist
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
 
Hi,

We are getting some of the spams still, up on checking on mail header we cloud see the below message. See the message marked red. But we cannot find any clue from proxmox mail gateway log.


X-SPAM-LEVEL: Spam detection results: 2
HTML_IMAGE_ONLY_04 0.342 HTML: images with 0-400 bytes of words
HTML_MESSAGE 0.001 HTML included in message
HTML_SHORT_LINK_IMG_1 0.139 HTML is very short with a linked image
MAILING_LIST_MULTI -1 Multiple indicators imply a widely-seen list manager
MPART_ALT_DIFF 0.724 HTML and text parts are different
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_ABUSE_SURBL 1.948 Contains an URL listed in the ABUSE SURBL blocklist
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
Hi,

use your own DNS-Server to make these requests and not a public DNS-Server e.g. Google.
More Info on how to setup an own DNS-Server: https://forum.proxmox.com/threads/how-to-local-dns-resolver-for-proxmox-mail-gateway.41189/

Greetz
Free rbl providers have connections quota in place.
By using local caching dns resolver you will typically cache most of the dns response and thus limit connections to rbl servers
 
This may or may not help someone. I find the forums don't literally spelling things out well enough for potential noobs. When you document it document it well and this is how.

cd /etc/postfix
nano main.cf
ctl + w
(brings up "find") and type in: dnsbl <-- hit enter on your keybaord
Brings you to a line that says: postscreen_dnsbl_action = enforce
Below that will be another that says: postscreen_greet_action = enforce
Add this line right below that one: postscreen_dnsbl_sites =

Below that line you just added add this + add your own, usually those dnsbl's have their various 127.x.x.x numbers which give you a "positive" result which means it's on their list and therefore spam which will cause POSTFIX to do a block action.

Here is my list:
# RBL customization
# Ref: docs.iredmail.org/enable.dnsbl.html
b.barracudacentral.org=127.0.0.2*2
all.spamrats.com=127.0.0.36
all.spamrats.com=127.0.0.38
rbl.realtimeblacklist.com=127.0.0.2
fresh30.spameatingmonkey.net=127.0.0.2


* Make sure the spaces if you have any are spaces and not tabs, tabs in my editor seem to make it interpret a "?" once you restart POSTFIX.

Then do a ctrl + x to exit, make sure you save the file.

Note that anything after the "#" is considered a note field, it's not parsed so you can write anything you want behind one to remind yourself what you're doing and why.

If you use barracudacentra..org you need to go there and get a free account. You then have to list your public IP addresses that are querying. Once you do that it will take 10 minutes for their servers to authorize your queries or else they will fail all day long and you might / will get false positives.

Then run: service postfix restart

You can test to see if things are working by running a query against your RBL list like so:

Command: dig +short -t any _DNSBL_.test.fresh30.spameatingmonkey.net

You should get a result like: 127.0.0.2

Another in Barracuda's how to / check is : host 2.0.0.127.b.barracudacentral.org

Your answer here should be: 2.0.0.127.b.barracudacentral.org has address 127.0.0.2

Please comment if this post (mine) helped you because the afore mentioned might not have enough information in it for noobs although...nobody is complaining LOL. I have seen a few exceptional posts with very well done explanations. We definitely need more of that!

* Edited to fix the option: postscreen_dnsbl_sites =
 
Last edited:
This may or may not help someone. I find the forums don't literally spelling things out well enough for potential noobs. When you document it document it well and this is how.

cd /etc/postfix
nano main.cf
ctl + w
(brings up "find") and type in: dnsbl <-- hit enter on your keybaord
Brings you to a line that says: postscreen_dnsbl_action = enforce
Below that will be another that says: postscreen_greet_action = enforce
Add this line right below that one: postscreen_dnsbl_sites =

Below that line you just added add this + add your own, usually those dnsbl's have their various 127.x.x.x numbers which give you a "positive" result which means it's on their list and therefore spam which will cause POSTFIX to do a block action.

Here is my list:
# RBL customization
# Ref: docs.iredmail.org/enable.dnsbl.html
b.barracudacentral.org=127.0.0.2*2
all.spamrats.com=127.0.0.36
all.spamrats.com=127.0.0.38
rbl.realtimeblacklist.com=127.0.0.2
fresh30.spameatingmonkey.net=127.0.0.2


* Make sure the spaces if you have any are spaces and not tabs, tabs in my editor seem to make it interpret a "?" once you restart POSTFIX.

Then do a ctrl + x to exit, make sure you save the file.

Note that anything after the "#" is considered a note field, it's not parsed so you can write anything you want behind one to remind yourself what you're doing and why.

If you use barracudacentra..org you need to go there and get a free account. You then have to list your public IP addresses that are querying. Once you do that it will take 10 minutes for their servers to authorize your queries or else they will fail all day long and you might / will get false positives.

Then run: service postfix restart

You can test to see if things are working by running a query against your RBL list like so:

Command: dig +short -t any _DNSBL_.test.fresh30.spameatingmonkey.net

You should get a result like: 127.0.0.2

Another in Barracuda's how to / check is : host 2.0.0.127.b.barracudacentral.org

Your answer here should be: 2.0.0.127.b.barracudacentral.org has address 127.0.0.2

Please comment if this post (mine) helped you because the afore mentioned might not have enough information in it for noobs although...nobody is complaining LOL. I have seen a few exceptional posts with very well done explanations. We definitely need more of that!

* Edited to fix the option: postscreen_dnsbl_sites =

Why most posts here are not such way is because e.g. your post is something, which should not(!) be performed. This settings you describe are about to set your blacklists and blacklist settings, that can be done via GUI and should be done there. Additional the GUI and the system is template based, so if you add that to your main.cf, it will be overwritten next time, anything in the GUI has been changed. So you need additional explain on how to copy templates, add it there (however, what you wrote is already added there and managed via GUI) and sync the templates. However, working with template adjustments mean, you need always to check the templates for updates, understand them and merge them in your copy, as using
templates, you’re out of normal update handling. That said, you see, that it’s not meant for noobs to do anything(!) via shell. Noobs should use the GUI and all options offered there, Pros can use the shell and they then know, what they do there as any adjustment mean potential error source and if someone does not really know, what he is doing there, if he also don’t know on how to perform standard linux tasks, he has nothing to do on shell on a system, which has a GUI and try to avoid usage of shell via this GUI.

BTW, problem here are less the lists, more that some decline their usage because of using a DNS provider of an ISP or Google, CloudFlare or sth. similar, which run in a volume block of the lists, so he need to set up his own resolver or use an existing own resolver.
 
Where in the GUI is this setting? I can't find it. I'm on 5.1'ish...whatever latest is.

What do I pick & where?
 
Here you can see. I cut the rest of the screen as it contains the invaluement lists.

M0arvkf.png
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!