Add postscreen_dnsbl_sites

Discussion in 'Mail Gateway: Installation and configuration' started by kaito, Aug 7, 2018.

  1. kaito

    kaito New Member

    Joined:
    Oct 21, 2015
    Messages:
    4
    Likes Received:
    0
    1. is there a way to add more "postscreen_dnsbl_sites=" within the gui

    i am trying Mail Gateway 5.0-71

    let me know if i missed the "option"

    thanks a lot in adavance
     
  2. Sommer

    Sommer Member

    Joined:
    Jun 7, 2018
    Messages:
    45
    Likes Received:
    5
    Just use commas
    For example:
    zen.spamhaus.org,bl.spamcop.net,psbl.surriel.com,spamrbl.imp.ch,noptr.spamrats.com,escalations.dnsbl.sorbs.net,bl.score.senderscore.com,bl.spameatingmonkey.net,rbl.realtimeblacklist.com,dnsbl.dronebl.org
     
  3. kaito

    kaito New Member

    Joined:
    Oct 21, 2015
    Messages:
    4
    Likes Received:
    0
    Hi,

    Yes it is working perfect, I can see it in logs.
     
  4. kaito

    kaito New Member

    Joined:
    Oct 21, 2015
    Messages:
    4
    Likes Received:
    0
    Hi,

    We are getting some of the spams still, up on checking on mail header we cloud see the below message. See the message marked red. But we cannot find any clue from proxmox mail gateway log.


    X-SPAM-LEVEL: Spam detection results: 2
    HTML_IMAGE_ONLY_04 0.342 HTML: images with 0-400 bytes of words
    HTML_MESSAGE 0.001 HTML included in message
    HTML_SHORT_LINK_IMG_1 0.139 HTML is very short with a linked image
    MAILING_LIST_MULTI -1 Multiple indicators imply a widely-seen list manager
    MPART_ALT_DIFF 0.724 HTML and text parts are different
    SPF_PASS -0.001 SPF: sender matches SPF record
    URIBL_ABUSE_SURBL 1.948 Contains an URL listed in the ABUSE SURBL blocklist
    URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
     
  5. fluxX04

    fluxX04 New Member

    Joined:
    Mar 14, 2018
    Messages:
    15
    Likes Received:
    5
  6. Davide Bozzelli

    Joined:
    Feb 6, 2018
    Messages:
    70
    Likes Received:
    4
    Free rbl providers have connections quota in place.
    By using local caching dns resolver you will typically cache most of the dns response and thus limit connections to rbl servers
     
  7. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    438
    Likes Received:
    105
    Read the full linked post, I encountered problems with bind, don't use bind, use unbound
     
  8. Someyoung Guy

    Someyoung Guy New Member

    Joined:
    Dec 23, 2018
    Messages:
    2
    Likes Received:
    0
    This may or may not help someone. I find the forums don't literally spelling things out well enough for potential noobs. When you document it document it well and this is how.

    cd /etc/postfix
    nano main.cf
    ctl + w
    (brings up "find") and type in: dnsbl <-- hit enter on your keybaord
    Brings you to a line that says: postscreen_dnsbl_action = enforce
    Below that will be another that says: postscreen_greet_action = enforce
    Add this line right below that one: postscreen_dnsbl_sites =

    Below that line you just added add this + add your own, usually those dnsbl's have their various 127.x.x.x numbers which give you a "positive" result which means it's on their list and therefore spam which will cause POSTFIX to do a block action.

    Here is my list:
    # RBL customization
    # Ref: docs.iredmail.org/enable.dnsbl.html
    b.barracudacentral.org=127.0.0.2*2
    all.spamrats.com=127.0.0.36
    all.spamrats.com=127.0.0.38
    rbl.realtimeblacklist.com=127.0.0.2
    fresh30.spameatingmonkey.net=127.0.0.2


    * Make sure the spaces if you have any are spaces and not tabs, tabs in my editor seem to make it interpret a "?" once you restart POSTFIX.

    Then do a ctrl + x to exit, make sure you save the file.

    Note that anything after the "#" is considered a note field, it's not parsed so you can write anything you want behind one to remind yourself what you're doing and why.

    If you use barracudacentra..org you need to go there and get a free account. You then have to list your public IP addresses that are querying. Once you do that it will take 10 minutes for their servers to authorize your queries or else they will fail all day long and you might / will get false positives.

    Then run: service postfix restart

    You can test to see if things are working by running a query against your RBL list like so:

    Command: dig +short -t any _DNSBL_.test.fresh30.spameatingmonkey.net

    You should get a result like: 127.0.0.2

    Another in Barracuda's how to / check is : host 2.0.0.127.b.barracudacentral.org

    Your answer here should be: 2.0.0.127.b.barracudacentral.org has address 127.0.0.2

    Please comment if this post (mine) helped you because the afore mentioned might not have enough information in it for noobs although...nobody is complaining LOL. I have seen a few exceptional posts with very well done explanations. We definitely need more of that!

    * Edited to fix the option: postscreen_dnsbl_sites =
     
    #8 Someyoung Guy, Dec 24, 2018
    Last edited: Dec 24, 2018
  9. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    438
    Likes Received:
    105
    Why most posts here are not such way is because e.g. your post is something, which should not(!) be performed. This settings you describe are about to set your blacklists and blacklist settings, that can be done via GUI and should be done there. Additional the GUI and the system is template based, so if you add that to your main.cf, it will be overwritten next time, anything in the GUI has been changed. So you need additional explain on how to copy templates, add it there (however, what you wrote is already added there and managed via GUI) and sync the templates. However, working with template adjustments mean, you need always to check the templates for updates, understand them and merge them in your copy, as using
    templates, you’re out of normal update handling. That said, you see, that it’s not meant for noobs to do anything(!) via shell. Noobs should use the GUI and all options offered there, Pros can use the shell and they then know, what they do there as any adjustment mean potential error source and if someone does not really know, what he is doing there, if he also don’t know on how to perform standard linux tasks, he has nothing to do on shell on a system, which has a GUI and try to avoid usage of shell via this GUI.

    BTW, problem here are less the lists, more that some decline their usage because of using a DNS provider of an ISP or Google, CloudFlare or sth. similar, which run in a volume block of the lists, so he need to set up his own resolver or use an existing own resolver.
     
  10. Someyoung Guy

    Someyoung Guy New Member

    Joined:
    Dec 23, 2018
    Messages:
    2
    Likes Received:
    0
    Where in the GUI is this setting? I can't find it. I'm on 5.1'ish...whatever latest is.

    What do I pick & where?
     
  11. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    438
    Likes Received:
    105
    Here you can see. I cut the rest of the screen as it contains the invaluement lists.

    [​IMG]
     
    #11 heutger, Dec 24, 2018
    Last edited: Dec 24, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice