DNSBL not working

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,961
1,078
164
However, the IP sender sent to us is on the blacklist but it is not rated as spam score and passed. Is there any other configuration required?
From the screenshots (please add the information as text if possible, or at least attach the pictures directly in the post) I see the following issues:
* you have set the dnsbl treshold to 2 - so an IP needs to be listed on 2 of your dnsbls to be blocked
* it seems there is a misunderstanding at where the dnsbls take action:
** the dnsbl_sites you configure at GUI->Configuration->Mail Proxy->Options are used by postfix (postscreen) to block a mail before it reaches the rule system
** the rule system is what runs SpamAssassin (and is run by pmg-smtp-filter)
** so the settings for dnsbl_sites will never show up in the pmg-smtp-filter logs - you need to look for the postscreen logs

See the reference documentation and the postfix docs:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_whitelist_overview
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#_mail_proxy_configuration
http://www.postfix.org/POSTSCREEN_README.html
 

DuyQuy

New Member
Apr 26, 2022
7
0
1
Thanks for your information.
We have DNSbl site setup with below resources.

zen.spamhaus.org,bl.spamcop.net,spamrbl.imp.ch,all.spamrats.com,escalations.dnsbl.sorbs.net,bl.score.senderscore.com,bl.spameatingmonkey.net,ix.dnsbl.manitu.net,b.barracudacentral.org,truncate.gbudb.net,dnsbl-3.uceprotect.net

But 1 IP sent to us, we noticed that the IP is only checked to hear from a single source even though it is listened to more than that.

Log send mail from ip above to us

Apr 26 16:13:06 xx8 postfix/postscreen[23901]: CONNECT from [193.233.182.110]:43980 to [xx.xx.xx.xx]:25
Apr 26 16:13:12 xx8 postfix/postscreen[23901]: PASS NEW [193.233.182.110]:43980
Apr 26 16:13:12 xx8 postfix/smtpd[16579]: connect from unstiscull.mainjudiinternet.com[193.233.182.110]
Apr 26 16:13:13 xx8 postfix/smtpd[16579]: Anonymous TLS connection established from unstiscull.mainjudiinternet.com[193.233.182.110]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 26 16:13:13 xx8 postfix/smtpd[16579]: D954BE27B5: client=unstiscull.mainjudiinternet.com[193.233.182.110]
Apr 26 16:13:15 xx8 postfix/smtpd[16579]: disconnect from unstiscull.mainjudiinternet.com[193.233.182.110] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 26 16:13:19 xx8 postfix/smtpd[16626]: DC4F9E27A0: client=localhost[127.0.0.1], orig_client=unstiscull.mainjudiinternet.com[193.233.182.110]
Apr 26 16:38:46 xx8 postfix/smtp[36517]: Untrusted TLS connection established to mainjudiinternet.com[193.233.182.110]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 26 16:38:47 xx8 postfix/smtp[36517]: 6CA14E2CEC: to=<ran.fow@mainjudiinternet.com>, relay=mainjudiinternet.com[193.233.182.110]:25, delay=7.1, delays=0.01/0/6.6/0.55, dsn=2.0.0, status=sent (250 OK id=1njHeg-0005rl-IP)
Apr 26 16:48:46 xx8 postfix/postscreen[23901]: CONNECT from [193.233.182.110]:32958 to [xx.xx.xx.xx]:25
Apr 26 16:48:46 xx8 postfix/dnsblog[3620]: addr 193.233.182.110 listed by domain truncate.gbudb.net as 127.0.0.2
Apr 26 16:48:51 xx8 postfix/postscreen[23901]: PASS OLD [193.233.182.110]:32958
Apr 26 16:48:51 xx8 postfix/smtpd[16571]: connect from unstiscull.mainjudiinternet.com[193.233.182.110]
Apr 26 16:48:52 xx8 postfix/smtpd[16571]: Anonymous TLS connection established from unstiscull.mainjudiinternet.com[193.233.182.110]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 26 16:48:52 xx8 postfix/smtpd[16571]: E17EFE2EAF: client=unstiscull.mainjudiinternet.com[193.233.182.110]
Apr 26 16:48:54 xx8 postfix/smtpd[16571]: disconnect from unstiscull.mainjudiinternet.com[193.233.182.110] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 26 16:48:55 xx8 postfix/postscreen[23901]: CONNECT from [193.233.182.110]:54328 to [xx.xx.xx.xx]:25
Apr 26 16:48:55 xx8 postfix/postscreen[23901]: PASS OLD [193.233.182.110]:54328
Apr 26 16:48:55 xx8 postfix/smtpd[23087]: connect from unstiscull.mainjudiinternet.com[193.233.182.110]
Apr 26 16:48:56 xx8 postfix/smtpd[23087]: Anonymous TLS connection established from unstiscull.mainjudiinternet.com[193.233.182.110]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Apr 26 16:48:56 xx8 postfix/smtpd[36950]: 9A7F7E2EEF: client=localhost[127.0.0.1], orig_client=unstiscull.mainjudiinternet.com[193.233.182.110]
Apr 26 16:48:56 xx8 postfix/smtpd[23087]: CBD68E2EAF: client=unstiscull.mainjudiinternet.com[193.233.182.110]
Apr 26 16:48:58 xx8 postfix/smtpd[23087]: disconnect from unstiscull.mainjudiinternet.com[193.233.182.110] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Apr 26 16:49:00 xx8 postfix/smtpd[36950]: 65F8CE2EEF: client=localhost[127.0.0.1], orig_client=unstiscull.mainjudiinternet.com[193.233.182.110]



1651151690747.png

Is this a matter of dnsbl site structure or something else.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!