DNSBL

A

Abdelrahman

Member
Dec 9, 2018
19
1
8
34
Hello,

One of the emails got rejected because It was listed on zen.spamhaus.org but when I tried to send to the same email it got accepted/delivered!

Now I'm using "all.s5h.net,blacklist.woody.ch,combined.abuse.ch,dnsbl-2.uceprotect.net,dnsbl.sorbs.net,dul.dnsbl.sorbs.net,ips.backscatterer.org,,misc.dnsbl.sorbs.net,pbl.spamhaus.org,relays.bl.gweep.ca,singular.ttk.pte.hu,spam.abuse.ch,spam.spamrats.com,spamsources.fabel.dk,virus.rbl.jp,xbl.spamhaus.org,zombie.dnsbl.sorbs.net,b.barracudacentral.org,bogons.cymru.com,db.wpbl.info,dnsbl-3.uceprotect.net,drone.abuse.ch,dyna.spamrats.com,ix.dnsbl.manitu.net,noptr.spamrats.com,proxy.bl.gweep.ca,relays.nether.net,smtp.dnsbl.sorbs.net,spam.dnsbl.anonmails.de,spambot.bls.digibase.ca,ubl.lashback.com,web.dnsbl.sorbs.net,z.mailspike.net,bl.spamcop.net,cbl.abuseat.org,dnsbl-1.uceprotect.net,dnsbl.dronebl.org,duinv.aupads.org,http.dnsbl.sorbs.net,korea.services.net,orvedb.aupads.org,psbl.surriel.com,sbl.spamhaus.org,socks.dnsbl.sorbs.net,spam.dnsbl.sorbs.net,spamrbl.imp.ch,ubl.unsubscore.com,wormrbl.imp.ch,zen.spamhaus.org"

Will that cause a problem to have all these backlists?

I need to make sure that the spam detector is very high so I don't lose the reputation of my clean IP address

Thank you
 
Last edited:
Check now and the IP is being listed.
Show log which show IP not being block.

1621602930433.png
 
hmmmmm, the IP address is different in the accepted messages ... so now it makes sense!.
Is it okay to use all those backlists?
 
Abdelrahman said:
Is it okay to use all those backlists?
Click to expand...
False positives can happen and would require a bit more time to process mail and on a busy PMG that could cause delays especially if some of those are not responding and timeouts are waited for.

Personally, I would remove all the uceprotect and sorbs lists. Have had issues with both for listing our IPs and not expiring them or responding to tickets and just being unprofessional for at least uceprotect .
 
Abdelrahman said:
hmmmmm, the IP address is different in the accepted messages ... so now it makes sense!.
Is it okay to use all those backlists?
Click to expand...
I see absolutely no reason to use all of those DNSBL blocklists. You will run into multiple problems doing this. Having more is usually not the right way to go. Simple and cleaner setup is better than complex setup.

Some problems you will get with running such a high number of DNSBL blocklists:
- With each email you receive your dns servers that you are querying will have to do a dns query to check on each block list. Because of high number of blocklists you might hit the limits of your dns provider that you are using and then you will lose the ability to do dns query (that will stop your mail flow because you won't be able to resolve domain names with your dns server...)
- You will have extremely high level of false positives this means that if someone will try to send you legitimate email it will be lost if they are on any of this DNSBL blocklists depending how you are setting your DNSBL threshold. Keep in mind that when using DNSBL email is blocked before it's even processed so you can't quarantine it for example.
- Some of this DNSBL blocklists might stop working properly and all of your email can be blocked. It happened before many times on many DNSBL blocklists

I have taken a different approach and have done research into what are reputable DNSBL and what DNSBL would work for our mail flow. It can be quite different for each company as every company has different mail flow so just using someones recommended DNSBL blocklists might not be the best idea.

Every time we received a legitimate spam/phishing/malicious email I have immediately checked on https://mxtoolbox.com/blacklists.aspx and https://www.abuseipdb.com/ and see if they are listed and on what DNSBL are listed. You need to do this quickly to find out what would be the best DNSBL for you.

Once you start doing this you will notice that over and over the same DNSBL will be the fastest to list spam/phishing/malicious servers.

Make sure you read everything on each DNSBL website you intend to use and see if they require any registration or they have any limitations that are relevant for you (for some you have to register and provide your public ip address from where you will be doing dns queries b.barracudacentral.org is an example of that)

After all that I have decided on using

1621632068002.png

I am using DNSBL Threshold 1 because I know that the DNSBL I am using are very high quality and I have added exceptions on DNSBL for major email providers so legitimate email won't be blocked (if you don't do this legitimate email will be bloked by sorbs usually as providers like google don't care if they are on DNSBL lists). You can check for more information on my old post https://forum.proxmox.com/threads/s...x-filter-in-reply-to-field.80037/#post-354681

I was also using dnsbl-1.uceprotect.net in the past but stopped using it as it contained too many false positives for our mail flow.

Do your own research before using something for best results and keep your setup simple. Unless you have unlimited resources to do the work you this is the only way you can maintain high quality mail filter with limited resources.
 
poetry said:
I see absolutely no reason to use all of those DNSBL blocklists. You will run into multiple problems doing this. Having more is usually not the right way to go. Simple and cleaner setup is better than complex setup.

Some problems you will get with running such a high number of DNSBL blocklists:
- With each email you receive your dns servers that you are querying will have to do a dns query to check on each block list. Because of high number of blocklists you might hit the limits of your dns provider that you are using and then you will lose the ability to do dns query (that will stop your mail flow because you won't be able to resolve domain names with your dns server...)
- You will have extremely high level of false positives this means that if someone will try to send you legitimate email it will be lost if they are on any of this DNSBL blocklists depending how you are setting your DNSBL threshold. Keep in mind that when using DNSBL email is blocked before it's even processed so you can't quarantine it for example.
- Some of this DNSBL blocklists might stop working properly and all of your email can be blocked. It happened before many times on many DNSBL blocklists

I have taken a different approach and have done research into what are reputable DNSBL and what DNSBL would work for our mail flow. It can be quite different for each company as every company has different mail flow so just using someones recommended DNSBL blocklists might not be the best idea.

Every time we received a legitimate spam/phishing/malicious email I have immediately checked on https://mxtoolbox.com/blacklists.aspx and https://www.abuseipdb.com/ and see if they are listed and on what DNSBL are listed. You need to do this quickly to find out what would be the best DNSBL for you.

Once you start doing this you will notice that over and over the same DNSBL will be the fastest to list spam/phishing/malicious servers.

Make sure you read everything on each DNSBL website you intend to use and see if they require any registration or they have any limitations that are relevant for you (for some you have to register and provide your public ip address from where you will be doing dns queries b.barracudacentral.org is an example of that)

After all that I have decided on using

View attachment 26189

I am using DNSBL Threshold 1 because I know that the DNSBL I am using are very high quality and I have added exceptions on DNSBL for major email providers so legitimate email won't be blocked (if you don't do this legitimate email will be bloked by sorbs usually as providers like google don't care if they are on DNSBL lists). You can check for more information on my old post https://forum.proxmox.com/threads/s...x-filter-in-reply-to-field.80037/#post-354681

I was also using dnsbl-1.uceprotect.net in the past but stopped using it as it contained too many false positives for our mail flow.

Do your own research before using something for best results and keep your setup simple. Unless you have unlimited resources to do the work you this is the only way you can maintain high quality mail filter with limited resources.
Click to expand...
Thanks a lot for your response, I totally agree with you, just one more last question should I use "," or ";" ? when I set the values in DNSBL sites?
 
Abdelrahman said:
Thanks a lot for your response, I totally agree with you, just one more last question should I use "," or ";" ? when I set the values in DNSBL sites?
Click to expand...
It seem both work on the GUI but I see it will change to "," in the config under /etc/postfix/main.cf.
 
  • Like
Reactions: Abdelrahman
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back