[SOLVED] How does DNSBL realy works?

U

ukro

Member
May 16, 2021
125
13
23
39
Greetings,
So i have this DNSBL:

Code: 
bl.spamcop.net,zen.spamhaus.org,dnsbl.sorbs.net,rhsbl.sorbs.net,db.wpbl.info,b.barracudacentral.org,psbl.surriel.com,dnsbl.nijabl.org,,gterin.com.ua,in.ua,bankpersiy.com.ua,barbakan.com.ua,bioco.kiev.ua,dnsbl-1.uceprotect.net,ix.dnsbl.manitu.net,truncate.gbudb.net,multi.uribl.com

As you can see sorbs is on 3rd position.
DSBL Threshold i have 5.

I know this is spam but why it is rejected by sorbs if i have threshold 5? And each DNSBL have no multiplication which should be 1 right?
Code: 
Sep 24 21:44:09 pmg postfix/postscreen[40961]: NOQUEUE: reject: RCPT from [114.237.154.241]:4651: 550 5.7.1 Service unavailable; client [114.237.154.241] blocked using dnsbl.sorbs.net; from=<fxkhro@mrhc.com>, to=<xxxxxx>, proto=ESMTP, helo=<mrhc.com>

Thank you
 
DNSBL work by calculating hits based on your DNSBL sites and threshold.
You can check your hits by running "cat /var/log/mail.log | grep 114.237.154.241"

https://multirbl.valli.org/lookup/114.237.154.241.html

Below is my result of some blocked DNSBL hit with threshold of 2.

Code: 
root@pmg:~# cat /var/log/mail.log | grep 27.189.129.42
Sep 25 07:42:00 pmg postfix/postscreen[6858]: CONNECT from [27.189.129.42]:54005 to [192.168.40.106]:26
Sep 25 07:42:01 pmg postfix/dnsblog[6859]: addr 27.189.129.42 listed by domain zen.spamhaus.org as 127.0.0.3
Sep 25 07:42:01 pmg postfix/dnsblog[6859]: addr 27.189.129.42 listed by domain zen.spamhaus.org as 127.0.0.11
Sep 25 07:42:01 pmg postfix/dnsblog[6859]: addr 27.189.129.42 listed by domain zen.spamhaus.org as 127.0.0.4
Sep 25 07:42:06 pmg postfix/postscreen[6858]: DNSBL rank 2 for [27.189.129.42]:54005
Sep 25 07:42:06 pmg postfix/dnsblog[6861]: addr 27.189.129.42 listed by domain psbl.surriel.com as 127.0.0.2
Sep 25 07:42:07 pmg postfix/postscreen[6858]: NOQUEUE: reject: RCPT from [27.189.129.42]:54005: 550 5.7.1 Service unavailable; client [27.189.129.42] blocked using zen.spamhaus.org; from=<vfgyj@hotmail.com>, to=<user1@mydomain.com>, proto=ESMTP, helo=<hotmail.com>
Sep 25 07:42:07 pmg postfix/postscreen[6858]: DISCONNECT [27.189.129.42]:54005
 
You must log in or register to reply here.
Top Bottom