How to set Spamhaus DNSBL correctly?

hata_ph

Well-Known Member
Nov 13, 2019
868
187
48
43
Just set your DNSBL list and threshold under Mail Proxy -> Options.

1660383327720.png
 

mgutt

New Member
Apr 23, 2022
6
0
1
This does not answer my question. This is only a workaround by raising all blacklist checks to two hits.
 

mgutt

New Member
Apr 23, 2022
6
0
1
Which is correct as the other return codes are "not relevant":
https://www.spamhaus.org/faq/section/DNSBL Usage#200
127.255.255.254 Any Query via public/open resolver
127.255.255.255 Any Excessive number of queries

This means proxmox mgw blocks the mail, if we hit "excessive number of queries" or "query through public resolver" which happens as of my experience randomly.

We can solve this as follows:
- Not using spamhaus (they are the only one with this behaviour)
- Use your workaround which makes the filter weaker
- Let proxmox ignore the irrelevant return codes (which is my question how to set this up)
 

hata_ph

Well-Known Member
Nov 13, 2019
868
187
48
43
Which is correct as the other return codes are "not relevant":
https://www.spamhaus.org/faq/section/DNSBL Usage#200


This means proxmox mgw blocks the mail, if we hit "excessive number of queries" or "query through public resolver" which happens as of my experience randomly.

We can solve this as follows:
- Not using spamhaus (they are the only one with this behaviour)
- Use your workaround which makes the filter weaker
- Let proxmox ignore the irrelevant return codes (which is my question how to set this up)
Are your PMG using public DNS like google or cloudflare? It will cause those 2 error.
Set PMG to use a local resolver/DNS server will solve the problem.
 
  • Like
Reactions: Stoiko Ivanov

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
7,230
1,137
164
Not possible. We are using 1.1.1.2 or 9.9.9.11 only (security guidelines).
For E-mail I would agree with @hata_ph - you need a resolver of your own to get any decent spam-detection due to some very good dnsbls/uribls having a ratelimit

Alternatively you can consider getting a paid feed from them (these are usually quite well configurable with public resolvers as well)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!