Reject but send to Quarantine

thiagotgc

Active Member
Dec 17, 2019
151
20
38
37
I am missing too many valid emails because of RBL.

I don't want to disable it, so I would like to create an Action, for all "REJECT" messages to be kept in Quarantine.

It's possible? How do I do?
 
If you reject message, you cannot move into the quarantine as the email was never transmitted to your network.

Just disable DNSBL on SMTP level.
 
I see, and thanks for the feedback tom!

I used Xeams for many years, and I'm starting to learn from PMG!

It turns out that my public IP here from the office is listed in an RBL, and even sending email from GMAIL WEB, PMG is rejecting, because it is checking my IP.

How should I make PMG check RBL from the server sending the message, in my case it would be from the GMAIL server.
 
haha ha

Yes, but I can't do it for everyone, unfortunately ...

So I am looking for a solution without losing security

How many public IP you have?
If your public IP is blacklisted, either delist the IP or ask your ISP to give you a clean new public IP.
 
I don't think you understand.
The problem is not only with my IP (I gave just one example from me)

I'm having a lot of false positives with RBL.

I would like to be able to lower my score, or to prevent emails listed on the RBL from being rejected, but sent to quarantine ...
 
I don't think you understand.
The problem is not only with my IP (I gave just one example from me)

I'm having a lot of false positives with RBL.

I would like to be able to lower my score, or to prevent emails listed on the RBL from being rejected, but sent to quarantine ...

Increase your DNSBL threshold and add multiple RBL server. This should reduce false positive.
But then if the IP is blacklisted on all your RBL servers, it will get bloacked at the end.
 
  • Like
Reactions: thiagotgc
Great, but where and how best to adjust?

EDIT: dnsbl.spfbl.net,dnsbl.sorbs.net,b.barracudacentral.org,psbl.surriel.com,cbl.abuseat.org
 
Last edited:
Thank you for your help.

I had already seen your topic, but it got a little confusing for me.

What is the best setting for RBL?
 
Last edited:
zen.spamhaus.org*2,bl.spamcop.net*2,psbl.surriel.com*2,spamrbl.imp.ch*2,noptr.spamrats.com*2,escalations.dnsbl.sorbs.net*2,bl.score.senderscore.com*2,bl.spameatingmonkey.net*2,rbl.realtimeblacklist.com*2,dnsbl.dronebl.org*2,ix.dnsbl.manitu.net,b.barracudacentral.org,truncate.gbudb.net,bl.blocklist.de with threshold of 2 is a good set with really few false positives, zen.spamhaus.org,bl.spamcop.net,psbl.surriel.com,spamrbl.imp.ch,noptr.spamrats.com,escalations.dnsbl.sorbs.net,bl.score.senderscore.com,bl.spameatingmonkey.net,rbl.realtimeblacklist.com,dnsbl.dronebl.org,ix.dnsbl.manitu.net,b.barracudacentral.org,truncate.gbudb.net,bl.blocklist.de is more safe setup with somehow zero false positives, but a few false negatives (undetected spam), also with threshold of 2
 
Great!

Can you explain to me what is the difference between leaving DNS Thresould at 2, or 3, or 1 .... and adding RBL with * 2, or * 3, etc ...

What influences?

Thank you for your help.
 
In this stage you can also enable DNSBL, with settings are like below, client must be listed in zen.spamhause.org (factor 2) and in one of other DNSBL to reach threshold of 3 and be rejected. Of course factors and DNSBL servers you can set at your own.

postscreen_dnsbl_action = enforce
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_sites =
zen.spamhaus.org*2
bl.spamcop.net*1
b.barracudacentral.org*1

https://drfugazi.eu.org/en/postscreen-greylisting-postfix/
http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites
 
  • Like
Reactions: heutger
As @hata_ph referred to: Threshold is a score to meet with DNSBL hits, 1 mean just one hit is required, 2 mean two lists need to have the IP listed etc., with *2 you can weight lists, so if a minimum of 2 is requires, two lists without multiplication are required or just one list with *2, you could also use *-1 or any other negative value to weight in whitelists (I don’t recommend as somehow I didn’t saw any reliable whitelist yet). My set is optimized as I saw somehow none (or really really rare) false-positives on *2-lists (but you can improve by removing *2 to no false-positives) and the others have very very low false-positives. I don’t use lists, which for sure are great but have many false-positives to outweighed them by whitelists like JustSpam, rbldns.ru, Hostkarma, ... as again, whitelists are not reliable.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!