Spam filtering and dnsbl

If you plan to use spamassassin only, create custom rules for DNSBL blacklist.

https://support.cpanel.net/hc/en-us...Adding-Custom-RBL-DNS-Lookups-To-SpamAssassin

Code:
# DNSBL custom blacklist
header DNSBL_UCEPROTECT1      eval:check_rbl('uceprotect1', 'dnsbl-1.uceprotect.net.')
describe DNSBL_UCEPROTECT1    sender listed in dnsbl-1.uceprotect.net
score DNSBL_UCEPROTECT1 2

header DNSBL_SPAMHAUS      eval:check_rbl('spamhaus', 'zen.spamhaus.org.')
describe DNSBL_SPAMHAUS    sender listed in zen.spamhaus.org
score DNSBL_SPAMHAUS 2

header DNSBL_SURRIEL      eval:check_rbl('surriel', 'psbl.surriel.com.')
describe DNSBL_SURRIEL    sender listed in psbl.surriel.com
score DNSBL_SURRIEL 2

header DNSBL_SPAMRATS      eval:check_rbl('spamrats', 'all.spamrats.com.')
describe DNSBL_SPAMRATS    sender listed in all.spamrats.com
score DNSBL_SPAMRATS 2

header DNSBL_MAILSPIKE      eval:check_rbl('mailspike', 'bl.mailspike.net.')
describe DNSBL_MAILSPIKE    sender listed in bl.mailspike.net
score DNSBL_MAILSPIKE 2

Code:
Spam detection results:  3
AWL                    -2.816 Adjusted score from AWL reputation of From: address
BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
DNSBL_MAILSPIKE             2 sender listed in bl.mailspike.net
DNSBL_SPAMHAUS              2 sender listed in zen.spamhaus.org
DNSBL_SPAMRATS              2 sender listed in all.spamrats.com
HTML_MESSAGE            0.001 HTML included in message
KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
MIME_HTML_ONLY            0.1 Message only has text/html MIME parts
RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/, no trust
RCVD_IN_MSPIKE_H2      -0.001 Average reputation (+2)
SPF_PASS               -0.001 SPF: sender matches SPF record
SUBJ_ALL_CAPS             0.5 Subject is all capitals
SUBJ_UTF8                   1 Subject with UTF-8 encoding
TOO_POLITE                  1 Hey/Hi/Hai/Hello greetings
T_KAM_HTML_FONT_INVALID   0.01 Test for Invalidly Named or Formatted Colors in HTML
T_SCC_BODY_TEXT_LINE    -0.01 -
T_SPF_HELO_TEMPERROR     0.01 SPF: test of HELO record failed (temperror)
With the weight of each dnsbl =2, which score level is set?
 
Raising the score level threshold via dnsbl specified in custom.cf triggered on outgoing messages. Is it possible to make it work only on incoming emails?
Moreover, there is no real ip of our server in these dnsbls - I checked.

2 18:09:41 mail postfix/smtpd[15411]: 74625C23C6: client=unknown[my_ip]
Jun 22 18:09:41 mail postfix/cleanup[14256]: 74625C23C6: message-id=<web-44226352@mydomain>
Jun 22 18:09:41 mail postfix/qmgr[806]: 74625C23C6: from=<name@mydomain>, size=4076184, nrcpt=1 (queue active)
Jun 22 18:09:41 mail postfix/smtpd[15411]: disconnect from unknown[my_ip] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 22 18:09:42 mail pmg-smtp-filter[15394]: C23C962B330B5B20D0: new mail message-id=<web-44226352@mydomain>#012
Jun 22 18:09:49 mail pmg-smtp-filter[15394]: C23C962B330B5B20D0: SA score=8/5 time=4.172 bayes=undefined autolearn=disabled hits=DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DNSBL_BACKSCATTERER(2),DNSBL_BARRACUDACENTRAL(2),DNSBL_SPAMHAUS(2),DNSBL_SPAMRATS(2),KAM_DMARC_STATUS(0.01),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_BLOCKED(0.001),URIBL_ZEN_BLOCKED_OPENDNS(0.001)
Jun 22 18:09:49 mail pmg-smtp-filter[15394]: C23C962B330B5B20D0: notify <name@mydomain> (rule: Block outgoing Spam (Level 6), B61F9C23D0)
Jun 22 18:09:49 mail pmg-smtp-filter[15394]: C23C962B330B5B20D0: notify <name@mydomain> (rule: Block outgoing Spam (Level 6), C895EC23D1)
Jun 22 18:09:49 mail pmg-smtp-filter[15394]: C23C962B330B5B20D0: block mail to <name@mail.ru> (rule: Block outgoing Spam (Level 6))
Jun 22 18:09:50 mail pmg-smtp-filter[15394]: C23C962B330B5B20D0: processing time: 7.968 seconds (4.172, 3.258, 0)
Jun 22 18:09:50 mail postfix/lmtp[14962]: 74625C23C6: to=<name@mail.ru>, relay=127.0.0.1[127.0.0.1]:10023, delay=8.6, delays=0.23/0/0.01/8.3, dsn=2.7.0, status=sent (250 2.7.0 BLOCKED (C23C962B330B5B20D0))
Jun 22 18:09:50 mail postfix/qmgr[806]: 74625C23C6: removed
 
Last edited:
Domains explicitly added to the global whitelist received reject (gmail.com domain in global whitelist)
Jun 21 10:04:43 mail postfix/postscreen[833]: NOQUEUE: reject: RCPT from [209.85.219.181]:35802: 550 5.7.1 Service unavailable; client [209.85.219.181] blocked using dnsbl.sorbs.net; from=<mail.jiv@gmail.com>, to=<mail@mydomain>, proto=ESMTP, helo=<mail-yb1-f181.google.com>

And this is about a letter from our partner - definitely a good one (gmail.com domain in global whitelist):
Jun 21 11:03:37 mail postfix/postscreen[5944]: NOQUEUE: reject: RCPT from [209.85.210.51]:33360: 550 5.7.1 Service unavailable; client [209.85.210.51] blocked using zen.spamhaus.org; from=<name@gmail.com>, to=<mail@mydomain>, proto=ESMTP, helo=<mail-ot1-f51.google.com>
1) The global white sheet (domain) is being ignored again gmail.com added to the global whitelist in mail proxy). What should I do to make the global whitelist a priority?

2) According to the priority of the rules: priority - the higher the number, the higher the priority or vice versa?

Jun 22 18:26:29 mail postfix/smtpd[15739]: connect from mail-ua1-f44.google.com[209.85.222.44]
Jun 22 18:26:30 mail postfix/smtpd[15739]: 22EAFC240C: client=mail-ua1-f44.google.com[209.85.222.44]
Jun 22 18:26:30 mail postfix/cleanup[15446]: 22EAFC240C: message-id=<CAFpgnOBUMmmvAaew032k6pBVTJkuwdsKKndf+mBg1N7ki4nPDQ@mail.gmail.com>
Jun 22 18:26:30 mail postfix/qmgr[806]: 22EAFC240C: from=<name@gmail.com>, size=361053, nrcpt=1 (queue active)
Jun 22 18:26:30 mail pmg-smtp-filter[16203]: C241B62B334A6D2730: new mail message-id=<CAFpgnOBUMmmvAaew032k6pBVTJkuwdsKKndf+mBg1N7ki4nPDQ@mail.gmail.com>#012
Jun 22 18:26:35 mail pmg-smtp-filter[16203]: C241B62B334A6D2730: SA score=6/5 time=4.195 bayes=undefined autolearn=disabled hits=DKIM_ADSP_CUSTOM_MED(0.001),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DNSBL_SORBS(3),DNSBL_SPAMHAUS(3),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),NML_ADSP_CUSTOM_MED(1.2),RCVD_IN_DNSWL_HI(-1),RCVD_IN_MSPIKE_H2(-0.001),RCVD_IN_ZEN_BLOCKED_OPENDNS(0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_FREEMAIL_DOC_PDF(0.01),T_SCC_BODY_TEXT_LINE(-0.01)
Jun 22 18:26:36 mail pmg-smtp-filter[16203]: C241B62B334A6D2730: moved mail for <name@mydomain> to spam quarantine - C249762B334ABEED44 (rule: Quarantine/Mark Spam (Level 6))
Jun 22 18:26:36 mail pmg-smtp-filter[16203]: C241B62B334A6D2730: processing time: 5.159 seconds (4.195, 0.748, 0)
Jun 22 18:26:36 mail postfix/lmtp[14969]: 22EAFC240C: to=<name@mydomain>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.9, delays=0.7/0/0.01/5.2, dsn=2.5.0, status=sent (250 2.5.0 OK (C241B62B334A6D2730))
Jun 22 18:26:36 mail postfix/qmgr[806]: 22EAFC240C: removed
Jun 22 18:27:03 mail postfix/smtpd[15739]: disconnect from mail-ua1-f44.google.com[209.85.222.44] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=2 quit=1 commands=8
 
Last edited:
Provide your whitelist entry.
1) Where exactly to add exclusion domains: mail proxy or who whitelist.
2) What is the processing order:
- rules the higher the number, the higher the priority or vice versa
- mail proxy whitelist and mail filter (who whitelist) - who takes priority.
3) How and where to add the domain so that the DKIM and SPF checks are preserved.
4) How to understand as well as SPF and DNSBL check in 4.4.1 - checks are disabled?
5) If I added a domain to the mail proxy whitelist - do I need to remove them from there?

PS: I honestly tried to find the answer in the manual, then on the forum - I found your answer, but not immediately.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!