GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Blacklists from behind Gateway/NAT
help-browser.png  Blacklists from behind Gateway/NAT [message #146046] Mon, 24 June 2019 17:08 Go to next message
jcooper is currently offline  jcooper
Messages: 113
Registered: May 2009
Location: Syracuse, NY
Hi,

I'm trying to fine tune my spam filtering. I have some done by my gateway (Sophos UTM 9) and use Spam Assassin on my Kerio server. My gateway flat out blocks everything for which it gets a positive reply on a BL, and sorbs has lots of false positives, so I'm hoping to use Kerio's blacklist and just add to the spam score so false positives will land in users' spam folders but they'll at least still get them.

Anyway, the blacklists don't seem to be getting used by Kerio and I can't figure out why. Do blacklists like sorbs.net use special ports for sending message headers and getting results back? I checked their site obviously and couldn't find anything. I'm wondering if I need to forward something to my mail server besides normal email/kerio/exchange ports (SMTP, HTTPS, etc) for the blacklists to work.

When I turn on message filtering in the debug logs, nothing from sorbs shows up, so I'm assuming it's not even calling it; but I"m not sure if the problem is on the way out, on the way back, or the server its just broken or set up wrong.

Thanks,

Jeff

[Updated on: Mon, 24 June 2019 17:33]

Report message to a moderator

Re: Blacklists from behind Gateway/NAT [message #146061 is a reply to message #146046] Tue, 25 June 2019 12:17 Go to previous messageGo to next message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
Not really ... it should work and is quite straighforward.

DNS SUFFIX: dnsbl.sorbs.net
Add to spamscore whatever you want, dont ask directly. That's it.

you should see something like this in the security log:

[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist SpamCop, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist SORBS DNSBL, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist WPBL - Weighted Private Block List, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist Barracudacentral, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist Abuseat, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
Re: Blacklists from behind Gateway/NAT [message #146072 is a reply to message #146061] Tue, 25 June 2019 20:02 Go to previous messageGo to next message
jcooper is currently offline  jcooper
Messages: 113
Registered: May 2009
Location: Syracuse, NY
Well this is a problem because it's not. Nothing in the spam logs, nothing in the debug log. Northing in Security. I removed and re-added them in case something for scrambled and it's still not working. May be time to open a support ticket. Thanks.
Re: Blacklists from behind Gateway/NAT [message #146074 is a reply to message #146072] Tue, 25 June 2019 21:54 Go to previous messageGo to next message
dhardyuk is currently offline  dhardyuk
Messages: 20
Registered: May 2019
Is your mail server able to resolve external DNS correctly?
Re: Blacklists from behind Gateway/NAT [message #146077 is a reply to message #146074] Wed, 26 June 2019 00:33 Go to previous messageGo to next message
jcooper is currently offline  jcooper
Messages: 113
Registered: May 2009
Location: Syracuse, NY
Yes it is.

Thanks,

Jeff
Re: Blacklists from behind Gateway/NAT [message #146079 is a reply to message #146046] Wed, 26 June 2019 07:34 Go to previous messageGo to next message
PPG is currently online  PPG
Messages: 181
Registered: February 2010
jcooper wrote on Mon, 24 June 2019 17:08
Hi,

I'm trying to fine tune my spam filtering. I have some done by my gateway (Sophos UTM 9) and use Spam Assassin on my Kerio server. My gateway flat out blocks everything for which it gets a positive reply on a BL, and sorbs has lots of false positives, so I'm hoping to use Kerio's blacklist and just add to the spam score so false positives will land in users' spam folders but they'll at least still get them.

Anyway, the blacklists don't seem to be getting used by Kerio and I can't figure out why. Do blacklists like sorbs.net use special ports for sending message headers and getting results back? I checked their site obviously and couldn't find anything. I'm wondering if I need to forward something to my mail server besides normal email/kerio/exchange ports (SMTP, HTTPS, etc) for the blacklists to work.

When I turn on message filtering in the debug logs, nothing from sorbs shows up, so I'm assuming it's not even calling it; but I"m not sure if the problem is on the way out, on the way back, or the server its just broken or set up wrong.

Thanks,

Jeff
I'm using the same set up. However have finetuned the UTM so i am not facing a lot of false positives.
In the Kerio Debug log turn on the Spamassasin messages. You can check which BL have been used by searching fo "async: completed"

Grtz, PPG

Re: Blacklists from behind Gateway/NAT [message #146087 is a reply to message #146046] Wed, 26 June 2019 14:24 Go to previous message
freakinvibe is currently offline  freakinvibe
Messages: 588
Registered: April 2004
You cannot use black lists like Spamhaus on Kerio Connect if Kerio is not directly getting mails from the Internet. If you have Sophos UTM inbetween, then all messages will be coming from the Sophos IP address, so it will not block anything.

On the other hand, if you have enabled the black lists on Sophos, it does not make sense to have them enable on Kerio as well.

So in your case, I would disable all BLs on Kerio and have Sophos tag the mails. Also, don't use SORBS, it is horrible and has so many false positives. User Spamhaus ZEN and some others.


Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch
Previous Topic: Message rejected as phishing spam
Next Topic: iPhone Sync error
Goto Forum:
  


Current Time: Fri Feb 03 11:03:43 CET 2023

Total time taken to generate the page: 0.02164 seconds