 Domain Block List (DBL) support? [message #89330] |
Thu, 10 May 2012 22:50  |
Lyle M
Messages: 59
Registered: August 2004
Location: Frederick, MD
|
|
|
|
I'd like to use dbl.spamhaus.org to supplement my anti-spam arsenal. Does anyone know a way to tell Kerio to query the host name vs. the IP address for a specific blacklist entry?
Thanks!
|
|
|
|
| Re: Domain Block List (DBL) support? [message #89334 is a reply to message #89330] |
Thu, 10 May 2012 23:37  |
garetjax
Messages: 9
Registered: February 2008
Location: Campbell, CA
|
|
|
|
Lyle,
You can easily add additional anti-spam sources. In the Admin console, select Configuration->Content Filter->Spam Filter. Select the Blacklists tab. Scroll down to the Internet blacklists section and below the list select the Add... button. Add your spamhaus blacklist and its default action (block, add to score). Make sure the new blacklist is enable in the Internet Blacklists list.
|
|
|
|
| Re: Domain Block List (DBL) support? [message #89335 is a reply to message #89334] |
Fri, 11 May 2012 00:17 |
Lyle M
Messages: 59
Registered: August 2004
Location: Frederick, MD
|
|
|
|
Hi Dave,
Thanks for your reply. My concern is that dbl.spamhaus.org uses the sending server's domain instead of the IP address.
So, instead of querying with 1.82.70.90.dbl.spamhaus.org,
it would be... newspost.com.spamhaus.org
How will Connect know to use the domain vs. the IP?
Thanks,
Lyle
|
|
|
|
|
|
| Re: Domain Block List (DBL) support? [message #89348 is a reply to message #89339] |
Fri, 11 May 2012 03:34 |
Lyle M
Messages: 59
Registered: August 2004
Location: Frederick, MD
|
|
|
|
TorW wrote on Thu, 10 May 2012 18:35Spamhaus' DBL zone cannot be used as a straight DNSBL:
The host query for the DBL is essentially the same (with host vs. IP) and responds identically to an IP-based DNSBL. It could be used if the query could include the host name.
Quote:Kerio Connect only feed the connecting IP to the DNSBL checker, and if you look up an IP in DBL it will always come back as listed.
Thanks, I'm aware of that. Sorry my original question didn't convey that clearly - I could have saved you some typing.
Quote:DBL checks belong in SpamAssassin or other content scanners, just like URIBL.
I try to avoid messing with Kerio's SpamAssassin setup. In the past, I had to restore my customizations with each upgrade. I also try to keep our configs as high-level as possible to ease things for 'the next guy.' However, if it's the only option...
I appreciate the feedback.
|
|
|
|
|
|
| Re: Domain Block List (DBL) support? [message #89380 is a reply to message #89375] |
Fri, 11 May 2012 14:57 |
Lyle M
Messages: 59
Registered: August 2004
Location: Frederick, MD
|
|
|
|
Thanks Pascal.
After Tor's response (instead of going to sleep) I poked into the SA rules to refresh myself on formatting urirhssub. In 25_uribl.cf I saw (and felt silly):
# DBL, http://www.spamhaus.org/dbl/
if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains _only)
urirhssub URIBL_DBL_SPAM dbl.spamhaus.org. A 127.0.1.2
body URIBL_DBL_SPAM eval:check_uridnsbl('URIBL_DBL_SPAM')
describe URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
tflags URIBL_DBL_SPAM net domains_only
# this indicates that IP-address queries were sent to DBL, and should
# never appear; if it does, something is wrong with SpamAssassin
urirhssub URIBL_DBL_ERROR dbl.spamhaus.org. A 127.0.1.255
body URIBL_DBL_ERROR eval:check_uridnsbl('URIBL_DBL_ERROR')
describe URIBL_DBL_ERROR Error: queried the DBL blocklist for an IP
tflags URIBL_DBL_ERROR net domains_only
endif
Yesterday, I was spot checking incoming spam and found an instance where the domain generated a positive with dbl.spamhaus.org (which is why I was interested in adding it). I looked back at the email last night, but the headers didn't contain a URIBL_DBL_SPAM hit. My original review was only a few minutes after receipt.
I ran the SA debug logs last night and found that dbl.spamhaus.org is working as it should. I must have been dealing with a domain that was only recently blacklisted after my host received it.
(from debug)
dbg: async: completed in 0.102 s: URI-DNSBL, DNSBL:dbl.spamhaus.org.:ocatt.ru
dbg: uridnsbl: domain "ocatt.ru" listed (URIBL_DBL_SPAM): 127.0.1.2
So, today I'll tweak the scoring in 50_scores.cf a little.
I appreciate everyone's feedback and guidance. Many thanks.
Regards,
Lyle
|
|
|
|
| Re: Domain Block List (DBL) support? [message #89389 is a reply to message #89380] |
Fri, 11 May 2012 17:11 |
Lyle M
Messages: 59
Registered: August 2004
Location: Frederick, MD
|
|
|
|
It's funny. Had I not started poking around in the SA rules, I likely wouldn't have noticed that some of my entries in the Blacklists GUI are redundant with those in spamassassin.
That's another reason why I like having all the queries in one place! It's a shame the GUI can't be a link to the SA rules/scores.
Cheers.
|
|
|
|
| Re: Domain Block List (DBL) support? [message #89451 is a reply to message #89389] |
Mon, 14 May 2012 10:36 |
TorW
Messages: 44
Registered: November 2008
Location: Norway
|
|
|
|
Blocking mails with DNSBL entries are much "cheaper" in terms of processing power than scoring and subsequently blocking them in SpamAssassin. That being said, I agree that we could benefit from more control of the very powerful SpamAssassin.
Tip: gather all your custom SA config in one file named x-customrules.cf or similar. SpamAssassin reads all the config files in alphabetical order when it starts up, using the config from the last read. It's easier to back up and restore across version upgrades ...
[Updated on: Mon, 14 May 2012 10:37] Report message to a moderator |
|
|
|
|
|
| Re: Domain Block List (DBL) support? [message #128460 is a reply to message #89451] |
Sat, 12 March 2016 20:09 |
hugogomes
Messages: 1
Registered: March 2016
|
|
|
|
TorW wrote on Mon, 14 May 2012 10:36Blocking mails with DNSBL entries are much "cheaper" in terms of processing power than scoring and subsequently blocking them in SpamAssassin. That being said, I agree that we could benefit from more control of the very powerful SpamAssassin.
Tip: gather all your custom SA config in one file named x-customrules.cf or similar. SpamAssassin reads all the config files in alphabetical order when it starts up, using the config from the last read. It's easier to back up and restore across version upgrades ...
Thanks TorW, that's a good tip. I'll be doing that from now on.
|
|
|
|
Members
Search
Help
Register
Login
Home
