 Blacklists from behind Gateway/NAT [message #146046] |
Mon, 24 June 2019 17:08  |
 |
jcooper
Messages: 113
Registered: May 2009
Location: Syracuse, NY
|
|
|
|
Hi,
I'm trying to fine tune my spam filtering. I have some done by my gateway (Sophos UTM 9) and use Spam Assassin on my Kerio server. My gateway flat out blocks everything for which it gets a positive reply on a BL, and sorbs has lots of false positives, so I'm hoping to use Kerio's blacklist and just add to the spam score so false positives will land in users' spam folders but they'll at least still get them.
Anyway, the blacklists don't seem to be getting used by Kerio and I can't figure out why. Do blacklists like sorbs.net use special ports for sending message headers and getting results back? I checked their site obviously and couldn't find anything. I'm wondering if I need to forward something to my mail server besides normal email/kerio/exchange ports (SMTP, HTTPS, etc) for the blacklists to work.
When I turn on message filtering in the debug logs, nothing from sorbs shows up, so I'm assuming it's not even calling it; but I"m not sure if the problem is on the way out, on the way back, or the server its just broken or set up wrong.
Thanks,
Jeff
[Updated on: Mon, 24 June 2019 17:33] Report message to a moderator |
|
|
|
| Re: Blacklists from behind Gateway/NAT [message #146061 is a reply to message #146046] |
Tue, 25 June 2019 12:17  |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
Not really ... it should work and is quite straighforward.
DNS SUFFIX: dnsbl.sorbs.net
Add to spamscore whatever you want, dont ask directly. That's it.
you should see something like this in the security log:
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist SpamCop, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist SORBS DNSBL, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist WPBL - Weighted Private Block List, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist Barracudacentral, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
[25/Jun/2019 12:15:23] IP address 114.35.75.39 found in DNS blacklist Abuseat, mail from <Anne-MarieAckelbijif<_at_>hinet.net> to <>
|
|
|
|
| Re: Blacklists from behind Gateway/NAT [message #146072 is a reply to message #146061] |
Tue, 25 June 2019 20:02 |
|
jcooper
Messages: 113
Registered: May 2009
Location: Syracuse, NY
|
|
|
|
|
Well this is a problem because it's not. Nothing in the spam logs, nothing in the debug log. Northing in Security. I removed and re-added them in case something for scrambled and it's still not working. May be time to open a support ticket. Thanks.
|
|
|
|
|
|
|
|
| Re: Blacklists from behind Gateway/NAT [message #146079 is a reply to message #146046] |
Wed, 26 June 2019 07:34 |
 |
PPG
Messages: 182
Registered: February 2010
|
|
|
|
jcooper wrote on Mon, 24 June 2019 17:08Hi,
I'm trying to fine tune my spam filtering. I have some done by my gateway (Sophos UTM 9) and use Spam Assassin on my Kerio server. My gateway flat out blocks everything for which it gets a positive reply on a BL, and sorbs has lots of false positives, so I'm hoping to use Kerio's blacklist and just add to the spam score so false positives will land in users' spam folders but they'll at least still get them.
Anyway, the blacklists don't seem to be getting used by Kerio and I can't figure out why. Do blacklists like sorbs.net use special ports for sending message headers and getting results back? I checked their site obviously and couldn't find anything. I'm wondering if I need to forward something to my mail server besides normal email/kerio/exchange ports (SMTP, HTTPS, etc) for the blacklists to work.
When I turn on message filtering in the debug logs, nothing from sorbs shows up, so I'm assuming it's not even calling it; but I"m not sure if the problem is on the way out, on the way back, or the server its just broken or set up wrong.
Thanks,
Jeff
I'm using the same set up. However have finetuned the UTM so i am not facing a lot of false positives.
In the Kerio Debug log turn on the Spamassasin messages. You can check which BL have been used by searching fo "async: completed"
Grtz, PPG
|
|
|
|
| Re: Blacklists from behind Gateway/NAT [message #146087 is a reply to message #146046] |
Wed, 26 June 2019 14:24 |
freakinvibe
Messages: 588
Registered: April 2004
|
|
|
|
You cannot use black lists like Spamhaus on Kerio Connect if Kerio is not directly getting mails from the Internet. If you have Sophos UTM inbetween, then all messages will be coming from the Sophos IP address, so it will not block anything.
On the other hand, if you have enabled the black lists on Sophos, it does not make sense to have them enable on Kerio as well.
So in your case, I would disable all BLs on Kerio and have Sophos tag the mails. Also, don't use SORBS, it is horrible and has so many false positives. User Spamhaus ZEN and some others.
Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch
|
|
|
|
Members
Search
Help
Register
Login
Home
