GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Spamhaus may block legitimate email if you use that blocklist! (Spam false positive with Spamhaus)
Spamhaus may block legitimate email if you use that blocklist! [message #151451] Fri, 15 April 2022 00:33 Go to next message
DataSmith is currently offline  DataSmith
Messages: 8
Registered: March 2013
Spamhaus, which is one of the blocklists built into Kerio Connect has a new policy that might affect your mail server - and block legitimate email - since Kerio may interpret the new response as a spam code.
Specifically "Spamhaus has introduced the following error codes; 127.255.255.254, and 127.255.255.255" and I believe Kerio connect sees this as spam
The problem happens if your mail server makes an "excessive number of queries" of their blocklist, or your mail server uses a public DNS server (e.g. Open DNS or Cloudflare, or google) and....

Spamhaus says"
"We are no longer allowing queries via open resolvers due to massive abuse of our systems, and while it has worked that way for years, it does not any more. "

To use Spamhaus they say there are 2 solutions

1) Sign up to use their free Data Query Service. I did that and have not managed to get it to block spam tests.
2) "your queries must come from a dedicated IP with attributable reverse and forward DNS" My mail servers all meet all of that yet it still the built in Spamhaus block list says that legit emails are spam.


Read more about it here
https://www.spamhaus.com/product/help-for-spamhaus-public-mi rror-users/
Sign up here
https://www.spamhaus.com/free-trial/sign-up-for-a-free-data- query-service-account/


Does anyone have a solution to use the new system at Spamhaus or have success with the built in Spamhaus blocklist recently?

Re: Spamhaus may block legitimate email if you use that blocklist! [message #151569 is a reply to message #151451] Thu, 05 May 2022 07:21 Go to previous messageGo to next message
Alex_moseby is currently offline  Alex_moseby
Messages: 5
Registered: May 2022
We are seeing this right now - Three different hosts all using a mix of 1.1.1.1 and 8.8.8.8 ZEN is marking all mail instantly +3 spam points - gmail especially. not sure what to do - the smart option is changing the ROUTERS dns to something non commercial but 1.1.1.1 and 1.1.1.3 have nice free anti porn filters etc. The main issue is that they are blocking free DNS lookup service queries with a blanket response, the change of codes isn't the primary cause in our case.
How have you configured the Free Data Query Service on the kerio SMTP blacklist?
Re: Spamhaus may block legitimate email if you use that blocklist! [message #151570 is a reply to message #151451] Thu, 05 May 2022 09:06 Go to previous messageGo to next message
Alex_moseby is currently offline  Alex_moseby
Messages: 5
Registered: May 2022
Although i have managed to get it to PARTIALLY work by disabling apache Spamassassin configuration on the spam filter page (prior to this EVERYTHING came through ie all mail that should be blocked wasn't)
It will block pbl-dqs-ip sbl-dqs-ip xbl-dqs-ip however fails on the below :
dbl-dqs-ehlo
dbl-dqs-from
zrd-dqs-ehlo
zrd-dqs-from
sbl-dqs-body-ip
dbl-dqs-body-domain
zrd-dqs-body-domain
You need SpamAssassin 3.4.1 (2015) or higher. If you are running a previous release please upgrade. Are we able to alter those files ourselves ? Github hosts the changed files.....
Re: Spamhaus may block legitimate email if you use that blocklist! [message #151578 is a reply to message #151451] Fri, 06 May 2022 09:54 Go to previous messageGo to next message
freakinvibe is currently offline  freakinvibe
Messages: 588
Registered: April 2004
We got this working for us and our clients. We use both option on different systems. This is all on Windows 2019 Server with the latest Kerio Connect.

For option 1, you need to have your own DNS server and then point KC only to that DNS server. You must not point KC to public resolvers anymore (loke Google 8.8.8.Cool. The DNS server must allow recursive queries and should only be reachable by your internal network. As the DNS service is included in Windows 2019, it was just a matter of switching it on and configure it correctly. This works.

For option 2, you can sign up for the free DQS service. You then have to change the Blacklist entry in KC away from zen.spamhaus.org to your unique

<YourUniqueDqsCode>.zen.dq.spamhaus.net

The nice thing about option 2 is, you can also get statistics on your usage of the Spamhaus lookup.



Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch
Re: Spamhaus may block legitimate email if you use that blocklist! [message #151579 is a reply to message #151578] Fri, 06 May 2022 10:30 Go to previous messageGo to next message
Alex_moseby is currently offline  Alex_moseby
Messages: 5
Registered: May 2022
You need to do BOTH things is that right ?
For me at present I have simply turned off zen. RBL as it is doing more damage than good with reputable email !
I did try option 2 and like the OP it didn't block everything this was WITH using 1.1.1.1 (presumign this is why it didnt block everything ? OP thinks the new response codes maybe at play with kerios built in RBL) -
Our ISPs DNS is absolutely crap so we cannot use that and not having WIN DNS setting up my own BIND dns authorative server feels like I'm going back to 2000 !
Re: Spamhaus may block legitimate email if you use that blocklist! [message #151597 is a reply to message #151451] Tue, 10 May 2022 17:02 Go to previous message
freakinvibe is currently offline  freakinvibe
Messages: 588
Registered: April 2004
No, you only need to do one of the options.

Option 1 = Use your own recursive DNS server ==> You do not need a DQS account

Option 2 = Use DQS ==> You do not need your own DNS server, but you can point to public DNS servers (like Google 8 . 8 . 8 . 8 )

Both free options will only work if you have a low volume of email. If you have thousands of emails per day, Spamhaus will start to throttle. So this is for small businesses or private mail servers.


Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch
Previous Topic: Logs for webmail access?
Next Topic: RPC Server Unavailable with Outlook
Goto Forum:
  


Current Time: Tue Sep 27 23:17:26 CEST 2022

Total time taken to generate the page: 0.02616 seconds