|
|
(10 intermediate revisions by 4 users not shown) |
Line 1: |
Line 1: |
| Expanded from [[Zimbra_MTA#Turning_On_or_Off_RBLs | Zimbra MTA RBLs]] | | Expanded from [[Zimbra_MTA#Turning_On_or_Off_RBLs | Zimbra MTA RBLs]] |
|
| |
|
| ==Turning On or Off RBLs==
| | See [[SpamAssassin_Customizations | Customizing the MTA]] for current information |
| | |
| RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI.
| |
| | |
| ===The three RBL’s that are enabled during installation===
| |
| *reject_invalid_hostname
| |
| *reject_non_fqdn_hostname
| |
| *reject_non_fqdn_sender
| |
| | |
| ===Available DNSBLs===
| |
| *reject_rbl_client dnsbl.njabl.org
| |
| *reject_rbl_client cbl.abuseat.org
| |
| *reject_rbl_client bl.spamcop.net
| |
| *reject_rbl_client dnsbl.sorbs.net
| |
| *reject_rbl_client sbl.spamhaus.org
| |
| *reject_rbl_client relays.mail-abuse.org
| |
| | |
| To add more RBL's you can edit the <tt>/opt/zimbra/conf/postfix_recipient_restrictions.cf</tt> file by adding the exact details used with the <tt>zmprov</tt> command (''see below'').
| |
| For instance, if you wanted to make the RBL <tt>zen.spamhaus.org</tt>, you would need to add the following line to <tt>/opt/zimbra/conf/postfix_recipient_restrictions.cf</tt>:
| |
| | |
| <tt>%%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%</tt>
| |
| | |
| Then just add the RBL per the instructions below.
| |
| | |
| ===To turn RBL on===
| |
| #Log on to the server and go to the Zimbra directory (su - zimbra)
| |
| #Enter zmprov gacf | grep zimbraMtaRestriction, to see what RBLs are set.
| |
| #To add any new RBL types, you must list the existing RBLs and the new RBLs all in one command as:
| |
| | |
| <pre>zmprov mcf zimbraMtaRestriction [RBL type]</pre>
| |
| | |
| ===To add all the possible restrictions===
| |
| | |
| The command should be entered as follows (quotes required for rbl_clients):
| |
| | |
| <pre>zmprov mcf \
| |
| zimbraMtaRestriction reject_invalid_hostname \
| |
| zimbraMtaRestriction reject_non-fqdn_hostname \
| |
| zimbraMtaRestriction reject_non_fqdn_sender \
| |
| zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \
| |
| zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
| |
| zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
| |
| zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
| |
| zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
| |
| zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"</pre>
| |
| | |
| ==Monitoring Logs for DNSBL bounces==
| |
| | |
| [http://www.joreybump.com/code/dnsblcount/index.html dnsblcount] is a perl script that checks your Postfix mail log for for RBL rejections. It produces a report tallying rejections per RBL.
| |
| | |
| ===Install dnsblcount===
| |
| | |
| Download and install dnsblcount to your /usr/local/bin folder.
| |
| | |
| ===Example Output===
| |
| | |
| <pre>[zimbra@zimbra01 ~]$ /usr/local/bin/dnsblcount /var/log/zimbra.log
| |
| bl.spamcop.net 233
| |
| dnsbl.sorbs.net 112
| |
| sbl.spamhaus.org 4
| |
| =================================
| |
| Total DNSBL rejections: 349
| |
| </pre>
| |
| | |
| ===Configure logrotate to send daily results to postmaster===
| |
| | |
| Modify your zimbra logrotate file (/etc/logrotate.d/zimbra) to add a prerotate rule as follows:
| |
| | |
| <pre>/var/log/zimbra.log {
| |
| daily
| |
| missingok
| |
| notifempty
| |
| create 0644 zimbra zimbra
| |
| prerotate
| |
| /usr/local/bin/dnsblcount /var/log/zimbra.log | mail -s "$HOSTNAME - DNSBL Count" postmaster@example.com # <-- Change to your domain
| |
| endscript
| |
| postrotate
| |
| killall -HUP syslogd 2> /dev/null || true
| |
| kill -HUP `cat /opt/zimbra/log/swatch.pid 2> /dev/null` 2> /dev/null || true
| |
| kill -HUP `cat /opt/zimbra/log/logswatch.pid 2> /dev/null` 2> /dev/null || true
| |
| endscript
| |
| compress
| |
| }
| |
| </pre>
| |
| | |
| [[Category:Anti-spam]]
| |