Configuring and Monitoring Postfix DNSBL: Difference between revisions
No edit summary |
|||
Line 29: | Line 29: | ||
The command should be entered as follows: | The command should be entered as follows: | ||
<pre> | <pre>zmprov mcf \ | ||
zmprov mcf zimbraMtaRestriction reject_invalid_hostname zimbraMtaRestriction reject_non-fqdn_hostname \ | zimbraMtaRestriction reject_invalid_hostname \ | ||
zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \ | zimbraMtaRestriction reject_non-fqdn_hostname \ | ||
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \ | zimbraMtaRestriction reject_non_fqdn_sender \ | ||
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \ | zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \ | ||
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" | |||
zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \ | |||
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" | |||
zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \ | |||
zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"</pre> | zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"</pre> | ||
Revision as of 15:28, 14 August 2007
Expanded from Zimbra MTA RBLs
Turning On or Off RBLs
RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI.
The three RBL’s that are enabled during installation
- reject_invalid_hostname
- reject_non_fqdn_hostname
- reject_non_fqdn_sender
Available DNSBLs
- reject_rbl_client dnsbl.njabl.org
- reject_rbl_client cbl.abuseat.org
- reject_rbl_client bl.spamcop.net
- reject_rbl_client dnsbl.sorbs.net
- reject_rbl_client sbl.spamhaus.org
- reject_rbl_client relays.mail-abuse.org
To turn RBL on
- Log on to the server and go to the Zimbra directory (su - zimbra)
- Enter zmprov gacf | grep zimbraMtaRestriction, to see what RBLs are set.
- To add any new RBL types, you must list the existing RBLs and the new RBLs all in one command as:
zmprov mcf zimbraMtaRestriction [RBL type]
To add all the possible restrictions
The command should be entered as follows:
zmprov mcf \ zimbraMtaRestriction reject_invalid_hostname \ zimbraMtaRestriction reject_non-fqdn_hostname \ zimbraMtaRestriction reject_non_fqdn_sender \ zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \ zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \ zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \ zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"
Monitoring Logs for DNSBL bounces
dnsblcount is a perl script that checks your Postfix mail log for for RBL rejections. It produces a report tallying rejections per RBL.
Install dnsblcount
Download and install dnsblcount to your /usr/local/bin folder.
Example Output
[zimbra@zimbra01 ~]$ /usr/local/bin/dnsblcount /var/log/zimbra.log bl.spamcop.net 233 dnsbl.sorbs.net 112 sbl.spamhaus.org 4 ================================= Total DNSBL rejections: 349
Configure logrotate to send daily results to postmaster
Modify your zimbra logrotate file (/etc/logrotate.d/zimbra) to add a prerotate rule as follows:
/var/log/zimbra.log { daily missingok notifempty create 0644 zimbra zimbra prerotate /usr/local/bin/dnsblcount /var/log/zimbra.log | mail -s "$HOSTNAME - DNSBL Count" postmaster@example.com # <-- Change to your domain endscript postrotate killall -HUP syslogd 2> /dev/null || true kill -HUP `cat /opt/zimbra/log/swatch.pid 2> /dev/null` 2> /dev/null || true kill -HUP `cat /opt/zimbra/log/logswatch.pid 2> /dev/null` 2> /dev/null || true endscript compress }