|
|
| (4 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| Expanded from [[Zimbra_MTA#Turning_On_or_Off_RBLs | Zimbra MTA RBLs]] | | Expanded from [[Zimbra_MTA#Turning_On_or_Off_RBLs | Zimbra MTA RBLs]] |
|
| |
|
| ==Turning On or Off RBLs==
| | See [[SpamAssassin_Customizations | Customizing the MTA]] for current information |
| | |
| RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI.
| |
| | |
| ===The three RBL’s that are enabled during installation===
| |
| *reject_invalid_hostname
| |
| *reject_non_fqdn_hostname
| |
| *reject_non_fqdn_sender
| |
| | |
| ===Available DNSBLs===
| |
| *reject_rbl_client dnsbl.njabl.org
| |
| *reject_rbl_client cbl.abuseat.org
| |
| *reject_rbl_client bl.spamcop.net
| |
| *reject_rbl_client dnsbl.sorbs.net
| |
| *reject_rbl_client sbl.spamhaus.org (use zen.spamhaus.org)
| |
| *reject_rbl_client relays.mail-abuse.org (no longer free)
| |
| | |
| To add more RBL's you can edit the <tt>/opt/zimbra/conf/postfix_recipient_restrictions.cf</tt> file by adding the exact details used with the <tt>zmprov</tt> command (''see below'').
| |
| For instance, if you wanted to make the RBL <tt>zen.spamhaus.org</tt>, you would need to add the following line to <tt>/opt/zimbra/conf/postfix_recipient_restrictions.cf</tt>:
| |
| | |
| <tt>%%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%</tt>
| |
| | |
| Then just add the RBL per the instructions below.
| |
| | |
| ===To turn RBL on===
| |
| #Log on to the server and go to the Zimbra directory (su - zimbra)
| |
| #Enter zmprov gacf | grep zimbraMtaRestriction, to see what RBLs are set.
| |
| #To add any new RBL types, you must list the existing RBLs and the new RBLs all in one command as:
| |
| | |
| <pre>zmprov mcf zimbraMtaRestriction [RBL type]</pre>
| |
| | |
| ===To add all the possible restrictions===
| |
| | |
| The command should be entered as follows (quotes required for rbl_clients):
| |
| | |
| <pre>zmprov mcf \
| |
| zimbraMtaRestriction reject_invalid_hostname \
| |
| zimbraMtaRestriction reject_non_fqdn_hostname \
| |
| zimbraMtaRestriction reject_non_fqdn_sender \
| |
| zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \
| |
| zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
| |
| zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
| |
| zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
| |
| zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
| |
| zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"</pre>
| |
| | |
| or one at a time you can use +-
| |
| zmprov mcf +zimbraMtaRestriction "reject_rbl_client zen.spamhaus.org"
| |
| | |
| ==Monitoring Logs for DNSBL bounces==
| |
| | |
| [http://www.joreybump.com/code/dnsblcount/index.html dnsblcount] is a perl script that checks your Postfix mail log for for RBL rejections. It produces a report tallying rejections per RBL.
| |
| | |
| Note: You may decide against doing this if you have 1GB logfiles...
| |
| | |
| ===Install dnsblcount===
| |
| | |
| Download and install dnsblcount to your /usr/local/bin folder.
| |
| | |
| ===Example Output===
| |
| | |
| <pre>[zimbra@zimbra01 ~]$ /usr/local/bin/dnsblcount /var/log/zimbra.log
| |
| bl.spamcop.net 233
| |
| dnsbl.sorbs.net 112
| |
| sbl.spamhaus.org 4
| |
| =================================
| |
| Total DNSBL rejections: 349
| |
| </pre>
| |
| | |
| ===Configure logrotate to send daily results to postmaster===
| |
| | |
| Modify your zimbra logrotate file (/etc/logrotate.d/zimbra) to add a prerotate rule as follows:
| |
| | |
| <pre>/var/log/zimbra.log {
| |
| daily
| |
| missingok
| |
| notifempty
| |
| create 0644 zimbra zimbra
| |
| prerotate
| |
| /usr/local/bin/dnsblcount /var/log/zimbra.log | mail -s "$HOSTNAME - DNSBL Count" postmaster@example.com # <-- Change to your domain
| |
| endscript
| |
| postrotate
| |
| killall -HUP syslogd 2> /dev/null || true
| |
| kill -HUP `cat /opt/zimbra/log/swatch.pid 2> /dev/null` 2> /dev/null || true
| |
| kill -HUP `cat /opt/zimbra/log/logswatch.pid 2> /dev/null` 2> /dev/null || true
| |
| endscript
| |
| compress
| |
| }
| |
| </pre>
| |
| | |
| ----
| |
| ----
| |
| ----
| |
| For posterity, the dnsblcount script as of 11/3/2007 (but do see if there's updates here http://www.joreybump.com/code/dnsblcount/index.html)
| |
| <pre>
| |
| #!/usr/bin/perl
| |
| | |
| # dnsblcount
| |
| # version 20061111
| |
| # (c) 2004, 2005, 2006 Jorey Bump
| |
| | |
| # URL
| |
| # http://www.joreybump.com/code/dnsblcount/
| |
| | |
| # Description:
| |
| # Counts DNSBL rejections in Postfix log
| |
| | |
| # Usage:
| |
| # dnsblcount /path/to/maillog
| |
| # dnsblcount /path/to/maillog1 /path/to/maillog2
| |
| # dnsblcount /path/to/maillogs*
| |
| # grep "search string" /path/to/maillog | dnsblcount
| |
| | |
| # Sample crontab:
| |
| # 30 5 * * * /usr/local/sbin/dnsblcount /var/log/maillog | mail -s "$HOSTNAME - DNSBL Count" postmaster
| |
| | |
| # Sample Postfix 1.1 log lines:
| |
| # Mar 6 06:52:03 mail postfix/smtpd[11873]: reject: RCPT from unknown[208.61.231.102]: 554 Service unavailable; [208.61.231.102] blocked using bl.spamcop.net, reason: Blocked - see http://www.spamcop.net/bl.shtml?208.61.231.102; from=<bob@example.net> to=<rob@example.com>
| |
| # Mar 13 05:47:51 mail postfix/smtpd[28269]: reject: RCPT from mail68.example.info[66.63.191.68]: 554 Service unavailable; [66.63.191.68] blocked using sbl.spamhaus.org, reason: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12057; from=<bob@example.net> to=<rob@example.com>
| |
| | |
| # Sample Postfix 2.1 log line:
| |
| # Apr 17 13:49:07 mail postfix/smtpd[18143]: NOQUEUE: reject: RCPT from c-7209e055.1111-2-64736c10.cust.bredbandsbolaget.se[85.224.9.114]: 554 Service unavailable; Client host [85.224.9.114] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?85.224.9.114; from=<haqyhakox@example.com> to=<bob@example.net> proto=ESMTP helo=<c-7209e055.1111-2-64736c10.cust.example.com>
| |
| | |
| # Sample postfix 2.3 log line:
| |
| # Dec 25 05:41:28 mail postfix/smtpd[14586]: NOQUEUE: reject: RCPT from unknown[202.43.175.151]: 554 5.7.1 Service unavailable; Client host [202.43.175.151] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?202.43.175.151; from=<iglkjlpioed@example.com> to=<bob@example.net> proto=SMTP helo=<mail.example.com>
| |
| | |
| # Begin:
| |
| use strict;
| |
| | |
| my ( $dnsbl, $dnsbltotal, $ip, $length, $line, $max,
| |
| %dnsblcount
| |
| );
| |
| | |
| my $rule = "=";
| |
| my $totstr = "Total DNSBL rejections:";
| |
| $max = length($totstr);
| |
| | |
| # read line from stdin
| |
| while ($line = <>) {
| |
| if ($line =~ /(\[.*\]) blocked using ([^\s]*)(,|;) /) {
| |
| $ip = $1;
| |
| $dnsbl = $2;
| |
| $dnsblcount{$dnsbl} += 1;
| |
| $dnsbltotal += 1;
| |
| }
| |
| }
| |
| | |
| foreach $dnsbl (sort keys %dnsblcount) {
| |
| $length = length($dnsbl);
| |
| if ( $length > $max ) {
| |
| $max = $length
| |
| }
| |
| }
| |
| | |
| foreach $dnsbl (sort { $dnsblcount{$b} <=> $dnsblcount{$a} } keys(%dnsblcount)) {
| |
| printf "%-${max}s %7s\n", $dnsbl, $dnsblcount{$dnsbl};
| |
| }
| |
| | |
| foreach (1..($max + 10)) {
| |
| printf "%s", $rule;
| |
| }
| |
| | |
| print "\n";
| |
| | |
| printf "%-${max}s %8s\n", $totstr, $dnsbltotal;
| |
| | |
| 1;
| |
| </pre>
| |
| | |
| | |
| | |
| [[Category:Anti-spam]]
| |
