Configuring and Monitoring Postfix DNSBL: Difference between revisions

Line 17: Line 17:
*reject_rbl_client sbl.spamhaus.org
*reject_rbl_client sbl.spamhaus.org
*reject_rbl_client relays.mail-abuse.org
*reject_rbl_client relays.mail-abuse.org
To add more RBL's you can edit the <tt>/opt/zimbra/conf/postfix_recipient_restrictions.cf</tt> file by adding the exact details used with the <tt>zmprov</tt> command (''see below'').
For instance, if you wanted to make the RBL <tt>zen.spamhaus.org</tt>, you would need to add the following line to  <tt>/opt/zimbra/conf/postfix_recipient_restrictions.cf</tt>:
<tt>%%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%</tt>
Then just add the RBL per the instructions below.


===To turn RBL on===
===To turn RBL on===

Revision as of 02:59, 21 August 2007

Expanded from Zimbra MTA RBLs

Turning On or Off RBLs

RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI.

The three RBL’s that are enabled during installation

  • reject_invalid_hostname
  • reject_non_fqdn_hostname
  • reject_non_fqdn_sender

Available DNSBLs

  • reject_rbl_client dnsbl.njabl.org
  • reject_rbl_client cbl.abuseat.org
  • reject_rbl_client bl.spamcop.net
  • reject_rbl_client dnsbl.sorbs.net
  • reject_rbl_client sbl.spamhaus.org
  • reject_rbl_client relays.mail-abuse.org

To add more RBL's you can edit the /opt/zimbra/conf/postfix_recipient_restrictions.cf file by adding the exact details used with the zmprov command (see below). For instance, if you wanted to make the RBL zen.spamhaus.org, you would need to add the following line to /opt/zimbra/conf/postfix_recipient_restrictions.cf:

%%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%

Then just add the RBL per the instructions below.

To turn RBL on

  1. Log on to the server and go to the Zimbra directory (su - zimbra)
  2. Enter zmprov gacf | grep zimbraMtaRestriction, to see what RBLs are set.
  3. To add any new RBL types, you must list the existing RBLs and the new RBLs all in one command as:
zmprov mcf zimbraMtaRestriction [RBL type]

To add all the possible restrictions

The command should be entered as follows (quotes required for rbl_clients):

zmprov mcf \
zimbraMtaRestriction reject_invalid_hostname \
zimbraMtaRestriction reject_non-fqdn_hostname \
zimbraMtaRestriction reject_non_fqdn_sender \
zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"

Monitoring Logs for DNSBL bounces

dnsblcount is a perl script that checks your Postfix mail log for for RBL rejections. It produces a report tallying rejections per RBL.

Install dnsblcount

Download and install dnsblcount to your /usr/local/bin folder.

Example Output

[zimbra@zimbra01 ~]$ /usr/local/bin/dnsblcount /var/log/zimbra.log
bl.spamcop.net               233
dnsbl.sorbs.net              112
sbl.spamhaus.org               4
=================================
Total DNSBL rejections:       349

Configure logrotate to send daily results to postmaster

Modify your zimbra logrotate file (/etc/logrotate.d/zimbra) to add a prerotate rule as follows:

/var/log/zimbra.log {
    daily
    missingok
    notifempty
    create 0644 zimbra zimbra
    prerotate
      /usr/local/bin/dnsblcount /var/log/zimbra.log | mail -s "$HOSTNAME - DNSBL Count" postmaster@example.com  # <-- Change to your domain
    endscript
    postrotate
      killall -HUP syslogd 2> /dev/null || true
      kill -HUP `cat /opt/zimbra/log/swatch.pid 2> /dev/null` 2> /dev/null || true
      kill -HUP `cat /opt/zimbra/log/logswatch.pid 2> /dev/null` 2> /dev/null || true
    endscript
    compress
}
Jump to: navigation, search