Configuring and Monitoring Postfix DNSBL: Difference between revisions
Line 17: | Line 17: | ||
*reject_rbl_client sbl.spamhaus.org | *reject_rbl_client sbl.spamhaus.org | ||
*reject_rbl_client relays.mail-abuse.org | *reject_rbl_client relays.mail-abuse.org | ||
To add more RBL's you can edit the <tt>/opt/zimbra/conf/postfix_recipient_restrictions.cf</tt> file by adding the exact details used with the <tt>zmprov</tt> command (''see below''). | |||
For instance, if you wanted to make the RBL <tt>zen.spamhaus.org</tt>, you would need to add the following line to <tt>/opt/zimbra/conf/postfix_recipient_restrictions.cf</tt>: | |||
<tt>%%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%</tt> | |||
Then just add the RBL per the instructions below. | |||
===To turn RBL on=== | ===To turn RBL on=== |
Revision as of 02:59, 21 August 2007
Expanded from Zimbra MTA RBLs
Turning On or Off RBLs
RBL (Real time black-hole lists) can be turned on or off in SpamAssassin from the Zimbra CLI.
The three RBL’s that are enabled during installation
- reject_invalid_hostname
- reject_non_fqdn_hostname
- reject_non_fqdn_sender
Available DNSBLs
- reject_rbl_client dnsbl.njabl.org
- reject_rbl_client cbl.abuseat.org
- reject_rbl_client bl.spamcop.net
- reject_rbl_client dnsbl.sorbs.net
- reject_rbl_client sbl.spamhaus.org
- reject_rbl_client relays.mail-abuse.org
To add more RBL's you can edit the /opt/zimbra/conf/postfix_recipient_restrictions.cf file by adding the exact details used with the zmprov command (see below). For instance, if you wanted to make the RBL zen.spamhaus.org, you would need to add the following line to /opt/zimbra/conf/postfix_recipient_restrictions.cf:
%%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%
Then just add the RBL per the instructions below.
To turn RBL on
- Log on to the server and go to the Zimbra directory (su - zimbra)
- Enter zmprov gacf | grep zimbraMtaRestriction, to see what RBLs are set.
- To add any new RBL types, you must list the existing RBLs and the new RBLs all in one command as:
zmprov mcf zimbraMtaRestriction [RBL type]
To add all the possible restrictions
The command should be entered as follows (quotes required for rbl_clients):
zmprov mcf \ zimbraMtaRestriction reject_invalid_hostname \ zimbraMtaRestriction reject_non-fqdn_hostname \ zimbraMtaRestriction reject_non_fqdn_sender \ zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org" \ zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \ zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \ zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \ zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \ zimbraMtaRestriction "reject_rbl_client relays.mail-abuse.org"
Monitoring Logs for DNSBL bounces
dnsblcount is a perl script that checks your Postfix mail log for for RBL rejections. It produces a report tallying rejections per RBL.
Install dnsblcount
Download and install dnsblcount to your /usr/local/bin folder.
Example Output
[zimbra@zimbra01 ~]$ /usr/local/bin/dnsblcount /var/log/zimbra.log bl.spamcop.net 233 dnsbl.sorbs.net 112 sbl.spamhaus.org 4 ================================= Total DNSBL rejections: 349
Configure logrotate to send daily results to postmaster
Modify your zimbra logrotate file (/etc/logrotate.d/zimbra) to add a prerotate rule as follows:
/var/log/zimbra.log { daily missingok notifempty create 0644 zimbra zimbra prerotate /usr/local/bin/dnsblcount /var/log/zimbra.log | mail -s "$HOSTNAME - DNSBL Count" postmaster@example.com # <-- Change to your domain endscript postrotate killall -HUP syslogd 2> /dev/null || true kill -HUP `cat /opt/zimbra/log/swatch.pid 2> /dev/null` 2> /dev/null || true kill -HUP `cat /opt/zimbra/log/logswatch.pid 2> /dev/null` 2> /dev/null || true endscript compress }