Spamhaus HBL

Revision as of 07:29, 15 December 2022 by Barry de Graaff (talk | contribs)

Improve email Zimbra protection with Spamhaus HBL

In this article you will learn how to use Spamhaus Hash Blocklist (HBL) to improve email protection in Zimbra. For a long time administrators of Zimbra have relied on Spamhaus to fight incoming spam by configuring Postfix using traditional blacklists. These traditional blocklists work by blocking IP (ranges) and domains of known spammers.

When an email is sent from free email providers such as Gmail, Hotmail or Protonmail it is not always possible to list the sending IP or domain on a blocklist as this would affect many other legitimate users. By using hashes Spamhaus can list specific, compromised email addresses that are sending spam or otherwise malicious content.

Spamhaus Hash Blocklist (HBL) integrates with SpamAssasin which is available by default in Zimbra. If you are not using SpamAssasin you can also set-up HBL using a Milter see: https://wiki.zimbra.com/wiki/Spamhaus_HBL_Milter

Step one get a DQS account

To be able to use Spamhaus HBL you need to register for a DQS account and get a commercial subscription. Spamhaus has a special offer for Zimbra users.

Setting up Zimbra

cd /tmp
git clone https://github.com/spamhaus/spamassassin-dqs
cd spamassassin-dqs

Next, configure your DQS key, assuming your key is aip7yig6sahg6ehsohn5shco3z, execute the following commands:

sed -i -e 's/your_DQS_key/aip7yig6sahg6ehsohn5shco3z/g' sh.cf
sed -i -e 's/your_DQS_key/aip7yig6sahg6ehsohn5shco3z/g' sh_hbl.cf

Next you have to make sure your DQS key is HBL enabled, if not, you should not continue as then SpamAssasin may block legitimate email. Assuming the example key aip7yig6sahg6ehsohn5shco3z is DQS enabled, run the script and the output will confirm whether your key is HBL enabled:

./hbltest.sh
    Please input your DQS key: aip7yig6sahg6ehsohn5shco3z
    Looking up test record for HBL... done
    Your DQS key aip7yig6sahg6ehsohn5shco3z is enabled for HBL
    You can copy sh_hbl.cf and sh_hbl_scores.cf if you want HBL enabled

To set-up SpamAssasin in Zimbra you can run the following commands:

sed -i 's|<config_directory>|/opt/zimbra/data/spamassassin/localrules|g' sh.pre

cp SH.pm /opt/zimbra/data/spamassassin/localrules
cp sh.cf /opt/zimbra/data/spamassassin/localrules
cp sh_scores.cf /opt/zimbra/data/spamassassin/localrules
cp sh_hbl.cf /opt/zimbra/data/spamassassin/localrules
cp sh_hbl_scores.cf /opt/zimbra/data/spamassassin/localrules
cp sh.pre /opt/zimbra/data/spamassassin/localrules

sudo su - zimbra
zmamavisdctl restart

Confirming the installation

You can run SpamAssassin with the lint option to make sure no errors are in the configuration:

su zimbra -c "/opt/zimbra/common/bin/spamassassin --lint"

In the logs you can look for SH.pm, if listed it means the installation is correct, example:

cat /var/log/zimbra.log  | grep -i plugin

# Here SH.pm is not listed, meaning not installed
Dec 12 10:01:56 dqstest amavis[26103]: extra modules loaded after daemonizing/chrooting: /etc/perl/Net/libnet.cfg, /opt/zimbra/common/lib/perl5/x86_64-linux-gnu-thread-multi/auto/Net/SSLeay/autosplit.ix, /opt/zimbra/common/lib/perl5/x86_64-linux-gnu-thread-multi/auto/Net/SSLeay/randomize.al, IO/Socket/SSL.pm, IO/Socket/SSL/PublicSuffix.pm, Mail/SpamAssassin/Plugin/FreeMail.pm, Mail/SpamAssassin/Plugin/SpamCop.pm, Net/Cmd.pm, Net/Config.pm, Net/SMTP.pm, Net/SSLeay.pm

# Here SH.pm is listed, meaning installation is completed
Dec 12 12:04:08 dqstest amavis[120645]: extra modules loaded after daemonizing/chrooting: /etc/perl/Net/libnet.cfg, /opt/zimbra/common/lib/perl5/x86_64-linux-gnu-thread-multi/auto/Net/SSLeay/autosplit.ix, /opt/zimbra/common/lib/perl5/x86_64-linux-gnu-thread-multi/auto/Net/SSLeay/randomize.al, /opt/zimbra/data/spamassassin/localrules/SH.pm, IO/Socket/SSL.pm, IO/Socket/SSL/PublicSuffix.pm, Mail/SpamAssassin/Plugin/FreeMail.pm, Mail/SpamAssassin/Plugin/SpamCop.pm, Net/Cmd.pm, Net/Config.pm, Net/SMTP.pm, Net/SSLeay.pm

Further reading

Jump to: navigation, search