Page 1 of 2
DNSBL not working
Posted: Wed Mar 21, 2007 6:13 pm
by TRACKS
I found in the Setup and configuration guide by adding
SUBMIT log_reject DNSBL,bl.spamcop.net,ALL
To my smtpd file and restarting the service this would make the DNSBL work however I am finding a lot of SPAM coming through that is listed on this DNSBL
I had the following in my smtpd file
SUBMIT log_reject DNSBL,dnsbl.sorbs.net,ALL
SUBMIT log_reject DNSBL,bl.spamcop.net,ALL
Is that the only statement that needs to be added to make this work or did miss something? Is their a problem adding two?
Posted: Wed Mar 21, 2007 6:57 pm
by KevinAnderson
Those don't belong in smtpd.cfg.
There are several guides here:
http://www.scalix.com/wiki/index.php?ti ... il_Hygiene
Kev.
Posted: Thu Mar 22, 2007 7:01 am
by kurtbe
Hello there,
Scalix V11 Setup guide says:
of IP addresses to be avoided. This can be useful as a means to block known spammers.
To create a DNS Block List:
1 Go to the file ~/sys/smtpd.cfg
2 Add the following lines.
# Reject and log submission from addresses listed in bl.spamcop.
net:
SUBMIT log_reject DNSBL,bl.spamcop.net,ALL
3 Restart the smtpd service.
omoff -d0 -w smtpd
omon smtpd
If TRACKS is using Scalix V11 this answer was not quite correct ....
EDIT: ... Signature says it, Scalix V11 related ...
Implenting DNSBL to my Scalix Servers is on the ToDo List ...
Posted: Thu Mar 22, 2007 9:16 am
by TRACKS
You posted what I was reading! I am running Scalix 11.0.2.28 Red Hat ES4
I have read all about implementing SPAM Assassin however I would not like to complicate the system any more than necessary So DNSBL is the best choice if I can get it to work
Posted: Thu Mar 22, 2007 9:21 am
by kurtbe
'm sorry TRACKS,
I wanted to make it clear to KevinAnderson because I thought he didn't take care of this new feature in Scalix V11 in his answer...
Perhaps anyone out there have DNSBL implented in his scalix environment and can commit that it works even with multiple DNSBL-Services?
Posted: Thu Mar 22, 2007 9:34 am
by TRACKS
No need to be sorry! I was just stating the you posted the part out of the manual that I read to make the change. I don’t know why it’s in the manual if it doesn’t work.
Posted: Thu Mar 22, 2007 2:14 pm
by KevinAnderson
Sorry, I was thinking you were still on 10. Are you seeing anything in omshowlog -p 90 that would indicate smtp rejections of mail coming in? Just wondering if you're seeing some rejections or none.
Kev.
Posted: Thu Mar 22, 2007 2:44 pm
by TRACKS
Not seeing anything
[OM 4884] omshowlog : No logged records match the specified criteria
Posted: Fri Mar 23, 2007 9:51 am
by TRACKS
Kevin,
The rule is simply not catching anything I have verified that all the messages coming through are listed in DNSBL and there is nothing in the logs. Is their a way to set the logging level so I can look and see if it’s doing anything with the DNSBL?
Any ideas?
Posted: Sat Mar 24, 2007 10:53 am
by grubi
kurtbe wrote:'m sorry TRACKS,
I wanted to make it clear to KevinAnderson because I thought he didn't take care of this new feature in Scalix V11 in his answer...
Perhaps anyone out there have DNSBL implented in his scalix environment and can commit that it works even with multiple DNSBL-Services?
Yes but we use DNSBL feature of Sendmail so this is a different setup
grubi
Posted: Sat Mar 24, 2007 11:04 am
by TRACKS
From what I understand adding this DNSBL:
FEATURE(`dnsbl', `relays.ordb.org', `Rejected - see
http://ordb.org/')dnl
to the Sendmail.mc file does not work in Scalix 11 because Sendmail only processes outbound mail and the smtpd file processes inbound.
Posted: Sat Mar 24, 2007 11:18 am
by grubi
TRACKS wrote:From what I understand adding this DNSBL:
FEATURE(`dnsbl', `relays.ordb.org', `Rejected - see
http://ordb.org/')dnl
to the Sendmail.mc file does not work in Scalix 11 because Sendmail only processes outbound mail and the smtpd file processes inbound.
That is true and that is the reason I wrote it is a different setup. You can (and that's what we did) make sendmail the primary listening mta at port 25 and make smtpd only a mail submission server listening on port 587. This is a prerequisit to use DNSBL and also greylisting with sendmail.
grubi.
Posted: Tue Mar 27, 2007 10:27 am
by TRACKS
I know it will work if I make Sendmail handle inbound and outbound mail. However according to the posted documentation I shouldn’t have to do this. I would like to know why the settings provided are not working. I don’t want to just start making changes that might mask a previous problem.
It appears like the SUBMIT=ON statement is not working in the smtpd.cfg file
Posted: Tue Mar 27, 2007 12:26 pm
by grubi
TRACKS wrote:I know it will work if I make Sendmail handle inbound and outbound mail. However according to the posted documentation I shouldn’t have to do this. I would like to know why the settings provided are not working. I don’t want to just start making changes that might mask a previous problem.
It appears like the SUBMIT=ON statement is not working in the smtpd.cfg file
Maybe I missed anything obvious here, but what has "SUBMIT=ON" to do with DNSBL?
This setting enables the mail submission server on port 587 and it works in our configuration.
Regards,
grubi
Posted: Tue Mar 27, 2007 4:45 pm
by KevinAnderson
I am currently testing this to see if I can replicate this problem.
Kev.