IceWarp Server User to User Forum IceWarp Server User to User Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Using pbl.spamhaus.org

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [IceWarp Product Configuration] >> IceWarp Anti-spam Server >> Using pbl.spamhaus.org Page: [1]
Login
Message << Older Topic   Newer Topic >>
Using pbl.spamhaus.org - 8/26/2008 11:37:36 AM   
LokiC2

 

Posts: 8
Score: 0
Joined: 5/5/2008
Status: offline 		pbl.spamhaus.org is a list of IP addresses that should authenticate before sending mail to the SMTP server.  My question is where in the IceWarp server this list should be queried.  For example, if placed under the DNS tab of Mail Service->Security, would the user be blocked before having a chance to authenticate?  Where would be the best place to use pbl.spamhaus.org?
Post #: 1
RE: Using pbl.spamhaus.org - 8/27/2008 4:50:11 AM   
secsol

 

Posts: 36
Score: 0
Joined: 5/1/2008
From: Denmark
Status: offline 		LokiC2:

An ISP should never use PBL to block their own users: http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20PBL#189
I heavily recommend using PBL list to block anyone listed here because this is IP's listed by ISP's as dynamic IP end-users, hence there should never be running any mailserver from these IPs. These users should be relaying their SMTP traffic trough their ISP's smtp server.

I hope this answers your questions.

_____________________________

SecSol Security Solutions
Please visit us @ http://www.secsol.dk

Official reseller of Eset NOD32 Antivirus and Simple DNS Plus

(in reply to LokiC2)
Post #: 2
RE: Using pbl.spamhaus.org - 8/28/2008 9:33:58 AM   
LokiC2

 

Posts: 8
Score: 0
Joined: 5/5/2008
Status: offline 		Okay, I have a solution.

Since we have people all over the world using our mail server, we implemented a filter a long time ago to accept mail for relay from anyone who authenticates.   I have just discovered that filters also allow checking DNSxL's, so I set up a filter to reject mail if the sender's IP is listed in the pbl.spamhaus.org and placed this immediately after the authentication filter (which stops processing if they authenticate).  This way, I will not block my own users. 

Secsol, this agrees with the second paragraph of the reference you give - namely:

"If you use the same server for incoming email and outgoing email, then you must ensure that you exempt authenticated clients from PBL checks. As your users will often connect from dynamic IP addresses, a user may be assigned an IP address from his provider that is in the PBL and should remain in PBL. For your users outside of locally whitelisted ranges, use SMTP AUTH and do not use PBL exemptions, as that is only a temporary work-around and can allow spam to escape. "

< Message edited by LokiC2 -- 8/30/2008 7:10:50 AM >

(in reply to LokiC2)
Post #: 3
RE: Using pbl.spamhaus.org - 9/2/2008 9:20:43 PM   
secsol

 

Posts: 36
Score: 0
Joined: 5/1/2008
From: Denmark
Status: offline 		Super :-)
Now if just everyone else would also use PBL it would be a better world haha

_____________________________

SecSol Security Solutions
Please visit us @ http://www.secsol.dk

Official reseller of Eset NOD32 Antivirus and Simple DNS Plus

(in reply to LokiC2)
Post #: 4
RE: Using pbl.spamhaus.org - 9/6/2008 2:37:43 AM   
marciohumpris

 

Posts: 274
Score: 0
Joined: 5/1/2008
Status: offline 		Hi, guys

So PBL is a like a listing of dynamic IPs (ADSL, etc)? It seems Zen.spamhaus includes this, no? So I think if you setup Zen in Security/DNSBL youre already using it, no?

Infact, most my users who try to send mail without authenticate are blocked by Spamhaus instead of getting we do not relay error.

Im still curious about using DNSWL in Merak, if its effective, if anyone has set it up...

regards
Marcio

(in reply to secsol)
Post #: 5
RE: Using pbl.spamhaus.org - 9/8/2008 10:44:32 PM   
secsol

 

Posts: 36
Score: 0
Joined: 5/1/2008
From: Denmark
Status: offline 		Yes, zen.spamhaus.org does include this zone - however most people will be likely to use the sbl-xbl list included in the antispam/spam assassin section and therefore not use pbl.

Another thing is you have to pay to use other zones than pbl - not alot of people seem to know this...

_____________________________

SecSol Security Solutions
Please visit us @ http://www.secsol.dk

Official reseller of Eset NOD32 Antivirus and Simple DNS Plus

(in reply to marciohumpris)
Post #: 6
RE: Using pbl.spamhaus.org - 9/13/2008 4:43:52 AM   
marciohumpris

 

Posts: 274
Score: 0
Joined: 5/1/2008
Status: offline 		Hi, Secsol

It seems they are informing people to no longer use sbl-xl, rather use Zen.

Have you used DNSWL in Security/DNSBLs? It lowers the score?

regards,
Marcio

(in reply to secsol)
Post #: 7
RE: Using pbl.spamhaus.org - 9/13/2008 11:20:55 AM   
secsol

 

Posts: 36
Score: 0
Joined: 5/1/2008
From: Denmark
Status: offline 		#1 When you say "they" I assume you mean SpamHaus?

#2 No, it wont work to use DNSWL in Security/DNSBL. That section is for blocking connections - not changing the SA score.

If you are interested in using DNSWL for now you will need to make a content filter that does lookups to DNSWL and lowers the score.
The developers are still working on fixing the Merak SA engine bug I reported. When thats fixed you can use DNSWL 100% :-)

_____________________________

SecSol Security Solutions
Please visit us @ http://www.secsol.dk

Official reseller of Eset NOD32 Antivirus and Simple DNS Plus

(in reply to marciohumpris)
Post #: 8
RE: Using pbl.spamhaus.org - 9/20/2008 3:10:25 AM   
marciohumpris

 

Posts: 274
Score: 0
Joined: 5/1/2008
Status: offline 		Hi, Secsol

1) Yes, its on their site.

2) Wow, great. Thanks. So when they do this fix Ill be able to use it in Security? So you have this setup as a filter, it gives good results?

Thanks.

regards,
Marcio

(in reply to secsol)
Post #: 9
RE: Using pbl.spamhaus.org - 9/21/2008 10:31:22 AM   
secsol

 

Posts: 36
Score: 0
Joined: 5/1/2008
From: Denmark
Status: offline 		No, it wont mean you can use it under the security tab - this portion of the configuration does not change scoring - its to be used under the AntiSpam -> SpamAssassin section.

Its a bit hard to tell... I had to disable it because I could not properly differentiate the 3 levels. I expect it to work super when they fix the SA engine!

_____________________________

SecSol Security Solutions
Please visit us @ http://www.secsol.dk

Official reseller of Eset NOD32 Antivirus and Simple DNS Plus

(in reply to marciohumpris)
Post #: 10
RE: Using pbl.spamhaus.org - 9/27/2008 3:54:00 AM   
marciohumpris

 

Posts: 274
Score: 0
Joined: 5/1/2008
Status: offline 		Hi, Secol

I see. Interesting... Thanks.

On your other post you say:

I wish it did not have to be done using SA, but Merak's content filters only support return code of 127.0.0.2 anything it cannot interprent.
If it would be possible to change the content filter option to customize the expected return code (like hMailserver supports it) that would be a fantastic improvement!

*** Can you explain this a bit further. What does result code of 127.0.0.2 mean? Not sure I understood.

regards,
Marcio

(in reply to secsol)
Post #: 11
Page:   [1]
All Forums >> [IceWarp Product Configuration] >> IceWarp Anti-spam Server >> Using pbl.spamhaus.org Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


2001 - 2008 © IceWarp