[BlueOnyx:18099] Re: Blacklisting and mail relay

Michael Stauber mstauber at blueonyx.it
Fri Jul 24 16:43:36 -05 2015 

Hi Chris,

> Our typical installation utilizes AV-Spam in conjunction with a few 
> choice RBL's in the Blacklisting tab of BlueOnyx.
> 
> We are having difficulty with one of them that appears to have the 
> blacklist kicking in before authentication, and even on port 587.

I'm a big fan of RBLs, but in my opinion the best way to use them is to
not use them directly in Sendmail. As this can have the undesired
effects that you just mentioned.

The SpamAssassin that's included in the AV-SPAM already uses several
RBLs such as these:

rokso.spamhaus.org
sbl-xbl.spamhaus.org
dyna.spamrats.com
noptr.spamrats.com
spam.spamrats.com
combined.njabl.org
SORBS
zen.spamhaus.org

... and others.

Additionally it uses URIDNSBL to check links in the message body against
these RBLs:

sbl-xbl.spamhaus.org
dbl.spamhaus.org

If an email triggers a hit against an RBL, then SpamAssassin will assign
a score to that email. That way you can give different RBLs a certain
"weight". If you don't trust an RBL entirely you could configure a score
slightly below your SPAM threshold at which you mark as SPAM. Or if you
trust an RBL explicitly, then you could give it a score high enough to
make sure that it always marks the email as SPAM.

The way the AV-SPAM is configured a single "hit" from an RBL isn't
enough to mark an email as SPAM. But if there are any other "spammy"
indicators in the mail (and there usually are!) then it's enough.

So my suggestion would be: If you want to use other RBLs, don't use them
directly in Sendmail, but move them over to SpamAssassin. The syntax for
that is really easy.

Just take a look at /etc/mail/spamassassin/spamhaus_extra.cf for example:

header ROKSO_SPAM eval:check_rbl('ROKSO_SPAM', 'rokso.spamhaus.org.')
score ROKSO_SPAM 2.0

header SBLXBL_SPAM eval:check_rbl('SBLXBL_SPAM','sbl-xbl.spamhaus.org.')
score SBLXBL_SPAM 2.0

These four lines add the two RBLs for ROKSO and SBLXBL and assign each a
score of 2.0.

You could create a separate config file in /etc/mail/spamassassin/ and
name it virtbiz.cf and after a SpamAssassin restart it'll be used as
well. It also won't be overwritten during updates. The important part is
that it's in /etc/mail/spamassassin/ and ends with *.cf

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list