Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Problem with BlackLists
  •  
mrman

Messages: 20
Karma: 0
Send a private message to this user
Hi everyone:

I wanted to share something with you all, and is about a problem I have with the Blacklists in KMS 6.6.2. The ones in trouble are SpamHaus and SpamCop.

The thing is that when both are clicked, and with adding punctuation to both of them, I receive no email from anyone.

When I unchecked them, I have no problem in receiving e-mail. I tried doing a custom rule as support knowledge base says, but no results were given.


Does anyone know what to try in order to have both blacklists checked and be able to receive e-mail from anyone?


Thank you.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
mrman wrote on Tue, 17 February 2009 16:53


The thing is that when both are clicked, and with adding punctuation to both of them, I receive no email from anyone.


We use both without any problems. What do you mean by "adding punctuation to both of them"? Are you editing the zone names?
  •  
mrman

Messages: 20
Karma: 0
Send a private message to this user
No.

That's an option you have when editing the blacklist.
You have 2 options:

Block the message or

Add punctuation of x for spam.


That's what I mean.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
I see. Well, we don't use them for scoring, but outright rejecting. No need to waste resources on processing mails from the worst lowlifes on the planet. If it's listed on Spamhaus or SpamCop, it's IMO* safe to ignore.

What does the security.log say when you cannot receive mail from anywhere?


* After using these two lists on half a dozen mail servers for 7+ years.
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
Yes, you really need to check your logs (security and mail) and also you should send yourself a mail from an external provider like hotmail or gmail. Check what error message you get back.

For me, both Spamcop and Spamhaus lists work for over 5 years.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
jonahpa

Messages: 23
Karma: 0
Send a private message to this user
Is there any significant slowdown on the server if you are using 2 blacklists (for example, spamcop and spamhaus).

Thanks,
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Not significant, no.

If you reject mail based on blacklisting, the blacklist queries are terminated as soon as one responds with a listing. Apparently you cannot change the order in which blacklists are queried by KMS. I'm not sure how it works if you use blacklists to increase the spam score.

Blacklist lookups are technically speaking just regular DNS lookups. The size of these queries are a few dozen bytes. Replies are roughly the same size (i.e. small).

In any case, blacklist lookups are orders of magnitude cheaper (in terms of, time CPU and disk) than doing processing with SpamAssassin. Get rid of as much crud as you can before handing it to the spam filter ...
  •  
EdRoxter

Messages: 77
Karma: 2
Send a private message to this user
I'd say, you should not use SpamHaus at all because they often blacklist whole /23 subnets whereas there may be only about 5 or 10 hosts within them that might be suspicious.
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Are you talking about the Spamhaus PBL, SBL or XBL zone? The criteria for listing varies quite a bit between these three. With the PBL zone, it's perfectly OK to list a /23 if only one host is actually emitting spam. No mail should ever come from any of the IP addresses on the PBL list.

Do you have an example of a /23 that was incorrectly blocked by Spamhaus?
  •  
EdRoxter

Messages: 77
Karma: 2
Send a private message to this user
It was the SBL.

Particularly, I have a server for a company in the 83.133.124.0/22 subnet (it wasn't even a /23) which is within the IP range of a middle-sized German ISP. There have been some spammers who had some servers there but I think it's quite inadequate to blacklist 1022 hosts of which only 5 or 10 were actually malicious.

After contacting their support, the entry was removed after 2 days, but it caused quite big problems for the company and I had to relay all outgoing mail via another server which I only "had left" by accident.

[Updated on: Fri, 20 February 2009 15:40]

  •  
jonahpa

Messages: 23
Karma: 0
Send a private message to this user
TorW wrote on Tue, 17 February 2009 22:10

Well, we don't use them for scoring, but outright rejecting. No need to waste resources on processing mails from the worst lowlifes on the planet. If it's listed on Spamhaus or SpamCop, it's IMO* safe to ignore.


I check KMS manual and it says:
Quote:

Block the message
In this mode, connections from servers included in the blacklist will be blocked. Message(s) will be rejected by Kerio MailServer. Senders will be informed that their messages cannot be delivered.


Where will these notification end up since most of the spammer addresses are fake? Is this notification will not return back a message that the notification was not delivered?

  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
jonahpa wrote on Fri, 20 February 2009 16:34


Where will these notification end up since most of the spammer addresses are fake? Is this notification will not return back a message that the notification was not delivered?


The sender will immediately get a reject notice from his own mailserver. It doesn't matter whether the From address was faked or that the "mail server" in most cases is a zombie PC. Since KMS won't accept the mail, it's the sending mail server's job to report this fact back to the sender. It's how SMTP works.

A non-delivery reports (bounces) is a different matter, and is sent to the address listed in the Return-Path header field. When you get these, it usually means the mail server who sent it is poorly configured (it decides to reject the mail after having accepted it). The latter is also called "backscatter" or "outscatter".

If you add, say, a 2.0 score to a mail sent by someone on a blacklist, it may still end up in the user's inbox or Junk Mail folder. If you add e.g. 6 points to make it tip the reject threshold, you could as well have rejected it immediately and saved yourself some processing. SpamAssassin eats a lot of CPU.

That's my experience anyway. Your mileage may vary (wildly), and it may not even be acceptable for you to reject anything.
  •  
EdRoxter

Messages: 77
Karma: 2
Send a private message to this user
For example, there was a sentence by a German court that rejecting mails, no matter in how many blacklists they might have occurred, was inacceptable.

There is no particular law against it, but still, one should be careful.

If you use, for another example, e-mail via UMTS and don't have an own relay, you automatically use a relay of your cellular provider. In the case of German cell provider BASE, their gateway is listed in almost any blacklist existing (got a SpamAssassin score of >30 on one of my servers).

So one should be very careful about blacklists and rejecting...
  •  
feijin

Messages: 24
Karma: 0
Send a private message to this user
Test your DNS,please.
nslookup -qt=mx noexistsdomainnameadfa.com youdnsIP

*** dns.xxxxx can't find sohuandsina.com: Non-existent domain

or
ping noexistsdomainnameadfa.com


[Updated on: Sun, 22 February 2009 04:38]

Previous Topic: Don't receive mails - fixed ip / no domainname
Next Topic: System mail on linux
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 10:30:25 CET 2017

Total time taken to generate the page: 0.00492 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.