Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Black Hole Lists
  •  
cchipman

Messages: 4
Karma: 0
Send a private message to this user
Has anyone played with the black hole list feature on the Kerio Mail server?

What experiences/advice can you offer?
Good lists to use?
  •  
Frank

Messages: 4
Karma: 0
Send a private message to this user
I like these:

dul.dnsbl.sorbs.net - doesn't allow mail from dynamic ips (cable, dsl)
sbl.spamhaus.org (this kills alot of spam)
relays.ordb.org (open relays)
bl.spamcop.net (also kills alot of spam, but it does catch a fair amount of good mail, use with caution)
opm.blitzed.org (hardly any false positives here)

Regards,
Frank
  •  
sirjosi

Messages: 71
Karma: 0
Send a private message to this user
i use these as well and am happy with it. How do you guys exclude a particular ip from this list tho and keep the list?
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
Do any of you know what message is sent back to the sender (in case of a legit email getting blocked?)

I am in particular looking at SORBS. I set their rbl list for logging and it looks like a hit (literally.) But I am concerned about blocking legit mail. Most of our legit mail is corporate so I don't think it will be a problem, but I am cautious anyway.

Thanks
  •  
sirjosi

Messages: 71
Karma: 0
Send a private message to this user
my users get a message that my mail server bounced their message.

they forward me this, then I look for the senders email (or whatever info I can use) in the security logs. The logs tell me which blackhole it was or which custom header block I used.

pay it forward
-sirjosi
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
What type of users do you have that get blocked from the RBLs?

I am currently watching the security log and the SORBS rbl is logging a ton of hits. But I was just curious what type of message they sender will get. Is it a "554 address is in RBL" type of message?

Thanks
  •  
sirjosi

Messages: 71
Karma: 0
Send a private message to this user
from the few samples ive gotten, its very generic and may change depending on their smtp server (not sure). The mta just says that it cant deliver. Usually, my users just tell me the email that they cant send to or the email of the person who cant send to them.

sample
----------------
This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

asdasd<at>domain.com
----------------

pay it forward
-sirjosi
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
Okay, thanks much. That gives me what I need to know.
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
I am now using the SORBS rbl and the Blitzed as well.

SORBs is blocking lots of attempted emails, but I am finding many of them spammers just keep trying different IP address until one gets through. I am looking at one in the Security log that failed with 6 IPs but got through on the 7th.

So is it really helping block spam or just causing more zombies to work harder?
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
I added the SPAMHAUS black list as well. The combo of SpamHaus and SORBs has reduce my mail to 25% of what it was. In a matter of a week, I have over 17,000 rejected SMTP connections from these lists and no complaints so far. Once again I am a hero ;)

Thanks for the input sirjosi.

  •  
sirjosi

Messages: 71
Karma: 0
Send a private message to this user
good for you! and glad to help.

warning tho: Ive had to disable blocking for sorbs recently because Ive been getting so much false positives and in fact have gotten complaints from users. I'm still logging the ones theyre blocking though. Im not saying not use it totally, if its working for you well, but you might want to monitor it closely.

Heres a sample of an email I got from their mail list:

-------------------------------
From: owner-dnsbl-users<at>stealth.sorbs.net [mailto:owner-dnsbl-users<at>stealth.sorbs.net] On Behalf Of Matthew S. Hallacy
Sent: Wednesday, March 31, 2004 6:09 AM
To: dnsbl-users<at>sorbs.net
Subject: [dnsbl-users] Ineffectiveness


Due to customer complaints about their friends Yahoo! mail, Comcast, various AOL mail servers, and others mail being blocked the company I work for has decided that SORBS is just too much of a liability.

Automated testing is great and all, but when the whole thing seems to be on auto-pilot with no sanity checks in place you're just another SPEWS damaging the dnsbl reputation.

I'll be happy to give it another try if these issues are ever cleared up.

------------------------------

pay it forward
-sirjosi
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
Hmmm... That is just what I don't want. The balancing act continues. Now SORBs has different levels, do you know which one is the problem? There is the spam, dul, zombie and many other that can be lumped together with the dnslb zone. I use the dnslb to use all zones. I am just wondering if you know which zone is causing the false positives.

Thanks
  •  
sirjosi

Messages: 71
Karma: 0
Send a private message to this user
I was using dnsbl.sorbs.net so my server would just check with one server. But you have a good point. Maybe using specific sorbs blackholes might help. I'll give these a try.

pay it forward
-sirjosi
  •  
Tr!une

Messages: 90
Karma: 0
Send a private message to this user
let me know what you find. I haven't had any complaints, but we are more B2B and therefore the most of the email is coming from businesses or large entities, not individuals.
Previous Topic: How do you train SpamAssassin integrated with KMS?
Next Topic: Manually start POP3 polling ?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 22:13:44 CET 2017

Total time taken to generate the page: 0.00538 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.