Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [rbl]

Real-time Blackhole is a database of IP addresses known to send spam, accessible over DNS, with specific responses to determine whether a host should be rejected or allowed.

A Domain Name System-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is an effort to stop email spamming. It is a "blacklist" of locations on the Internet reputed to send email spam. The locations consist of IP addresses which are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. The term "Blackhole List" is sometimes interchanged with the term "blacklist" and "blocklist". https://en.wikipedia.org/wiki/DNSBL

62 questions
2
votes
1 answer

check spamassassin DNSBL results

Is there a way to check the results of spamassassin on an email when it checks DNSBL? I see nothing in the maillog and nothing in the mail header. I do not know if it is actually querying the DNSBLs or not, which I would like to know. I currently…
PixelPaul
  • 343
  • 2
  • 12
2
votes
1 answer

Does postfix cache RBL queries?

This is driving me nuts… Linux Debian + postfix… /etc/postfix/main.cf has the following lines: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access, reject_invalid_hostname, reject_non_fqdn_recipient, …
Gabriele
  • 341
  • 1
  • 4
  • 14
2
votes
3 answers

is there a PAM module for DNSBL lookups?

I have been enumerating the remaining security concerns on one of my back-end production servers, when I came to the realization that something which could be incredibly useful was missing from my operating systems upstream repository. I have been…
RapidWebs
  • 571
  • 4
  • 13
2
votes
1 answer

Postfix thinks IP is in blacklist, but is not actually listed in blacklist

Got a bit of a weird problem here with Postfix. Been getting a whole bunch of notices where fail2ban has banned 69.164.196.21 (ryujin.darkdna.net) for failures against Postfix. Here is a relevant snippet from Postfix's log: Jan 13 17:56:26…
postfixgonepostalithink
  • 23
  • 2
2
votes
2 answers

Monitor IP for RBLs

Is there any way to monitor an IP against RBLs. I want to have an alert over email when my IP is blacklisted in any RBL over internet. Any help?
User4283
  • 781
  • 3
  • 10
  • 27
2
votes
1 answer

How do I know if an abuse report about unsolicited is actually about my server?

I received an Abuse-Message from the operators of dnsbl.de. To me it sounds like it has nothing to do with me, but since it is too serious I don't want to do "guess work" and check whether it really is. What I got Here is an excerpt of the mail…
yankee
  • 177
  • 2
  • 6
1
vote
1 answer

How to get postfix to check all 'Recieved:' headers against an RBL?

I have several rbls listed in smtpd_client_restrictions, but this only checks the client IP against the RBLS. Is there any way to get postfix to check each Recieved: line against the RBL like spamassassin does? Spamassassin tags blacklisted IPs in…
nyet
  • 131
  • 4
1
vote
1 answer

Find an IP that is known to be on a DNSBL

I am configuring Zabbix to check my IPs against several DNSBLs. My IPs are currently not blacklisted. My monitoring needs to be tested, to verify that it will alert properly if one of my IPs does become blacklisted. How can I obtain, for testing,…
Wayne Conrad
  • 675
  • 1
  • 7
  • 20
1
vote
1 answer

IPBlockListProvider vs. IPAllowListProvider

I am using Spamhaus SBL and Spamcop as RBL providers in Echange 2016 which works fairly well for me. However, some connections are blocked which really shouldn't. To prevent false positives I went on to configure IP allow list providers…
Rob
  • 11
  • 1
1
vote
4 answers

Does it matter if your web server's IP is RBL'ed?

We have a web server (on Slicehost) with an IP address that has been blacklisted in at least one DNSRBL (FIVETEN). The host is not currently a source of mail, in fact all mail for the domain goes through Google apps. The only association between the…
user8379
1
vote
1 answer

Postfix - Skip RBL checks after a SPF Pass

I've started using policyd-spf and am using the following recipient restriction. What I'd like is for senders that pass the SPF check to skip any RBL checks. Unfortunately that's not happening. smtpd_recipient_restrictions = …
oobayly
  • 113
  • 3
1
vote
0 answers

How to RBL block forwarded email in postfix?

I have RBL blocking successfully configured in postfix, using reject_rbl_client in the smtpd_recipient_restrictions section. However, I use a mail forwarding service through which I receive some spam emails. These emails are not rejected by the RBL…
Chris
  • 111
  • 2
1
vote
1 answer

Bounce mail blocked by Trend Micro Email Reputation Service

When I tryied to send an email, the following error appears: 200.123.99.139 does not like recipient. Remote host said: 550 5.7.1 Mail from 67.222.38.55 has been blocked by Trend Micro Email Reputation Service. Please see…
jpussacq
  • 131
  • 6
1
vote
0 answers

Is there a way to configure postfix to bypass spam/RBL checks on a particular destination hostname or username?

I'm running Postfix on CentOS 7, a fairly generic implementation, but I do employ some RBL checking on incoming mail. I like using SORBS for example but I have a few clients who seem to have issues with senders being in their list. Is there any…
S.ov
  • 361
  • 2
  • 4
  • 13
1
vote
1 answer

mod_security RBL - apparent false positive

I'm struggling with an RBL rule in mod_security under apache 2.2 that seems to be giving me a false positive. I see the following in the audit log (IP address redacted): Message: RBL lookup of 4.3.2.1.sbl-xbl.spamhaus.org succeeded at REMOTE_ADDR.…
KenB
  • 162
  • 1
  • 6
1
2
3 4 5