• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Anti spam using DNSBL

J

JuanCar

Regular Pleskian
Server operating system version
Almalinux 9.4
Plesk version and microupdate number
Plesk Obsidian 18.0.69 #4
Hi, I set my mail config antispam to use DNSBL (bl.spamcop.net;xbl.spamhaus.org) but I think it doesn't work, I receive spam from listed IP,s.
I check IP of received spam mail in spamcop and I get it's llisted, so the filter is not working. Why? ???
Is there any log to see if the filter is working?
Thanks
 
JuanCar said:
[...]
I check IP of received spam mail in spamcop and I get it's llisted, so the filter is not working. Why? ???
Click to expand...
Hard to say without any further information from logs, but a common issue is when DNS lookups are resolved via public DNS servers instead of locally. Review your /etc/resolv.conf file to see what names servers are configured.

JuanCar said:
Is there any log to see if the filter is working?
Click to expand...
Yes, have a look at the mail log at /var/log/maillog
 
Thanks
resolve.conf contains public IPs as nameserver
And I have DNS service disabled
Then, does I need to active this service (Bind DNS Server) and change resolve.conf?
 
Thanks,
Upon closer inspection of the log, I see a spamd entry revealing data that confirms the email IP is on blocklists (URIBL_ABUSE_SURBL, URIBL_BLOCKED). However, this doesn't raise the email's score, and does it block it.
This is the log
spamd: result: . 4 - BAYES_00,DKIM_ADSP_NXDOMAIN,DKIM_INVALID,DKIM_SIGNED,FROM_DOMAIN_NOVOWEL,HEADER_FROM_DIFFERENT_DOMAINS,HTML_IMAGE_ONLY_32,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED,RDNS_NONE,SPF_HELO_PASS,SPF_PASS,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLOCKED scantime=0.2,size=5123,user=[email protected],uid=30,required_score=7.0,rhost=::1,raddr=::1,rport=50534,mid=<vCcAbrVcmTmyAOFnBnvLCRUENExzwO&4UEuQherjdw&39763/683/endjdgtjax.home.php?sq=5828-17963&lk=9127-9&page=[email protected]>,bayes=0.000000,autolearn=no
So the email gets a score of 4 less than 7 (required_score).
Then I have to setup a new required_score or give a more weight for URIBL_ABUSE_SURBL and URIBL_BLOCKED, is this the fix?
 
That's unrelated. Spamd is the deamon process for spam SpamAssasin which filters email independently of the DNSBL blacklists you've configured in Plesk.

You'll need to search the mail log for something like this:
postfix/smtpd[20247]: NOQUEUE: reject: RCPT from mail-oln040092073050.outbound.protection.outlook.com[203.0.113.2]: 554 5.7.1 Service unavailable; Client host [203.0.113.2] blocked using xbl.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/2001:db8:f61:a1ff:0:0:0:80; from=[email protected] to=[email protected] proto=ESMTP helo=<EUR04-HE1-obe.outbound.protection.outlook.com>
Click to expand...

You can use the grep utility on command line to easlier search trough mail log for spamhaus and spamcop related entries.
Code: 
grep -E "spamhaus|spamcop" /var/log/maillog

Note Spamhaus requires that you register for an account now a days. See:
 
I misunderstand de log o_O
Rules ended with BLOCKED means the rules are not applied, so this filter doesn't wok
URIBL_BLOCKED
RCVD_IN_DNSWL_BLOCKED
RCVD_IN_VALIDITY_RPBL_BLOCKED
RCVD_IN_VALIDITY_SAFE_BLOCKED
I test the server DNS using dig and dnsbl are reached
And there is another issue, some blDNS I use are deprecated like bl.spamcop.net
 
Oh, I wrote last post before reading your answer, sorry.
Yes I've found, the entries you wrote in maillog:
postfix/smtpd[2390740]: NOQUEUE: reject: RCPT from unknown[181.229.154.222]: 554 5.7.1 Service unavailable; Client host [181.229.154.222] blocked using bl.spamcop.net; Blocked - see SpamCop.net - Blocking List ( bl.spamcop.net ) ....
And you're right: any one from spamhaus.
So the dnsbl works but it need more efficient bldns server like register with spanhaus...
Thanks
 
You must log in or register to reply here.

Similar threads

M
Question How to use Plesk on Ubuntu 24 with DNSBL?
Replies
7
Views
2K
maennchen1
M
tramvainqueur
Question Possible to use DNSBLs for moving identified email as spam to spam folder (not blocking)?
Replies
14
Views
3K
tramvainqueur
tramvainqueur
F
Issue Missing SMTP "received from" header
Replies
5
Views
1K
AYamshanov
AYamshanov
C
Issue Help needed with spam filtering
Replies
5
Views
1K
ciB
C
enerspace
Question Bounce emails end up in spam – DMARC triggered on local deliveries?
Replies
0
Views
780
enerspace
enerspace
Back
Top