1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

DNS zones for DNSBL service

Discussion in 'Plesk for Linux - 8.x and Older' started by SHGreg, Jan 14, 2008.

  1. SHGreg

    SHGreg Guest

    0
     
    Whenever I enter something in this field, such as 'zen.spamhaus.org', Plesk users are blocked from sending emails because they have a dynamic IP (as most broadband users do). Why is Plesk blocking my authenticated SMTP users?

    It seems like it is checking the DNSBL list and rejecting users before checking for a username and password. Surely this is the wrong way around? If a user successfully authenticates, why check their IP with the list? They have already been authorized which should override any result from the list.
     
  2. Brujo

    Brujo Regular Pleskian

    28
    57%
    Joined:
    Mar 4, 2006
    Messages:
    278
    Likes Received:
    2
    Location:
    Germany
    I have the same experience on our Box, would be nice to get this fixed, i think it has to do with the order in the server_args at /etc/xinetd.d/smtp_psa


    update: since 8.3.0 we have the choice to use message subission which runs on Port 587 and there is not the rblsmtpd check
     
  3. AlfonsoO

    AlfonsoO Guest

    0
     
    i have the same problem and i want to desable DNSBL lists, can some one tell me how to do this ?

    thanks for advanced
     
  4. SHGreg

    SHGreg Guest

    0
     
    What exactly does this port 587 option do? If I enable this option, any user that has problems sending mail through regular port 25 can change to port 587 and bypass the blacklist checks? Wouldnt this open the server up to more spam?
     
  5. dash

    dash Regular Pleskian Staff Member

    28
    40%
    Joined:
    Sep 26, 2007
    Messages:
    204
    Likes Received:
    47
    This option declare additional smtp port(587) for end-user's mail clients with mandatory smtp authorization and without any additional prechecks like blacklisting.
     
  6. Brujo

    Brujo Regular Pleskian

    28
    57%
    Joined:
    Mar 4, 2006
    Messages:
    278
    Likes Received:
    2
    Location:
    Germany
    @AlfonsoO
    under Plesk > Server > Mail > Checkbox "Switch on spam protection based on DNS blackhole lists"

    @SHGreg
    runs on Port 587 with smtp_auth and without blacklist checks...


    /etc/xinetd.d/submission_psa / Port 587
    /etc/xinetd.d/smtp_psa / Port 25
     
  7. SHGreg

    SHGreg Guest

    0
     
    Great, I got it all working with any users having problems simply switching to port 587 :) What lists are people using? So far I have

    'zen.spamhaus.org;combined.njabl.org;list.dsbl.org'
     
  8. Brujo

    Brujo Regular Pleskian

    28
    57%
    Joined:
    Mar 4, 2006
    Messages:
    278
    Likes Received:
    2
    Location:
    Germany
  9. SHGreg

    SHGreg Guest

    0
     
    Thanks for the link, I've already taken a look at that site. I'm wondering what list combinations are working best for everyone?
     
  10. Brujo

    Brujo Regular Pleskian

    28
    57%
    Joined:
    Mar 4, 2006
    Messages:
    278
    Likes Received:
    2
    Location:
    Germany
    i think it is up to everyone to figure out the best combination in depence of Country and so on.... even the order of the RBLs will effect it. Unfortunately Plesk brings no statistics for it.

    I have done the following, i instaled manually the rblsmtpd with syslog support and got a script with Stats Output per RBL like
    in this case you can start play around which RBL will serve you as best and to find out in which order you should have the RBL`s. It makes no sence for example to have the RBL with the most hits as the last entry... it should be the first entry.

    and so on....

    with best regards
    Brujo
     
  11. gtowle

    gtowle Guest

    0
     
    Brujo-

    I'd liek to setup port 587 as you described above, but I don't quite follow the directions you gave SHGreg above. For example, am I supposed to create a submission_psa file? (there currently isn't one on my server). Would you mind going into a bit more detail? Thank you.

    Geoff
     
  12. Brujo

    Brujo Regular Pleskian

    28
    57%
    Joined:
    Mar 4, 2006
    Messages:
    278
    Likes Received:
    2
    Location:
    Germany
    @gtowle

    the submission_psa should be automatically created after you select the Checkbox at your Plesk Controlpanel.

    under Plesk > Server > Mail > Checkbox "Enable message submission"

    Brujo
     
  13. aeescobar

    aeescobar Guest

    0
     
    I've clicked on the enable message submission button, the submission_psa file has been created, port 587 is open, but zen.spamhaus.org is still blocking outgoing mail from dynamic IP's.

    I do a telnet 64.129.137.75 587 I get
    rblsmtpd: 68.32.44.90 pid 8442: 451 http://www.spamhaus.org/query/bl?ip=68.32.44.90
    220 rblsmtpd.local

    I've restarted qmail and xinetd from the command line.

    What could I be missing? Also, outgoing mail from webmail doesn't get sent. Is there any way to get webmail to work from a dynamic IP?

    TIA
     
  14. aeescobar

    aeescobar Guest

    0
     
    Please ignore this part of my previous post. I figured this one out. Webmail works fine from dynamic IP.
     
  15. ehartman

    ehartman Guest

    0
     
    Sorry for reviving an old thread, but this is what came up for me when I searched having had this problem with some customers not being able to send emails.

    Turns out the issue is with using zen.spamhaus.org - zen includes the SBL, XBL and PBL lists into one, but if you read the fine print at the end of the PBL page, you'll see the problem:

    "Caution: Because the PBL lists normal customer IP space, do not use PBL on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers if their dynamic IPs are in the PBL). Do not use PBL in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers."

    Hope that helps someone,
    -Erich
     
  16. Philipp Wedel

    Philipp Wedel Guest

    0
     
    Could someone give a short HowTo again how to switch the port - why isnt this problem solved in 9.x ?
     
  17. Superkikim

    Superkikim Regular Pleskian

    25
    57%
    Joined:
    Mar 10, 2008
    Messages:
    135
    Likes Received:
    0
    You don't have to switch anything ! Both ports are open by default !!!

    Just have your users change the SMTP port from 25 to 587 in their mail client.

    By the way, poeple shouldn't use your server to send out emails. They should only use their ISP smtp...
     
  18. Jose_Antonio_Morales

    Jose_Antonio_Morales New Pleskian

    4
    70%
    Joined:
    Oct 1, 2014
    Messages:
    16
    Likes Received:
    0
    Yes people... DO NOT USE zen.spamhaus.org, use instead sbl.spamhaus.org and xbl.spamhaus.org
     
  19. G J Piper

    G J Piper Regular Pleskian

    15
    35%
    Joined:
    Dec 8, 2015
    Messages:
    157
    Likes Received:
    29
    Is using sbl-xbl.spamhaus.org the same as using both sbl.spamhaus.org and xbl.spamhaus.org (separated by semicolon) DNSBL service?
     
Loading...