• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue Plesk security extension with Spamhaus DQS key

Z

Zebra Hosting

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
Plesk Obsidian v18.0.71
We are using the paid version of Plesk Security Extension Pro and want to use Spamhaus in the BL settings.
I dont see a way to enter the mandatory DQS key and can't find anything online about it.

Spamhaus suggests to add lines to the postfix config but I am not sure this will remain after updates. There are also plugins for SA but seems even more complicated.

Anybody got it working?

We have enabled all other BL settings in the Security Extension (not in the general settings) but still get loads of SPAM.

Please advice.
 
Zebra Hosting said:
Spamhaus suggests to add lines to the postfix config but I am not sure this will remain after updates.
Click to expand...

Yes it will, you can edit the /etc/postfix/main.cf without issue.
My main.cf file is highly customised and I've not had it overwritten during any updates.

If you are using multiple block lists make sure your system is using itself (BIND) to resolve domain names because public DNS servers will throttle your requests.

As for the Plesk Email Security extension, I don't use it so I'm not sure about that.

Regards

LD
 
Thanks LD,

Yes I have added the lines as recommended to Postfix config. Seems to work but Spamhaus now wants $600 per year......
How can you make sure the system us using it's own bind DNS server. Thought this was standard in Plesk but appearantly not so.
 
Hi, sorry for the delay, what is the output of...

resolvectl status
Click to expand...

It will probably be using the stub listener on 127.0.0.53, or whatever the provider used in the network config when setting up the installation.
You can create the folder and file...

/etc/systemd/resolved.conf.d/local.conf
Click to expand...

Adding...

Code: 
[Resolve]
DNSStubListener=no
DNS=127.0.0.1
DNS=::1
Domains=example.com # where your server is called mail.example.com

Restart resolved...

systemctl restart systemd-resolved.service
Click to expand...

And run...

resolvectl status
Click to expand...

And it should be using the correct nameserver.
 
Thanks for the feedback!

Thought I posted a reply but dont see it here so here I go again:

resolvectl status

Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
DNS Servers: 127.0.0.1 ::1
Fallback DNS Servers: 1.1.1.1 2606:4700:4700::1111
DNS Domain: mail.xxx.xxx (my own domain)

Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 2a01:4ff:ff00::add:2 2a01:4ff:ff00::add:1 185.12.64.2 185.12.64.1

I added your suggestion but also added backup DNSservers for security. I assume that is allowed by SPAMHOUSE


Bastiaan
 
You must log in or register to reply here.

Similar threads

Jürgen_T
Question Safe to enable postgrey with free Plesk Email Security (Amavis + SpamAssassin + ClamAV)?
Replies
1
Views
1K
ChristophRo
ChristophRo
X
Question Exclude email account from SPAM classification of Plesk Email Security Pro completely
Replies
0
Views
2K
x28
X
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
9K
Kaspar@Plesk
Kaspar@Plesk
M
Question Email Security Pro command line per user settings
Replies
1
Views
3K
Mike99
M
I
Issue Plesk Email Security Pro Not Functioning Correctly
Replies
0
Views
1K
ianstephens
I
Back
Top