• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue Plesk security extension with Spamhaus DQS key

Zebra Hosting

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
Plesk Obsidian v18.0.71
We are using the paid version of Plesk Security Extension Pro and want to use Spamhaus in the BL settings.
I dont see a way to enter the mandatory DQS key and can't find anything online about it.

Spamhaus suggests to add lines to the postfix config but I am not sure this will remain after updates. There are also plugins for SA but seems even more complicated.

Anybody got it working?

We have enabled all other BL settings in the Security Extension (not in the general settings) but still get loads of SPAM.

Please advice.
 
Spamhaus suggests to add lines to the postfix config but I am not sure this will remain after updates.

Yes it will, you can edit the /etc/postfix/main.cf without issue.
My main.cf file is highly customised and I've not had it overwritten during any updates.

If you are using multiple block lists make sure your system is using itself (BIND) to resolve domain names because public DNS servers will throttle your requests.

As for the Plesk Email Security extension, I don't use it so I'm not sure about that.

Regards

LD
 
Thanks LD,

Yes I have added the lines as recommended to Postfix config. Seems to work but Spamhaus now wants $600 per year......
How can you make sure the system us using it's own bind DNS server. Thought this was standard in Plesk but appearantly not so.
 
Hi, sorry for the delay, what is the output of...

resolvectl status

It will probably be using the stub listener on 127.0.0.53, or whatever the provider used in the network config when setting up the installation.
You can create the folder and file...

/etc/systemd/resolved.conf.d/local.conf

Adding...

Code:
[Resolve]
DNSStubListener=no
DNS=127.0.0.1
DNS=::1
Domains=example.com # where your server is called mail.example.com

Restart resolved...

systemctl restart systemd-resolved.service

And run...

resolvectl status

And it should be using the correct nameserver.
 
Thanks for the feedback!

Thought I posted a reply but dont see it here so here I go again:

resolvectl status

Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
DNS Servers: 127.0.0.1 ::1
Fallback DNS Servers: 1.1.1.1 2606:4700:4700::1111
DNS Domain: mail.xxx.xxx (my own domain)

Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 2a01:4ff:ff00::add:2 2a01:4ff:ff00::add:1 185.12.64.2 185.12.64.1

I added your suggestion but also added backup DNSservers for security. I assume that is allowed by SPAMHOUSE


Bastiaan
 
Back
Top