TOP

Reducing SPAM on your Postfix Mail Server with the Help of Public RBL/DNSBL Black Lists

A few months ago, we wrote about using “grey listing” on your mail server to help reduce SPAM. While, this concept works great in practice, it does have one major flaw that may affect your users if they are using their mail in time critical environments. Since grey listing initially rejects the mail and waits for a second attempt from the sending mail server to deliver the mail (SPAM servers usually only try one attempt) this eliminates the “instant” delivery of your emails. We all know that emails should never be depended on to be delivered instantly, but these days it’s very close to instant, majority of the time.

As a result, we want to share some other methods on how to reduce incoming SPAM to your mail server and users while preserving the quick delivery so many users count on each day. After all, we live in a world where expectations in technology are consistently rising.

Using a publicly available Black List Database, also known as RBL’s or DNSBL’s (DNS Block List, or Real Time Black Hole List) will allow your mail server to connect and verify whether the sending server is known as a SPAM sender. While there are many different types of Black List’s on the Internet, and we cannot guarantee (nor can they) that they are 100% effective in blocking SPAM, we would like to share a list of the common ones that we have used and are effective.

What to look for in a DNSBL Database

What you want to look for is a well maintained project (since this will be making decisions for you in real time) and one that is well known not to have what are called “False Positives.” In all cases, what you want to avoid when implementing an automated system like this, is the rejection of legitimate email.

DNSBL’s Suggested

The DNSBL’s that we have seen to be effective include the following:

  • zen.spamhaus.org
  • xbl.spamhaus.org
  • rbl.spamhaus.org
  • b.barracudacentral.org
  • bl.spamcop.net

DNSBL’s to Avoid

  • blackholes.five-ten-sg.com

Five-ten-sg.com is very prone to listing entire subnets (up to /24 in some cases) rather that listing individual /32 IP addresses. As a result, using this black list is very prone to attracting false positives and it is not up to date. There are many stale records that we have encountered in this database, sometimes including domains such as Apple’s @me.com and Googles @gmail.com. Avoid this database at all costs.

Implementation

Once you have researched which database (or combination of databases) you want to use, implementing it in postfix is as simple as adding one line for each database you want to include in your main.cf file.

Find the following line in your main.cf file:

smtpd_recipient_restrictions =

Add the following to what is already there:

reject_rbl_client pbl.spamhaus.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client xbl.spamhaus.org,

Again, you can use as many databases you like. In the case of spamhaus.org, it’s best to visit their website to see what the criteria is for getting on to the database (some are more strict than others).

Overall, using a DNSBL is effective in helping with reducing the amount of incoming SPAM on the network. It is a database that works in real time, and there are professionals out there who contribute information to these databases daily to help reduce the amount of SPAM on the public internet.

Read More