How to add RBL on Zimbra Server?

A DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is an effort to stop email spamming. It is a “blacklist” of locations on the Internet reputed to send email spam. The locations consist of IP addresses which are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. The term “Blackhole List” is sometimes interchanged with the term “blacklist” and “blocklist”. How to add RBL check on Zimbra Server - blackMORE Ops - 2

A DNSBL is a software mechanism, rather than a specific list or policy. There are dozens of DNSBLs in existence, which use a wide array of criteria for listing and delisting of addresses. These may include listing the addresses of zombie computers or other machines being used to send spam, ISPs who willingly host spammers, or those which have sent spam to a honeypot system.

Since the creation of the first DNSBL in 1997, the operation and policies of these lists have been frequently controversial, both in Internet advocacy and occasionally in lawsuits. Many email systems operators and users[4] consider DNSBLs a valuable tool to share information about sources of spam, but others including some prominent Internet activists have objected to them as a form of censorship. In addition, a small number of DNSBL operators have been the target of lawsuits filed by spammers seeking to have the lists shut down.[Wiki]

What is Zimbra?

In case you haven’t used or heard of Zimbra,

Zimbra is an enterprise-class email, calendar and collaboration solution built for the cloud, both public and private. With a redesigned browser-based interface, Zimbra offers the most innovative messaging experience available today, connecting end users to the information and activity in their personal clouds.

It provides:

  1. Messaging and Collaboration
  2. Advanced, Integrated Web Experience
  3. Simplified Administration
  4. Anywhere, Any Device

Zimbra’s Open Source Community

Since the inception, Zimbra has been a community. All of Zimbra Collaboration Open Source Edition software, documentation and innovation has been created, tested, used, and discussed openly by people like you participating in our Open Source Community. It’s contributors diagnose bugs, fix bugs, translate programs, submit patches, point out deficiencies in documentation, answer community questions, submit killer applications, alert Zimbra to something that needs tweaking, and write new software. No matter how you contribute, Zimbra welcomes new ideas and contributions for the advancement of greater shared knowledge and a better Zimbra Collaboration product.

See more here:

Add RBL check on Zimbra

Login to email server and su youreself to zimbra user.

# su - zimbra

Check current settings

$ zmprov gacf | grep zimbraMtaRestriction

Output:

zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_non_fqdn_sender

Currently reject_non_fqdn_sender and reject_non_fqdn_sender is set.

Add a test RBL server

Adding cbl.abuseat.org

$ zmprov mcf \
zimbraMtaRestriction reject_invalid_helo_hostname \
zimbraMtaRestriction reject_non_fqdn_sender \
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org"

I used \ to break the lines. You can do it all in one line if you feel like.

$ zmprov mcf zimbraMtaRestriction reject_invalid_helo_hostname zimbraMtaRestriction reject_non_fqdn_sender zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org"

Test Output:

$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org

Adding multiple RBL servers in Zimbra

Going full on retard with RBL check

$ zmprov mcf \
zimbraMtaRestriction reject_invalid_helo_hostname \
zimbraMtaRestriction reject_non_fqdn_sender \
zimbraMtaRestriction reject_invalid_hostname  \
zimbraMtaRestriction "reject_rbl_client sbl.spamhaus.org" \
zimbraMtaRestriction "reject_rbl_client bl.spamcop.net" \
zimbraMtaRestriction "reject_rbl_client dnsbl.sorbs.net" \
zimbraMtaRestriction "reject_rbl_client cbl.abuseat.org" \
zimbraMtaRestriction "reject_rbl_client dnsbl.njabl.org"

New Output:

$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_invalid_helo_hostname
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_invalid_hostname
zimbraMtaRestriction: reject_rbl_client sbl.spamhaus.org
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client dnsbl.sorbs.net
zimbraMtaRestriction: reject_rbl_client cbl.abuseat.org
zimbraMtaRestriction: reject_rbl_client dnsbl.njabl.org

List of RBL servers:

Don’t go full retard with RBL in Zimbra; quite often some RBL servers blacklist good domains for absolutely no reasons (unexplained); so test; test; test until you have the best combination. Here’s a list of all the RBLs/DNSBls you can check your mail servers against(mostly free):

  1. b.barracudacentral.org
  2. bl.emailbasura.org
  3. bl.spamcannibal.org
  4. bl.spamcop.net
  5. blackholes.five-ten-sg.com
  6. blacklist.woody.ch
  7. bogons.cymru.com
  8. cbl.abuseat.org
  9. cdl.anti-spam.org.cn
  10. combined.abuse.ch
  11. combined.rbl.msrbl.net
  12. db.wpbl.info
  13. dnsbl-1.uceprotect.net
  14. dnsbl-3.uceprotect.net
  15. dnsbl.ahbl.org
  16. dnsbl.inps.de
  17. dnsbl.sorbs.net
  18. drone.abuse.ch
  19. drone.abuse.ch
  20. duinv.aupads.org
  21. dul.dnsbl.sorbs.net
  22. dul.ru
  23. dyna.spamrats.com
  24. dynip.rothen.com
  25. http.dnsbl.sorbs.net
  26. images.rbl.msrbl.net
  27. ips.backscatterer.org
  28. ix.dnsbl.manitu.net
  29. korea.services.net
  30. misc.dnsbl.sorbs.net
  31. noptr.spamrats.com
  32. ohps.dnsbl.net.au
  33. omrs.dnsbl.net.au
  34. orvedb.aupads.org
  35. osps.dnsbl.net.au
  36. osrs.dnsbl.net.au
  37. owfs.dnsbl.net.au
  38. owps.dnsbl.net.au
  39. pbl.spamhaus.org
  40. phishing.rbl.msrbl.net
  41. probes.dnsbl.net.au
  42. proxy.bl.gweep.ca
  43. proxy.block.transip.nl
  44. psbl.surriel.com
  45. rbl.interserver.net
  46. rbl.megarbl.net
  47. rdts.dnsbl.net.au
  48. relays.bl.gweep.ca
  49. relays.bl.kundenserver.de
  50. relays.nether.net
  51. residential.block.transip.nl
  52. ricn.dnsbl.net.au
  53. rmst.dnsbl.net.au
  54. sbl.spamhaus.org
  55. short.rbl.jp
  56. smtp.dnsbl.sorbs.net
  57. socks.dnsbl.sorbs.net
  58. spam.abuse.ch
  59. spam.dnsbl.sorbs.net
  60. spam.rbl.msrbl.net
  61. spam.spamrats.com
  62. spamlist.or.kr
  63. spamrbl.imp.ch
  64. t3direct.dnsbl.net.au
  65. tor.ahbl.org
  66. tor.dnsbl.sectoor.de
  67. torserver.tor.dnsbl.sectoor.de
  68. ubl.lashback.com
  69. ubl.unsubscore.com
  70. virbl.bit.nl
  71. virus.rbl.jp
  72. virus.rbl.msrbl.net
  73. web.dnsbl.sorbs.net
  74. wormrbl.imp.ch
  75. xbl.spamhaus.org
  76. zen.spamhaus.org
  77. zombie.dnsbl.sorbs.net

Reference

Check Also

Android vulnerability allows attackers root access - blackMORE Ops - 2

Android vulnerability allows attackers root access

In an Android Security Advisory issued on March 18th, Google revealed it was notified of …

FBI hacked iPhone and wont disclose details - blackMORE Ops - 2

FBI hacked iPhone and wont disclose details

FBI successfully hacked iPhone and they wont disclose how it got data from seized San …

Leave a Reply

Your email address will not be published. Required fields are marked *