DNS Blocklists (DNSBL) can be used to help prevent spam from reaching your users. This security feature allows you to specify several DNS blocklisting services (which maintain lists of servers known to relay spam) that will be checked each time someone tries to send a message to one of your domains. If the connecting IP has been blocklisted by any one of those services, the message(s) will be refused, quarantined, or flagged.
|
Use of this feature can prevent most spam from being sent to your users. However, some sites are blocklisted by mistake and therefore using this feature could cause some difficulties if you use it to outright refuse messages from blocklisted IP addresses. It is, however, still worthwhile to use, especially if used in conjunction with SecurityGateway's other spam prevention features such as URI Blocklists, Message Scoring, and the Heuristics and Bayesian options. |
Configuration
Enable DNSBL queries
This option is used to check incoming mail against DNS Blocklists. SecurityGateway will query each DNSBL host listed below for the sending server's IP address. If a host replies to the query with a positive result indicating that the IP address is blocklisted, the message will be refused, quarantined, or accepted and flagged depending upon which options you have designated below. This option is enabled by default.
If the sending server of a message is listed:
...refuse the message
If you choose this option then incoming messages from blocklisted IP addresses with be refused during the SMTP session. Optionally, while refusing the message, SecurityGateway can use a customized response associated with the blocklisting host to indicate to the connecting server why the message is being refused, rather than using the traditional "user unknown" response. You can specify the response that will be associated with each DNSBL host by using the Message option below when creating the host's entry. You can configure SecurityGateway to send those responses instead of the traditional "user unknown" response by enabling the When rejecting a message return 'Message' rather than 'user unknown' option.
...quarantine the message
Choose this option if you wish to quarantine messages from DNS blocklisted IP addresses.
...accept the message
By default, messages from blocklisted addresses will be accepted and can then be flagged as spam, have a tag added to the subject line, and/or have their Message Scores adjusted. Using this option can allow the mail servers or users to filter the messages themselves based on the results of SecurityGateway's DNSBL queries.
...tag subject with [text]
Enable this option and specify some text if you wish to add something to the beginning of the message's Subject header when the message is coming from a blocklisted IP address. By default this option is disabled. If you enable this option then "*** SPAM ***" is added to the subject by default, but you can edit that text if you choose.
|
There are a number of other places within SecurityGateway where you can optionally add text to the Subject header. For example, the Message Scoring and URI Blocklists (URIBL) pages also have this option. When the designated text in these options matches, the text will only be added to a message's subject once even if that message meets the criteria under each option. If, however, you change the text in one or more places then that customized text will be added as well. So, for example, if you set the text under all three of these options to "*SPAM*" then that text would only be added to the subject once, regardless of whether or not it matched the criteria under more than one of the options. But, if you changed the DNSBL optional text to "*DNS blocklisted*" and the message matched the criteria under this option and the others then the subject would have both "*SPAM*" and "*DNS blocklisted*" added to it. |
...add [XX] points to message score
Using this option adds the designated number of points to a message's score when it is DNS blocklisted. This option is enabled by default and adds 5.0 points to the Message Score.
|
Even when SecurityGateway is configured to accept a message rather than refuse or quarantine it, it could still be refused or quarantined if its Message Score ends up being sufficiently high, depending on how you have configured the other Security options and the options on the Message Scoring page. |
Exclusions
Exclude messages from allowlisted senders
By default, messages are excluded from DNSBL queries if they originate from an allowlisted sender. Disable this option if you wish to query DNSBL hosts even when the sender is allowlisted.
Exclude messages from authenticated sessions
Use this option if you wish to exclude a message from DNSBL queries when the session on which it is arriving was authenticated. This option is enabled by default.
Exclude messages from domain mail servers
Messages coming from domain mail servers are always excluded from DNSBL host queries.
DNSBL Hosts (All domains)
New host:
To add a new host to the DNSBL Hosts list, enter the host that should be queried here (for example, zen.spamhaus.org), add a corresponding Message below, and then click Add.
Message:
This is the message corresponding to the New host entered above, which will be tracked into the log when a blocklisted IP address is found by SecurityGateway when querying that host, and which will be returned to the connecting server during the SMTP session if you are rejected messages from blocklisted addresses and have enabled the When rejecting a message return 'Message' rather than 'user unknown' option below. You can use the $IP$ macro in the message if you wish to include the blocklisted IP address in it.
Add
After entering the New host and corresponding Message, click this button to add it to the list of DNSBL Hosts.
Remove
If you want to remove an entry from the DNSBL Hosts list, select it and then click this button.
Stop DNSBL queries on first host which lists the connecting IP
Oftentimes there are multiple IP addresses contained in the headers of each message and multiple DNSBL Hosts that are queried for these addresses. By default SecurityGateway will stop querying the DNSBL Hosts for any given message as soon as a blocklisted IP address is found. Disable this option if you wish to continue performing queries for all addresses and all DNSBL Hosts even after a blocklisted address is found.
When rejecting a message return 'Message' rather than 'user unknown'
When you have configured the DNSBL options to "...reject the message" when a blocklisted IP address is found, by default the short Message listed above corresponding the the DNSBL Host will be tracked into the log files and returned to the connecting server during the SMTP session. Uncheck this option if you wish to use the standard "user unknown" message instead.
Advanced (All domains)
Check 'Received' headers within collected messages
By default, SecurityGateway only queries the DNSBL Hosts for the IP address of the host that is actually connected to it and attempting to deliver a message. Check this option if you wish to perform DNSBL queries for IP addresses found within the message's Received headers as well.
Check only this many 'Received' headers ( 0=all )
When you have configured SecurityGateway to check Received headers for blocklisted IP addresses, enter an amount into this option if you wish to limit the number of headers that will be checked. Use "0" if you wish to check all of them.
Skip this many of the most recent 'Received' headers ( 0=none )
When you have configured SecurityGateway to check Received headers for blocklisted IP addresses, enter an amount into this option if you wish to skip a certain number of the most recent headers. Depending upon your particular mail system's configuration, sometimes the most recent headers will contain IP addresses of trusted hosts or other computers on your network, which wouldn't need to be checked against any blocklist. Use "0" in this option if you do not wish to skip any of the most recent headers.
Skip this many of the oldest 'Received' headers ( 0=none )
When you have configured SecurityGateway to check Received headers for blocklisted IP addresses, enter an amount into this option if you wish to skip a certain number of the oldest headers. Frequently the oldest headers do not contain any relevant addresses to check since they are added by the sender's internal mail server or forged to look legitimate. Use "0" in this option if you do not wish to skip any of the oldest recent headers.
Exceptions - Domains
If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its DNS Blocklists settings, or click Reset to reset the domain's settings to the default Global values.
