One of the best ways to fight spam is to use RBL's. RBL's are lists of servers that usually you don't want to talk to, sometimes they are lists of servers that are open relays or they are lists of servers that are proxies or maybe lists of servers that are dynamic ip's. There are many different types of RBL's out there so you might want to do some investigation before you deicde which ones to use. The idea is that when a server connects to your server SurgeMail will then check the RBL to see if the connecting server is listed, if it is then we can simply drop their connection or we can stamp the message to say its listed on a RBL and increase the ASPAM score. Using RBL's can dramatically decrease the amount of SPAM coming into your system and we highly recommend using them.
Here are some RBL's you can use. Please note that you should double check with their website to make sure these are still operating.
Name of RBL | What to enter in SurgeMail (name section) |
Response Code | General Information on RBL. |
---|---|---|---|
spamhaus | sbl.spamhaus.org | 127.0.0.2 |
Very well known RBL, well recommended. |
spamhaus | xbl.spamhaus.org | 127.0.0.4-6 |
Illegal 3rd party exploits, including proxies, worms and
trojan exploits |
spamhaus | zen.spamhaus.org | 127.0.0.2 127.0.0.4|5|6 127.0.0.8 |
If you want to use both SBL
and XBL
and the new PBL
then you can just enter this into SurgeMail. |
Domain Name System Real-time Black List (DNSRBL) | dun.dnsrbl.net | 127.0.0.2-9 | List of IP addresses of machines that are either direct SPAM sources or Dial-up (dynamic address) pools which would never be a source of non-spam messages. |
RFC Ignorant (Whois) | whois.rfc-ignorant.org | 127.0.0.7 or 127.0.0.5 |
List of IP's that do not comply with RFC's. |
Spamcop | bl.spamcop.net |
There are plenty more out there, but the above ones are well
known and will probably do the trick
To add them into SurgeMail, click Spam control, then scrol down in
the right frame until you find RBL settings.
You will need to click on the advanced mode link to view all RBL
settings.
Once you have clicked on Edit RBL's
So under the name section you add the domain of the rbl (eg
bl.spamcop.net), then what action you would like to take (deny,
accept, or stamp) and then in the stamp section you can add the
stamp.
deny = connection is banned and sending server is sent the stamp
message.
stamp = message will be allowed through but it will be stamped
with stamp you set. The stamp is a message header and should
normally start with X- eg X-RBL: Listed in SPAMCOP (||remoteip||)
The RBL's are processed in the order they are listed and if the
sending server is found on one of the RBL's the rest will not be
checked to save processing power.
There are servers that you might not want to ever risk being
denied, sometimes servers can accidentally get themselves on RBL's
or the RBL's can add servers by mistake at times. In the first
screen shot you can see the third option(exception list of IP's)
allows you to add IP's that will never be checked by SurgeMail.
If you click on the advanced mode in the web admin you can look for (do late disconnect - g_orbs_late) This means that the your users are allowed to authenticate first and then the RBL checks are done, this means that if your users are on a RBL they will still be able to send messages through your server. This can also be used with the setting g_spf_skip_to which allows you to add recipients that will be bypassed for RBL checks, so you might add postmaster in here as everyone should be able to send to postmaster.
For those that prefer to edit surgemail.ini directly here are the settings and some examples
g_orbs_list name="zen.spamhaus.org" action="deny" stamp="Your ip ||remoteip|| is listed in the spamhaus RBL http://www.spamhaus.org" g_orbs_list name="bl.spamcop.net" action="stamp" stamp="Listed in SPAMCOP"
This is like an RBL but some responses are good, and some are bad. So you use a rule like this:
g_orbs_list name="hostkarma.junkemailfilter.com" action="stamp" stamp="127.0.0.1=hostkarma_white:accept~127.0.0.2=http://ipadmin.junkemailfilter.com/remove.php:deny~127.0.0.3=hostkarma_yellow~127.0.0.4=hostkarma_brown~127.0.0.5=hostkarma_nobl~127.0.1.1=hostkarma_quitok~127.0.1.2=hostkarma_noquit"
Note:
g_relay_allow_ip "ip"
allows users to bypass RBL checks, this behaviour can be stopped
by using the setting g_orbs_force
"true"
Instead of just outright denying, you can set to stamp mode and then use those stamps to add scoring to ASPAM. The argument for using this method is it gives the end user more control and also adds a bit more reliability as you can set SurgeMail so it will only reject messages if found in a certain number of RBL's instead of just one.
So if we have:
g_orbs_list name="bl.spamcop.net" action="stamp" stamp="Listed in SPAMCOP" g_orbs_list name="zen.spamhaus.org" action="stamp" stamp="Listed in zen.spamhaus.org"
Then we would edit sf_mfilter_local.txt in the surgemail directory and add this to it.
if(isin("X-ORBS-Stamp", "Listed in SPAMCOP")) then call feature_manual(.98, "Senders ip was found in SPAMcop RBL") end if if(isin("X-ORBS-Stamp", "Listed in zen.spamhaus.org")) then call feature_manual(.98, "Senders ip was found in zen.spamhaus.org RBL") end if
The header that is always added is "X-ORBS-Stamp" so you always check against that.
The above will add 6 points if the senders ip is found in spamcop RBL. By default when SurgeMail finds a sender's ip in a RBL it doesn't bother checking the rest of the RBL's you have listed. In this situation it can be useful to make SurgeMail keep checking the other RBL's so that if the sender is found on more than one RBL it will increase the scoring and lessen the chances of a false positive and increase the chances that the message will be detected as SPAM due to high scoring. You can make SurgeMail do this with the following setting.
g_orbs_check_all "true"
So with this setting, if the above sender is found in both
spamcop and spamhaus the message will have a total score of 12
added to it.