zimbra dns-bl

http://wiki.zimbra.com/wiki/Configuring_and_Monitoring_Postfix_DNSBL

configuring and Monitoring Postfix DNSBL

Enter zmprov gacf | grep zimbraMtaRestriction, to see what RBLs are set.

zmprov mcf +zimbraMtaRestriction “reject_rbl_client zen.spamhaus.org”

Available DNSBLs

reject_rbl_client cbl.abuseat.org
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client sbl.spamhaus.org

Monitoring Logs for DNSBL bounces

dnsblcount is a perl script that checks your Postfix mail log for for RBL
rejections. It produces a report tallying rejections per RBL.

Install dnsblcount

Download and install dnsblcount to your /usr/local/bin folder.
Example Output

[zimbra@zimbra01 ~]$ /usr/local/bin/dnsblcount /var/log/zimbra.log
bl.spamcop.net               233
dnsbl.sorbs.net              112
sbl.spamhaus.org               4
=================================
Total DNSBL rejections:       349

The script

For posterity, the dnsblcount script as of 11/3/2007 (but do see if there’s
updates here http://www.joreybump.com/code/dnsblcount/index.html)

#!/usr/bin/perl

# dnsblcount
# version 20061111
# (c) 2004, 2005, 2006 Jorey Bump

# Description:
# Counts DNSBL rejections in Postfix log

# Usage:
# dnsblcount /path/to/maillog
# dnsblcount /path/to/maillog1 /path/to/maillog2
# dnsblcount /path/to/maillogs*
# grep “search string” /path/to/maillog | dnsblcount

# Sample crontab:
# 30 5 * * *    /usr/local/sbin/dnsblcount /var/log/maillog | mail -s
# “$HOSTNAME – DNSBL Count” postmaster

# Sample Postfix 1.1 log lines:
# Mar  6 06:52:03 mail postfix/smtpd[11873]: reject: RCPT from
# unknown[208.61.231.102]: 554 Service unavailable; [208.61.231.102] blocked
# using bl.spamcop.net, reason: Blocked – see
# http://www.spamcop.net/bl.shtml?208.61.231.102; from=<bob@example.net>
# to=<rob@example.com>
# Mar 13 05:47:51 mail postfix/smtpd[28269]: reject: RCPT from
# mail68.example.info[66.63.191.68]: 554 Service unavailable; [66.63.191.68]
# blocked using sbl.spamhaus.org, reason:
# http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12057; from=<bob@example.net>
# to=<rob@example.com>

# Sample Postfix 2.1 log line:
# Apr 17 13:49:07 mail postfix/smtpd[18143]: NOQUEUE: reject: RCPT from
# c-7209e055.1111-2-64736c10.cust.bredbandsbolaget.se[85.224.9.114]: 554
# Service unavailable; Client host [85.224.9.114] blocked using
# bl.spamcop.net; Blocked – see http://www.spamcop.net/bl.shtml?85.224.9.114;
# from=<haqyhakox@example.com> to=<bob@example.net> proto=ESMTP
# helo=<c-7209e055.1111-2-64736c10.cust.example.com>

# Sample postfix 2.3 log line:
# Dec 25 05:41:28 mail postfix/smtpd[14586]: NOQUEUE: reject: RCPT from
# unknown[202.43.175.151]: 554 5.7.1 Service unavailable; Client host
# [202.43.175.151] blocked using bl.spamcop.net; Blocked – see
# http://www.spamcop.net/bl.shtml?202.43.175.151;
# from=<iglkjlpioed@example.com> to=<bob@example.net> proto=SMTP
# helo=<mail.example.com>

# Begin:
use strict;

my ( $dnsbl, $dnsbltotal, $ip, $length, $line, $max,
%dnsblcount
);

my $rule = “=”;
my $totstr = “Total DNSBL rejections:”;
$max = length($totstr);

# read line from stdin
while ($line = <>) {
if ($line =~ /(\[.*\]) blocked using ([^\s]*)(,|;) /) {
$ip = $1;
$dnsbl = $2;
$dnsblcount{$dnsbl} += 1;
$dnsbltotal += 1;
}
}

foreach $dnsbl (sort keys %dnsblcount) {
$length = length($dnsbl);
if ( $length > $max ) {
$max = $length
}
}

foreach $dnsbl (sort { $dnsblcount{$b} <=> $dnsblcount{$a} }
keys(%dnsblcount)) {
printf “%-${max}s  %7s\n”, $dnsbl, $dnsblcount{$dnsbl};
}

foreach (1..($max + 10)) {
printf “%s”, $rule;
}

print “\n”;

printf “%-${max}s  %8s\n”, $totstr, $dnsbltotal;

1;

Advertisements

About bpn4it

Feel Free in Linux. Bipin Patel bpn4it@gmail.com Ahmadabad, Gujarat, India
This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s