Stoiko Ivanov: /* Introduction */

2020-09-10T07:29:36Z

Introduction

← Older revision		Revision as of 07:29, 10 September 2020
Line 5:		Line 5:
	Usually there is a limit on the number of queries you can run against their service, before you get blocked.		Usually there is a limit on the number of queries you can run against their service, before you get blocked.

	The very effective DNSBL [http://~~urbil~~.com uribl] indicates that you have reached the rate-limit by creating SpamAssassin hits on <code>URIBL_BLOCKED</code>, which show up in your mail logs.		The very effective DNSBL [http://uribl.com uribl] indicates that you have reached the rate-limit by creating SpamAssassin hits on <code>URIBL_BLOCKED</code>, which show up in your mail logs.

	Reaching the limit means your Proxmox Mail Gateway will not get correct answers from uribl, which reduces the spamdetection accuracy dramatically.		Reaching the limit means your Proxmox Mail Gateway will not get correct answers from uribl, which reduces the spamdetection accuracy dramatically.

Martin: page created

2020-06-03T11:22:45Z

page created

New page

== Introduction ==

Certain DNSBLs are run as a "free for most" model, meaning that most users can use their service without payment.

Usually there is a limit on the number of queries you can run against their service, before you get blocked.

The very effective DNSBL [http://urbil.com uribl] indicates that you have reached the rate-limit by creating SpamAssassin hits on <code>URIBL_BLOCKED</code>, which show up in your mail logs.

Reaching the limit means your Proxmox Mail Gateway will not get correct answers from uribl, which reduces the spamdetection accuracy dramatically.

The first mitigation you should consider is making sure that you have a working and correct DNS setup for your Proxmox Mail Gateway, for example by
installing a [https://pmg.proxmox.com/wiki/index.php/DNS_server_on_Proxmox_Mail_Gateway dedicated recursive DNS server].

Should you still reach the query limit, you should consider subscribing to a dedicated [http://uribl.com/datafeed.shtml datafeed via DNS], which
removes the query limit for you, and is priced based on your number of queries.

Once you have subscribed you will receive an email with detailed instructions, which should give you a good overview of the features offered
by the datafeed service.

This HOWTO provides the necessary steps to integrate your custom DNS datafeed in your Promox Mail Gateway installation, based off the
[http://uribl.com/datafeed_dns.txt configuration howto from uribl.com].

Depending on whether you have a dedicated DNS server used by your Proxmox Mail Gateway or not you can follow two
ways to use your custom datafeed.

== Configuration with a dedicated DNS Server ==
If you have one or two dedicated IP Networks under your control, where your DNS Servers are located, you can simply
[https://admin.uribl.com/?section=lookup;method=dologin login to uribl] and add those 2 networks as registered with your datafeed.

Your DNS requests will come from one of the whitelisted IPs and will not be blocked due to ratelimiting

''' This method is only applicable if you run a recursive DNS server, where you know who is allowed to ask queries there.'''

Do not whitelist shared DNS servers provided by your ISP, or globally (8.8.8.8, 9.9.9.9, 1.1.1.1) - since else all requests
being relayed via those IPs will be billed to your account.

== Configuration by adapting SpamAssassin Configuration ==

If your setup needs to use a shared DNS server and you cannot control who can use it for URIBL queries you will have
to configure SpamAssassin within your Proxmox Mail Gateway to use the custom query host provided with your datafeed.

The correct way to change the [https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#_custom_spamassassin_configuration SpamAssassin configuration in a Proxmox Mail Gateway installation] is by using the
[https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine templating system].

Just add the adapted example configuration provided by uribl to your <code>/etc/mail/spamassassin/custom.cf</code> - this will also ensure that it gets synchronized to all nodes, if you have a clustered setup.

Make sure to replace <code>_CUSTID</code> by your custom datafeed id, which you received in the mail from uribl.com

The following minimal config enables your custom datafeed for the regular DNSBLs (URIBL_BLACK, URIBL_GREY, URIBL_RED):

<nowiki>
urirhssub URIBL_BLOCKED _CUSTID.df.uribl.com. A 1
urirhssub URIBL_BLACK _CUSTID.df.uribl.com. A 2
urirhssub URIBL_GREY _CUSTID.df.uribl.com. A 4
urirhssub URIBL_RED _CUSTID.df.uribl.com. A 8
</nowiki>

As suggested in the uribl guide you can check the workings by running: <code> echo -e "Subject: test\n\nhttp://uribl.asia\n\n" | spamassassin -D 2>&1 | grep URIBL_BLACK</code>
Your custom datafeed id should be present in the output.

Should you need further help, consider getting a [https://www.proxmox.com/en/proxmox-mail-gateway/pricing enterprise support subscription]

URIBL Datafeed over DNS - Revision history

Stoiko Ivanov: /* Introduction */

Martin: page created