URIBL Datafeed over DNS

From Proxmox Mail Gateway
Revision as of 07:29, 10 September 2020 by Stoiko Ivanov (talk | contribs) (→‎Introduction)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

Certain DNSBLs are run as a "free for most" model, meaning that most users can use their service without payment.

Usually there is a limit on the number of queries you can run against their service, before you get blocked.

The very effective DNSBL uribl indicates that you have reached the rate-limit by creating SpamAssassin hits on URIBL_BLOCKED, which show up in your mail logs.

Reaching the limit means your Proxmox Mail Gateway will not get correct answers from uribl, which reduces the spamdetection accuracy dramatically.

The first mitigation you should consider is making sure that you have a working and correct DNS setup for your Proxmox Mail Gateway, for example by installing a dedicated recursive DNS server.

Should you still reach the query limit, you should consider subscribing to a dedicated datafeed via DNS, which removes the query limit for you, and is priced based on your number of queries.

Once you have subscribed you will receive an email with detailed instructions, which should give you a good overview of the features offered by the datafeed service.

This HOWTO provides the necessary steps to integrate your custom DNS datafeed in your Promox Mail Gateway installation, based off the configuration howto from uribl.com.

Depending on whether you have a dedicated DNS server used by your Proxmox Mail Gateway or not you can follow two ways to use your custom datafeed.

Configuration with a dedicated DNS Server

If you have one or two dedicated IP Networks under your control, where your DNS Servers are located, you can simply login to uribl and add those 2 networks as registered with your datafeed.

Your DNS requests will come from one of the whitelisted IPs and will not be blocked due to ratelimiting

This method is only applicable if you run a recursive DNS server, where you know who is allowed to ask queries there.

Do not whitelist shared DNS servers provided by your ISP, or globally (8.8.8.8, 9.9.9.9, 1.1.1.1) - since else all requests being relayed via those IPs will be billed to your account.

Configuration by adapting SpamAssassin Configuration

If your setup needs to use a shared DNS server and you cannot control who can use it for URIBL queries you will have to configure SpamAssassin within your Proxmox Mail Gateway to use the custom query host provided with your datafeed.

The correct way to change the SpamAssassin configuration in a Proxmox Mail Gateway installation is by using the templating system.

Just add the adapted example configuration provided by uribl to your /etc/mail/spamassassin/custom.cf - this will also ensure that it gets synchronized to all nodes, if you have a clustered setup.

Make sure to replace _CUSTID by your custom datafeed id, which you received in the mail from uribl.com

The following minimal config enables your custom datafeed for the regular DNSBLs (URIBL_BLACK, URIBL_GREY, URIBL_RED): 

urirhssub       URIBL_BLOCKED     _CUSTID.df.uribl.com.        A   1
urirhssub       URIBL_BLACK       _CUSTID.df.uribl.com.        A   2
urirhssub       URIBL_GREY        _CUSTID.df.uribl.com.        A   4
urirhssub       URIBL_RED         _CUSTID.df.uribl.com.        A   8

As suggested in the uribl guide you can check the workings by running: echo -e "Subject: test\n\nhttp://uribl.asia\n\n" | spamassassin -D 2>&1 | grep URIBL_BLACK Your custom datafeed id should be present in the output.


Should you need further help, consider getting a enterprise support subscription

Retrieved from "https://pmg.proxmox.com/wiki/index.php?title=URIBL_Datafeed_over_DNS&oldid=57"