Filtering Spam With MailEnable
Posted by Jay Sudowski (Import) on 08 March 2004 07:30 AM
Using MailEnable built-in RBL capabilities, it is possible to vastly reduce the amount of incoming junk mail to your server.
Below is a list of recommended RBL lists for use with MailEnable Pro. Note that even with this list of preferred RBLs, it's entirely possible that some legitimate email may be caught and rejected as spam. Unfortunately, false positives do occasionally happen. However, we do have direct experience with using the below RBLs over the past several years and have them found to currently be most reliable. We delete email from these RBLs on our own shared and reseller mail servers and have very, very few complaints.
- DSBL (Both List and Multihop) - Distributed Sender Boycott List. This is a 'trusted' portion of DSBL, that accepts submissions of open relays and any other unsecure servers that spammers can use to send spam.
- NJABLPROXIES - Lists open proxy servers.
- ORDB - Open Relay Database. Lists open relays. Has corresponding TXT records. Will notify servers when they get listed, and will automatically re-test periodically.
- RSL - visi.com Relay Stop List (RSL) is a list of mail servers that have relayed spam recently.
- SBL (SpamHaus) - Lists 'known spammers, spam gangs or spam support services'.
- SBL-XBL - SBL Exploits Block List. Lists IP addresses of exploited servers.
A huge number of RBLs exist. You can find a fairly comprehensive list of RBLs at http://www.declude.com/Junkmail/support/ip4r.htm. Using any of other RBLs, besides the ones recommended, may result in a high amount of false positives and is not recommended, unless you know exactly what you are doing!
We have configured a simple registry key file that contains all of the proper MailEnable settings. You can download this file to your server by downloading the file listed on the right side of this article. Once the file has been downloaded to your server (not your local computer!), double click on the file and then restart the MailEnable SMTP and MTA services.
Checking the Logs
You can check the MailEnable logs to determine if mail is not being delivered because it's getting caught and rejected by an RBL that has been configured. You will want to check the SMTP-Activity log for the particular day that the email in question was attempted to be sent. Once you have the log file open, simply search for the recipient or sender's email address. If the email address was blocked due to a RBL, you will see a log entry similar to the following:
03/08/04 00:03:25 SMTP-IN 722EB35FDE9F4362BABA8DC6FA3FAD.MAI 2216 18.104.22.168 RCPT RCPT TO: <[email protected]> 554 Recipient Denied. The IP address (22.214.171.124) was found in DSBL (List). See http://www.dsbl.org for more information.
If a mail server is on one of the above RBLs and you would still like to receive email from the particular server, you can whitelist the server in MailEnable. Whitelisting a mail server will force MailEnable to accept the email, even if the mail server is listed on any number of RBLs. Before whitelisting a server, you need to know the mail server IP. Using the above log example, the mail server IP would be 126.96.36.199. Once you have this information, please follow this procedure to setup the whitelist entry:
1) Open the MailEnable Administrator (Start -> Program Files -> Mail Enable -> MailEnable Administrator)
2) Go to Servers -> Localhost -> Connectors -> SMTP. Right click and go to properties
3) Click on the reverse DNS blacklisting table. Click on the "whitelist" button at the bottom of the screen.
4) If it is not enabled already, check "enable whitelist'. Now, add the mail server IP address you wish to whitelist.
Note that with MailEnable it's not possible to whitelist email based on a particular email address - you must whitelist the mail server IP address that is actually sending the mail to your server.