This article applies to:
- Trustwave MailMarshal (SEG)
- Spamhaus DNSBL/Reputation Service
Question:
- How do I set up a Spamhaus data feed for use with MailMarshal?
Background:
Spamhaus provides free DNSBL service for limited numbers of queries a day.
To speed up the query results, you can subscribe to a data feed that provides a local copy of the SpamHaus database.
You may also need to have a local feed if you exceed the free query limit, or if you are reselling email filtering service. For details, see the Spamhaus usage FAQ.
Procedure:
If your needs are such that a Data Feed service is required then you need to go through the following steps:
- Sign up for the service with Spamhaus. You can test out the service free of charge for 30 days.
- Designate a local DNS server to host the local Spamhaus queries. This server will receive the updates directly from Spamhaus on a scheduled basis, typically every 20 or 30 minutes.
- Spamhaus will provide instructions for synchronization upon successful application for the service.
Once the Spamhaus Data Feed has been set up, and the DNS setup is complete, perform some manual test queries to ensure it works correctly.
Instructions on how to perform test queries against Spamhaus are provided in Trustwave Knowledgebase article Q10737. In this case, we need to perform the query against the new DNS zone using the standard test point. Your NSLookup test query could look like this:
> set type=txt
> 2.0.0.127.zen.dnsbl
Server: mydnsserver.mydomain.com
Address: 10.164.0.1
Non-authoritative answer:
2.0.0.127.zen.dnsbl text ="http://www.spamhaus.org/SBL/sbl.lasso?query=SBL233"
2.0.0.127.zen.dnsbl text ="http://www.spamhaus.org/query/bl?ip=127.0.0.2"
How to query the local Spamhaus DNSBL with MailMarshal
There are two ways to perform DNSBL queries in MailMarshal:
- At SMTP connection time using the MailMarshal Receiver (Connection Rules).
- At message processing time using Category Scripts in the MailMarshal Engine (Content Rules).
To use the new Spamhaus zone with a Connection Rule:
- In the Configurator, expand Policy Elements | Reputation Services.
- Edit your existing or create a new Spamhaus Reputation Service. If using the Zen blocklist, add zen.dnsbl in the Domain Name field.
- Ensure that a Connection Rule exists which uses this Reputation Service.
To use the new Spamhaus zone with a Content Analysis Rule:
- Create a new Category Script (a new XML file based on your existing Spamhaus.xml file), which will use the new Spamhaus DNS zone. By default, these files will be located in the Config folder under MailMarshal install folder.
- In the new file, modify the Spamhaus Eval to use the new DNS Zone. Your Evals should look something like this, depending on your requirements:
<Eval Name="SpamhausZEN_PBL" Enabled="true" Score="60" Type="DNSLookup"
Description="IP Listed on Spamhaus ZEN (PBL)" LookUpRetry="1" Data="zen.dnsbl" ProcessFirstIPs="1"
Expect="127.0.0.10-127.0.0.11" Except="DNSBlacklistExclusions" />
<Eval Name="SpamhausZEN_SBLXBL" Enabled="true" Score="60" Type="DNSLookup"
Description="IP Listed on Spamhaus ZEN (SBL or XBL)" LookUpRetry="1" Data="zen.dnsbl"
Expect="127.0.0.2-127.0.0.8" Except="DNSBlacklistExclusions" />
Information on configuring MailMarshal to use the Zen blocklist is provided in Trustwave Knowledgebase article Q11541.
Notes:
For tips on minimizing Spamhaus query usage, see Trustwave Knowledgebase article Q12009.