This article applies to:
- MailMarshal SPE
- Spamhaus DNSBL/Reputation Service
Question:
- How do I set up a Spamhaus data feed for use with MailMarshal SPE?
Background:
Spamhaus requires use of the paid data feed service for service providers who are reselling email filtering service. For details, see the Spamhaus usage FAQ.
Procedure:
- Sign up for the service with Spamhaus. You can test out the service free of charge for 30 days. Estimate the cost and apply online with the Spamhaus price calculator.
- Designate a local DNS server to host the local Spamhaus queries. This server will receive the updates directly from Spamhaus on a scheduled basis, typically every 20 or 30 minutes.
- Spamhaus will provide instructions for synchronization upon successful application for the service.
Once the Spamhaus Data Feed has been set up, and the DNS setup is complete, perform some manual test queries to ensure it works correctly.
Instructions on how to perform test queries against Spamhaus are provided in Trustwave Knowledgebase article Q10737. In this case, we need to perform the query against the new DNS zone using the standard test point.
Note: SPE does not allow Reputation Service domains to be well formed (only existing TLDs are allowed). Your lookup zone must have a non-existent, but well formed name.
Your NSLookup test query could look like this:
> set type=txt
> 2.0.0.127.zen.dnsbl.doesntexist.com
Server: mydnsserver.mydomain.com
Address: 10.164.0.1
Non-authoritative answer:
2.0.0.127.zen.dnsbl.doesntexist.com text ="http://www.spamhaus.org/SBL/sbl.lasso?query=SBL233"
2.0.0.127.zen.dnsbl.doesntexist.com text ="http://www.spamhaus.org/query/bl?ip=127.0.0.2"
Setting up Spamhaus in MailMarshal SPE
You must set up the Spamhaus reputation service for each array.
- In the Admin Console, expand Server Configuration > Arrays.
- Select and array, then click Reputation Service. Click New.
- Select Generic Reputation Service then click Next.
- Enter a friendly Name. Enter the Domain (such as zen.dnsbl.doesntexist.com). Click Finish.
How to query the local Spamhaus DNSBL with MailMarshal SPE
There are two ways to perform DNSBL queries in MailMarshal:
- At SMTP connection time using the MailMarshal Receiver (Connection Rules).
- At message processing time using Category Scripts in the MailMarshal Engine (Content Rules).
To use the new Spamhaus zone with a Connection Rule:
- In Array Policy, set up a Connection Rule with the condition "Where sender's IP is listed by reputation service." Select the service you created.
To use the new Spamhaus zone with a Content Analysis Rule:
- Create a new Category Script (a new XML file based on your existing Spamhaus.xml file), which will use the new Spamhaus DNS zone.
- In the new file, modify the Spamhaus Eval to use the new DNS Zone. Your Evals should look something like this, depending on your requirements:
<Eval Name="SpamhausZEN_PBL" Enabled="true" Score="60" Type="DNSLookup"
Description="IP Listed on Spamhaus ZEN (PBL)" LookUpRetry="1" Data="zen.dnsbl.doesntexist.com" ProcessFirstIPs="1"
Expect="127.0.0.10-127.0.0.11" Except="DNSBlacklistExclusions" />
<Eval Name="SpamhausZEN_SBLXBL" Enabled="true" Score="60" Type="DNSLookup"
Description="IP Listed on Spamhaus ZEN (SBL or XBL)" LookUpRetry="1" Data="zen.dnsbl.doesntexist.com"
Expect="127.0.0.2-127.0.0.8" Except="DNSBlacklistExclusions" />
- This file must be placed in the config folder on all Array Managers in the SPE configuration.
- After ensuring the file is present on the arrays, force a refresh of the custom category scripts in SPE for each array (in the Admin Console, click Arrays-> (select an array) ->Advanced->General->Update now)
- Once the arrays are up to date, you will be able to set up a content analysis rule with the condition "Where message is categorized as..." and select the category you created.
Information on configuring MailMarshal to use the Zen blacklist is provided in Trustwave Knowledgebase article Q11541.
Notes:
For tips on minimizing Spamhaus query usage, see Trustwave Knowledgebase article Q12009.