출처 : http://blog.naver.com/skimms/1000870816  플그림이님


 - Qmail 일 경우

var/qmail/rc.smtp(메일 서버 run 파일)
= 대체적으로 /var/qmail/supervise/qmail-smtpd 안의 run.sh

#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec /usr/local/bin/softlimit -m 5000000 \
/usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd -b -r spamlist.or.kr /var/qmail/bin/qmail-smtpd 2>&1

 

 

- Sendmail 일 경우

 

첫번째 방법: sendmail(8.9.x) - sendmail.cf 수정

# DNS based IP address spam list spamlist.or.kr
R$* $: $&{client_addr}
R::ffff:$-.$-.$-.$- $: <?>$(host $4.$3.$2.$1.spamlist.or.kr. $: OK $)
R$-.$-.$-.$- $: <?>$(host $4.$3.$2.$1.spamlist.or.kr. $: OK $)
R<?>OK $: OK
R<?>$+ $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused by kisarbl site kisarbl.or.kr”


두번째 방법 : sendmail(8.10.x) - sendmail.mc 추가

 

FEATURE(dnsbl, `blackholes.mail-abuse.org', `Rejected - see http://www.mail-abuse.org/rbl/')dnl
FEATURE(dnsbl, `spamlist.or.kr', `Rejected - see http://www.kisarbl.or.kr/')dnl 

 

 

 


 

 출처 : http://systemmania.tistory.com/184 

 

 

센드메일에서 RBL를 이용해서 spam ip 막는 방법입니다..

대표로 cbl.abuseat.org 랑 국내 kisa RBL 사이트를 적용하면 그마나 스팸아이피를 차단할수가 있습니다.

설정 방법

[dolmuri@ mail] vi /etc/mail/sendmail.mc

FEATURE(`dnsbl', `cbl.abuseat.org', `550 Message from $&{client_addr} rejected as spam - see http://cbl.abuseat.org')dnl
FEATURE(dnsbl, `spamlist.or.kr', `Rejected - see http://www.kisarbl.or.kr/')dnl

[dolmuri@ mail] m4 /etc/mail/sendmail.mc  > /etc/mail/sendmail.cf

추가된 룰을 확인해본다.
[dolmuri@ mail] vi /etc/mail/sendmail.cf


## map for DNS based blacklist lookups
Kdnsbl host -T<TMP>


# DNS based IP address spam list cbl.abuseat.org
R$* $: $&{client_addr}
R$-.$-.$-.$- $: <?> $(dnsbl $4.$3.$2.$1.cbl.abuseat.org. $: OK $)
R<?>OK $: OKSOFAR
R<?>$+<TMP> $: TMPOK
R<?>$+ $#error $@ 5.7.1 $: 550 Message from $&{client_addr} rejected as spam - see http://cbl.abuseat.org

# DNS based IP address spam list spamlist.or.kr
R$* $: $&{client_addr}
R$-.$-.$-.$- $: <?> $(dnsbl $4.$3.$2.$1.spamlist.or.kr. $: OK $)
R<?>OK $: OKSOFAR
R<?>$+<TMP> $: TMPOK
R<?>$+ $#error $@ 5.7.1 $: Rejected - see http://www.kisarbl.or.kr/

'Server > Mail Server' 카테고리의 다른 글

[SendMail] savemail panic in sendmail  (0) 2008.09.22
메일서버 장애 해결하기  (0) 2008.09.22
DNSBL 등록 방법  (0) 2008.09.22
SORBS DNSBL 등록 방법  (0) 2008.09.22
spamcop.net 등록방법  (0) 2008.09.22
bl.csma.biz 등록 방법  (0) 2008.09.22
Junk Email Filter 등록 방법  (0) 2008.09.22
KISA-RBL을 이용하는 방법  (0) 2008.09.22

DNSBL 등록 방법

Posted 2008. 9. 22. 23:41


출처 :  http://www.spamhaus.org

 



How to use the SBL

The Spamhaus Block List ("SBL") can be used by almost all modern mail servers, by setting your mail server's anti-spam DNSBL feature (sometimes called "Blacklist DNS Servers" or "RBL servers") to query sbl.spamhaus.org.

Use of the SBL is free for individuals operating small mail servers as long as your email traffic is low. Commercial users, corporate networks and ISPs need to purchase a yearly subscription to use the service: see DataFeed.

For information on how to configure your mail server to use sbl.spamhaus.org please refer to your mail server documentation/manuals or ask your mail server developer. With so many different mail servers in use we can not offer technical help with setting up the SBL.

DNSBL Queries

DNSBL Zone to Query Returns Contains
sbl.spamhaus.org 127.0.0.2 Direct UBE sources, verified spam services and ROKSO spammers
xbl.spamhaus.org 127.0.0.4-6 Illegal 3rd party exploits, including proxies, worms and trojan exploits
SBL+XBL
sbl-xbl.spamhaus.org 127.0.0.2-6 Combined zone to reduce queries
Includes both SBL and XBL zones

We recommend you use sbl.spamhaus.org together with xbl.spamhaus.org, as the SBL and XBL block different spam sources. To save you having to query two separate DNSBL zones there is a special combined "SBL+XBL" zone, sbl-xbl.spamhaus.org, which contains the complete SBL and XBL data (we recommend you use this combined zone), to use it, simply set your mail server's DNSBL check to query sbl-xbl.spamhaus.org only.

Not just for connection queries...

In addition to checking the IPs of the connecting servers against the SBL, you can significantly boost your spam catch rate by also scanning the email body of any mails that get past SBL/XBL looking for host names of URLs (web sites) advertised in spams, and checking the IPs of those hosts, and their names servers, against the SBL. This is because the SBL lists the IPs of spammers' websites in addition to their mail servers. This feature ("URIBL_SBL") is available in SpamAssassin 3.0, and code to do this is also available as a sendmail milter from here.

Data Feed: Zone Transfers (rsync) for Corporate networks & ISPs

For corporate users and
Internet Service Providers Spamhaus provides a dedicated Data Feed service which transfers the Spamhaus DNSBL zones to a local DNS server on your network and keeps the zones synchronised every 30 minutes. To submit an application for this service see: Data Feed Application Form.

Testing your SBL Setup

Once you have set up your mail server to use sbl.spamhaus.org, you can test to see if the SBL blocking is working by sending an email (any email) to: nelson-sbl-test@crynwr.com (you must send the email from the mail server which you wish to test). The Crynwr system robot will answer you to tell you if your server is correctly blocking SBL-listed IPs or not.

'Server > Mail Server' 카테고리의 다른 글

[SendMail] savemail panic in sendmail  (0) 2008.09.22
메일서버 장애 해결하기  (0) 2008.09.22
KISA-RBL을 Unix 계열에서 등록 방법  (0) 2008.09.22
SORBS DNSBL 등록 방법  (0) 2008.09.22
spamcop.net 등록방법  (0) 2008.09.22
bl.csma.biz 등록 방법  (0) 2008.09.22
Junk Email Filter 등록 방법  (0) 2008.09.22
KISA-RBL을 이용하는 방법  (0) 2008.09.22

SORBS DNSBL 등록 방법

Posted 2008. 9. 22. 23:38

[Zones Available]

     dnsbl.sorbs.net - Aggregate zone (contains all the following DNS zones except spam.dnsbl.sorbs.net)
       http.dnsbl.sorbs.net - List of Open HTTP Proxy Servers.
      socks.dnsbl.sorbs.net - List of Open SOCKS Proxy Servers.
       misc.dnsbl.sorbs.net - List of open Proxy Servers not listed in the SOCKS or HTTP lists.
       smtp.dnsbl.sorbs.net - List of Open SMTP relay servers.
 web.dnsbl.sorbs.net - List of web (WWW) servers which have spammer abusable vulnerabilities (e.g. FormMail scripts)
         Note: This zone now includes non-webserver IP addresses that have abusable vulnerabilities.
   new.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last 48 hours.
recent.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last 28 days (includes new.spam.dnsbl.sorbs.net).
   old.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last
         year. (includes recent.spam.dnsbl.sorbs.net).
       spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS at any time, and not subsequently resolving the matter and/or requesting a delisting. (Includes both old.spam.dnsbl.sorbs.net and escalations.dnsbl.sorbs.net).
escalations.dnsbl.sorbs.net - This zone contains netblocks of spam supporting service providers, including those who provide websites, DNS or drop boxes for a spammer.  Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be added to the list.
      block.dnsbl.sorbs.net - List of hosts demanding that they never be tested by SORBS.
     zombie.dnsbl.sorbs.net - List of networks hijacked from their original owners, some of which have already used for spamming.
 dul.dnsbl.sorbs.net - Dynamic IP Address ranges (NOT a Dial Up list!)
     rhsbl.sorbs.net - Aggregate zone (contains all RHS zones)
    badconf.rhsbl.sorbs.net - List of domain names where the A or MX records point to bad address space.
     nomail.rhsbl.sorbs.net - List of domain names where the owners have indicated no email should ever originate from these domains.


Note: The web.dnsbl.sorbs.net domain includes infected Nimba and Code Red hosts, as well as hosts that contain FormMail scripts, or other known exploits that allow a remote user to use that host to sent/relay spam. Exploits that include guessing passwords will not be included. Where possible, servers will not be exploited in the process of testing.


[SORBS Return Codes]
SORBS returns 127.0.0.x codes to indicate which database the test result was obtained from. If you use the aggregate zone, the return codes will still reflect the specific database(s) from which the results have been obtained.

e.g. If 4.3.2.1.socks.dnsbl.sorbs.net returns 127.0.0.3

then

4.3.2.1.dnsbl.sorbs.net would also return 127.0.0.3.

If an IP address appears in more than one database and you query using the aggregate zone, all applicable codes are returned.

e.g. If in addition, 4.3.2.1.http.dnsbl.sorbs.net returns 127.0.0.2

then 4.3.2.1.dnsbl.sorbs.net would return both 127.0.0.2 and 127.0.0.3

Return codes are:

   http.dnsbl.sorbs.net    127.0.0.2
  socks.dnsbl.sorbs.net    127.0.0.3
   misc.dnsbl.sorbs.net    127.0.0.4
   smtp.dnsbl.sorbs.net    127.0.0.5
      new.spam.dnsbl.sorbs.net    127.0.0.6
   recent.spam.dnsbl.sorbs.net    127.0.0.6
      old.spam.dnsbl.sorbs.net    127.0.0.6
   spam.dnsbl.sorbs.net    127.0.0.6
   escalations.dnsbl.sorbs.net    127.0.0.6
    web.dnsbl.sorbs.net    127.0.0.7
  block.dnsbl.sorbs.net    127.0.0.8
 zombie.dnsbl.sorbs.net    127.0.0.9
    dul.dnsbl.sorbs.net    127.0.0.10
       badconf.rhsbl.sorbs.net    127.0.0.11
 nomail.rhsbl.sorbs.net    127.0.0.12


[Additional Aggregate Zones]
SORBS also provides other aggregate zones as follows:

        Zone Name  Zones Included
        =========  ==============

  dnsbl.sorbs.net   http.dnsbl.sorbs.net
     socks.dnsbl.sorbs.net
      misc.dnsbl.sorbs.net
      smtp.dnsbl.sorbs.net
         new.spam.dnsbl.sorbs.net
      recent.spam.dnsbl.sorbs.net
      escalations.dnsbl.sorbs.net
       web.dnsbl.sorbs.net
       dul.dnsbl.sorbs.net
     block.dnsbl.sorbs.net
    zombie.dnsbl.sorbs.net

    safe.dnsbl.sorbs.net   http.dnsbl.sorbs.net
     socks.dnsbl.sorbs.net
      misc.dnsbl.sorbs.net
      smtp.dnsbl.sorbs.net
         new.spam.dnsbl.sorbs.net
       web.dnsbl.sorbs.net
     block.dnsbl.sorbs.net
    zombie.dnsbl.sorbs.net
       dul.dnsbl.sorbs.net

problems.dnsbl.sorbs.net   http.dnsbl.sorbs.net
     socks.dnsbl.sorbs.net
      misc.dnsbl.sorbs.net
      smtp.dnsbl.sorbs.net
         new.spam.dnsbl.sorbs.net
      recent.spam.dnsbl.sorbs.net
         old.spam.dnsbl.sorbs.net
      escalations.dnsbl.sorbs.net
       web.dnsbl.sorbs.net
     block.dnsbl.sorbs.net
    zombie.dnsbl.sorbs.net

  relays.dnsbl.sorbs.net   http.dnsbl.sorbs.net
     socks.dnsbl.sorbs.net
      misc.dnsbl.sorbs.net
      smtp.dnsbl.sorbs.net

 proxies.dnsbl.sorbs.net   http.dnsbl.sorbs.net
     socks.dnsbl.sorbs.net
      misc.dnsbl.sorbs.net


[Additional Zones such as (A)SPEWS...]
In addition to providing the SORBS zones, SORBS also makes the ASPEWS and SPEWS data available by DNSbl lookup.

As the policy of SORBS (and one of the reasons for creating SORBS) was the publishing of data that is fully under SORBS control, the ASPEWS and SPEWS zones are not included in the SORBS aggregate zone. This is the same reason why SORBS does not present other DNSbls' data.

For those wanting the ASPEWS or SPEWS data by simple DNSbl lookup, SORBS provides the following zones as a courtesy:

l1.spews.dnsbl.sorbs.net - SPEWS Level one listings
l2.spews.dnsbl.sorbs.net - SPEWS Level two listings
  aspews.ext.sorbs.net   - ASPEWS Listings

Return codes for these zones are 127.0.0.2


Note: The SPEWS Level two zone contains all the level one data - you do not need to query both if you are treating the data the same way.
If you were using APEWS via SORBS, sorry we have discontinued distribution of this list n the SORBS DNS servers.

'Server > Mail Server' 카테고리의 다른 글

[SendMail] savemail panic in sendmail  (0) 2008.09.22
메일서버 장애 해결하기  (0) 2008.09.22
KISA-RBL을 Unix 계열에서 등록 방법  (0) 2008.09.22
DNSBL 등록 방법  (0) 2008.09.22
spamcop.net 등록방법  (0) 2008.09.22
bl.csma.biz 등록 방법  (0) 2008.09.22
Junk Email Filter 등록 방법  (0) 2008.09.22
KISA-RBL을 이용하는 방법  (0) 2008.09.22

spamcop.net 등록방법

Posted 2008. 9. 22. 23:34


[spamcop.net]

 

 For Exchange 2003:

Make sure you install SP2 first, as it contains some important updates for Intelligent Message Filtering.

 

  • Display Name: spamcop
  • DNS Suffix: bl.spamcop.net

 

'Server > Mail Server' 카테고리의 다른 글

[SendMail] savemail panic in sendmail  (0) 2008.09.22
메일서버 장애 해결하기  (0) 2008.09.22
KISA-RBL을 Unix 계열에서 등록 방법  (0) 2008.09.22
DNSBL 등록 방법  (0) 2008.09.22
SORBS DNSBL 등록 방법  (0) 2008.09.22
bl.csma.biz 등록 방법  (0) 2008.09.22
Junk Email Filter 등록 방법  (0) 2008.09.22
KISA-RBL을 이용하는 방법  (0) 2008.09.22

bl.csma.biz 등록 방법

Posted 2008. 9. 22. 23:33

[bl.csma.biz]

We currently maintain two databases: bl.csma.biz and sbl.csma.biz. The first database contains only aggressive hosts that have spammed repeatedly during a short timeframe. The second database is a bit more aggressive, recording all hosts that have generated spam within a 45-day period.

Our recommendation is that the sbl.csma.biz list not be used for real-time DNSBL refusals because there is still a chance that messages could be legitimate. (See the SpamAssassin rules section for help here.)

 

DNSBL Queries
Query zone: bl.csma.biz
Returns: 127.0.0.2
SpamAssassin & Score-Based Queries
Query zone: sbl.csma.biz
Returns: 127.0.0.2

 

'Server > Mail Server' 카테고리의 다른 글

[SendMail] savemail panic in sendmail  (0) 2008.09.22
메일서버 장애 해결하기  (0) 2008.09.22
KISA-RBL을 Unix 계열에서 등록 방법  (0) 2008.09.22
DNSBL 등록 방법  (0) 2008.09.22
SORBS DNSBL 등록 방법  (0) 2008.09.22
spamcop.net 등록방법  (0) 2008.09.22
Junk Email Filter 등록 방법  (0) 2008.09.22
KISA-RBL을 이용하는 방법  (0) 2008.09.22

Junk Email Filter 등록 방법

Posted 2008. 9. 22. 23:32


[Junk Email Filter]

Our list server is hostkarma.junkemailfilter.com - this server returns several different results depending on what kind of listing it is. If the server returns 127.0.0.1 then it is whitelisted. You can accept the email without any further checking.

If the result is 127.0.0.3 then the host is yellow listed. Yellow listing means that host generates some spam and some nonspam. (examples, yahoo.com, hotmail.com) What that means is that this host should never be blacklisted and that other IP based blacklists should be bypassed to prevent false positives. If the result is 127.0.0.2 it is blacklisted - if the IP is listed here you can bounce it without further checking.

And if the result is 127.0.0.4 it is brownlisted which means it is on its way to being blacklisted but hasn't quite got there yey. But it might be worth a few points using SpamAssassin.

 

  • 127.0.0.1 - whilelist - trusted nonspam
  • 127.0.0.2 - blacklist - block spam
  • 127.0.0.3 - yellowlist - mix of spam and nonspam
  • 127.0.0.4 - brownlist - all spam - but not yet enough to blacklist

'Server > Mail Server' 카테고리의 다른 글

[SendMail] savemail panic in sendmail  (0) 2008.09.22
메일서버 장애 해결하기  (0) 2008.09.22
KISA-RBL을 Unix 계열에서 등록 방법  (0) 2008.09.22
DNSBL 등록 방법  (0) 2008.09.22
SORBS DNSBL 등록 방법  (0) 2008.09.22
spamcop.net 등록방법  (0) 2008.09.22
bl.csma.biz 등록 방법  (0) 2008.09.22
KISA-RBL을 이용하는 방법  (0) 2008.09.22

KISA-RBL을 이용하는 방법

Posted 2008. 9. 22. 23:29

출처 : https://www.kisarbl.or.kr/

 

 

시작 > 프로그램 > Microsoft Exchange > System Manager 선택

 

 

전역설정 > 메시지배달 선택 후 마우스 오른쪽을 클릭하여 등록정보 선택
메시지 배달 속성에서 연결 필터링 탭을 선택 차단 목록 서비스 구성에서 추가를 클릭
연결 필터 규칙정보에서 표시이름, 공급자의 DNS 접미사를 작성
예)표시이름 : KISARBL
    공급자의 DNS 접미사 : spamlist.or.kr

 

 

차단목록서비스구성에서 편집을 클릭

 

 

필터규칙을 다음 마스크에 일치 127.0.0.1 입력확인 버튼

 

 

서버 > 서버명 > 프로토콜 > SMTP > Default SMTP Virtual Server 선택 후 마우스 오른쪽을 눌러서 등록정보 선택
일반탭에서 IP주소영역의 고급클릭

 

 

고급정보에서 편집를 선택
구분정보에서 IP 주소의 지정하지 않은 모든 (IP)를 선택하면 IP리스트가 나오는데 여기서 받는 메일 서버의 IP 선택 연결 필터 적용 체크한 후 확인
위와 같이 작성 후 확인을 선택하시면 모든 설정이 완료됩니다.

 


'Server > Mail Server' 카테고리의 다른 글

[SendMail] savemail panic in sendmail  (0) 2008.09.22
메일서버 장애 해결하기  (0) 2008.09.22
KISA-RBL을 Unix 계열에서 등록 방법  (0) 2008.09.22
DNSBL 등록 방법  (0) 2008.09.22
SORBS DNSBL 등록 방법  (0) 2008.09.22
spamcop.net 등록방법  (0) 2008.09.22
bl.csma.biz 등록 방법  (0) 2008.09.22
Junk Email Filter 등록 방법  (0) 2008.09.22