Mailtraq's dbl feature looks up the ip address of the delivering mail server in dns based blocklists (dbl) and, if a match is found, either refuses the connection or re-routes the messages delivered to a specified mailslot.
One of the best dbl available is Spamhaus which we use later in this tutorial. Others are available, such as Spamcop.
Preparation
There are a number of ways to configure dbl, which can vary according to your requirements.
It is always good practice to back-up your configuration before making a major change to mail routing.
- Make sure that you have a working mail collection. Anti-spam controls work by rejecting or diverting mail so it is important to be sure your mail flow is correct before you start.
- Create a new mailbox in Mailtraq and call it 'spam'. This need not be a Primary (blue) mailbox. It can be a Secondary (gray) mailbox assigned to an existing user.
Read a Forum discussion about 'best methods' - here
Set Up - SMTP mail receipt
If you receive your mail direct from the Internet, by SMTP, use this method. Remote POP3 is discussed below.
In Options | Services - SMTP Mail Server, Properties dialog box click the tab marked 'Black Lists' . Click 'Add'. The DNS Blacklist Lookup dialog box will open.
Set the DNS Lookup Expression to be:
%4.%3.%2.%1.zen.spamhaus.org
In the Response Handling and Interpreting Window enter the following line:
Response=127.*.*.*
%=101,
Message=Blacklisted by DBL,
Header= DBL
Click the Rerouting-tab at the top of the DNS Blacklist Lookup dialog box and Reroute the Blocked messages to the mailbox you created earlier called 'spam'.
Then similarly add (see image above):
%4.%3.%2.%1.bl.spamcop.net
Then click 'OK', back to the Console.
Make sure that the 'Enable DBL verification' check box has a check-mark for the DBL server(s) being used.
From now on, Mailtraq will look up the ip address of every connecting smtp client at spamhaus and accept messages if there's no entry and reroute messages to 'spam' if 127.*.*.* is returned.
Rerouting
All your spam mail is now being diverted to your 'spam' mailbox. You need to decide what you want to do with it. Typically you will want to Expire the messages after a short period of time - say a week.
A common scenario is to Reroute to 'spam' and then share that mailbox with all users, who can then check for themselves if an expected message has been routed as spam.
You should remember that your email is now being routed according to these dbl rules. It is possible that legitimate email that you wish to receive will accidentally be included. The prudent user will check the rerouted spam on a regular basis to ensure the rules that have been set are still doing what you intend.
IMPORTANT: Once you are confident that valid mail is not being mis-routed you should set your Rerouting-tab to 'Reject the message'. This will greatly reduce the load on Mailtraq and increase your system efficiency.
Set Up - POP3 Collection
If you collect your mail by POP3 from your ISP then use this method.
In your working 'POP3 Collection Properties' (in Remote POP3 Mailboxes in the Console tree-view) dialog box click the tab marked 'Black Lists' (not Mail Filtering). Click 'Add'.
The DNS Blacklist Lookup dialog box will open, then proceed as above.
In the Response Handling and Interpreting Window enter the following line:
Response=127.*.*.*
%=101,
Message=Blacklisted by DBL,
Header= DBL
If you have other Remote POP3 mail boxes you collect from, or receive mail by SMTP, and you want spam control on those collections, then visit each of the Properties boxes and make sure that the 'Enable DBL verification' check box has a check-mark for the DBL server(s) being used.
Additional Configuration
Some DBL services provide you with additional feedback about the reason for classifying an item as spam
The old Osirusoft service was one which enabled you to configure the Response Handling and Interpreting Window as follows. Note: Osirusoft is now offline due to a DoS attack.
In the Response Handling and Interpreting Window enter the following, one line at a time
Response=127.0.0.2,Points=101,Message=Blocked as Relay,Header= 127.0.0.2 Blocked as Relay
Response=127.0.0.3,Points=101,Message=Blocked as Dialup,Header= 127.0.0.3 Blocked as Dialup
Response=127.0.0.4,Points=101,Message=Blocked as Manual Entry,Header= 127.0.0.4 Blocked as Manual Entry
Response=127.0.0.5,Points=101,Message=Blocked as Smarthost,Header= 127.0.0.5 Blocked as Smarthost
Response=127.0.0.6,Points=101,Message=Blocked as Spamware,Header=127.0.0.6 Blocked as Spamware
Response=127.0.0.7,Points=101,Message=Blocked as List server,Header= 127.0.0.7 Blocked as List server
Response=127.0.0.8,Points=101,Message=Blocked as Formail,Header= 127.0.0.8 Blocked as Formail
Response=127.0.0.9,Points=101,Message=Blocked as Proxy,Header= 127.0.0.9 Blocked as Proxy
Then click 'OK', back to the Console. Make sure that the 'Enable DBL verification' check box has a check-mark for the DBL server(s) being used.
From now on, Mailtraq will look up the ip address of every connecting smtp client at osirusoft and accept messages if there's no entry and reroute messages to 'spam' if 127.0.0.1 - 127.0.0.9 is returned. You can then examine the messages there on a regular basis and use the information provided by the 'Message' and 'Header' reports to refine your anti-spam rules.
Messages are rerouted when their 'points score' is greater than 100. This means that if any of the reasons for blocking mail are true the message will be rerouted. You may find that you want to accept mail from certain sources that others might consider doubtful.
If you were to change the entry above from
Response=127.0.0.3,Points=101,Message=Blocked as Dialup,Header= 127.0.0.3 Blocked as Dialup
to
Response=127.0.0.3,Points=0,Message=Blocked as Dialup,Header= 127.0.0.3 Blocked as Dialup
then mail from all Dialups on Osirusoft's database will be accepted.
If you change the points in each entry to Points=51 then messages will be rerouted if any two database entries are matched (51+51=102, and Messages are rerouted when their 'points score' is greater than 100), and so on.
You can construct your own rules in a similar way.
If you use more than one dbl source, then you will find it helpful for diagnostic purposes to change the Message and Header entry information to reflect which dbl is causing mail to be re-routed.
For example:
Response=127.0.0.2,Points=101,Message=Blocked as Relay,Header= 127.0.0.2 Blocked as Relay
would be changed to
Response=127.0.0.2,Points=101,Message=Blocked as Relay (Osirusoft),Header= 127.0.0.2 Blocked as Relay (Osirusoft)
How can I check if dbl is working?
If you are receiving spam, then examining the 'spam' folder will show messages accumulating in that folder.
If you do not receive any spam, and still want to check that the dbl settings are working you can perform the following test. It is not normally necessary.
Add the ip address of one of your lan machines to the hosts file on the Mailtraq machine with a match test entry in Mailtraq's dbl setup.
For example, if your machine on the lan is 192.168.55.3, enter it in reversed octet order to the hosts file on the Mailtraq machine, like this ...
3.55.168.192
... then, on the same line, preceed it with "127.0.0.4 " (note the spaces) and follow it with ".test", like this ...
127.0.0.4 3.55.168.192.test
... then create the following dbl rule in Mailtraq ...
%4.%3.%2.%1.test
... and assign a lookup result of 127.0.0.4 to a score greater than 100.
