HomeZimbra 8Create your own RHSBL

Create your own RHSBL

Software Effect Enterprises, Inc Posted on by

I was having problems with receiving emails from multiple ip addresses – but all of them being addressed from the same set of email addresses. In Zimbra this can be addressed using zimbraMtaSmtpdSenderRestrictions and setting up a file with a list of domains in a file. In postfix you can use smtpd_sender_restrictions and also a list of domains in a file. The problem is that I have to deal with multiple mx servers. Making the same updates to a file on multiple servers gets old fast, so I set up RHSBL.

An RHSBL lists the domain names used in the “from” or “reply-to” e-mail address that are sending spam. This should not be confused with a DNSBL which lists the ip addresses of machines which are found to be sending spam. There are RHSBL servers available for public use, but I am getting email from domains not on those lists, so I decided to run my own RHSBL server.

To create your own RHSBL, you need to either create a new zone file or modify an existing zone file on the dns servers that your mail servers are using. I used the zone file mycompany.local. I set up my mail server to use rhsbl.mycompany.local as one of my RHSBL servers.

To block email from bademail.com, I added two records to the mycompany.local zone file. The first record is an A record  and the second is a TXT record. They are as follows:

bademail.com.rhsbl.mycompany.local.   A    127.0.0.2
bademail.com.rhsbl.mycompany.local.   TXT  "Spam Source"

Any email from anyemail@bademail.com will be blocked

I have been receiving a large amount of spam from the toplevel domain of “bid” such as “emyvr.bid” and “fjhzrs.biz”. I dont know of anyone who had a domain name that end in “bid”, so I blocked the entire tld of bid by adding the following lines to my mycompany.local zone file

*.bid.rhsbl.mycompany.local.   A    127.0.0.2
*.bid.rhsbl.mycompany.local.   TXT  "Spam Source"

The above combined with existing public DNSBL and RHSBL servers along with blocking any mail servers that do not have reverse ip entries, has made a tremendous impact on the spam I receive.

Entering Records Into Zone Files On A Windows DNS Server

Click – click – click can get old real fast if you need to put in multiple records into a Windows DNS server. The fastest way to do it is to us the command line prompt. You can create a batch file or just type the command in twice (once for the A record and once for the TXT record) and use the up arrow to go back and edit the new entries. The commands you need to know are:

dnscmd MyDomainController.my company.local /RecordAdd mycompany.local bademail.com.rhsbl A 127.0.0.2
dnscmd MyDomainController.my company.local /RecordAdd mycompany.local bademail.com.rhsbl TXT "Spam Source"

or for a wild card

dnscmd MyDomainController.my company.local /RecordAdd mycompany.local *.bid.rhsbl A 127.0.0.2
dnscmd MyDomainController.my company.local /RecordAdd mycompany.local *.bid.rhsbl TXT "Spam Source"

Replace MyDomainController.mycompany.local with the ip address or FQDN of your DNS server.

 

 

Comments are closed.