Sendmail - block spam tried dnsbl

Question

just getting way too much, i tried a cominations of DNSBL servers still the same result..

i moved from running a windows mail server (sambar than hMailserver) never had this issue even with the same DNSBL providers. i been working on this since 2010.. cna never get it working.

as soon as i would remove a DNSBL from the windows server the spam would come .. the DNSBL on sendmail (linux) is active because one of them died today and all mail bounced (rhsbl.ahbl.org)

sendmail is my mail ex for local smtp boxes..

this is my sendmailcf

Feature FEATURE(dnsbl',sbl-xbl.spamhaus.org')dnl
Feature FEATURE(dnsbl',bl.spamcop.net', "Rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
Feature FEATURE(dnsbl', zen.spamhaus.org',Rejected - see http://www.spamhaus.org/')dnl
Feature FEATURE(dnsbl',XBL.spamhaus.org', `Rejected - see http://www.spamhaus.org/')dnl

here is a screen shot of how much spam i get ... in the last 10 miutes.

http://i.snag.gy/ydt6L.jpg

Answer 1

I've three recommendations:

A) Add b.barracudanetworks.com to your dnsbl list. Barracuda has a huge network of spam firewalls they sell that reports spam attacks to them in near real time and so are able to maintain a very effective blocklist. You can register on their website and use their zone for free.

B) Create your own DNSBL zone. I know that your image looks like a lot of spam, but from the picture it also appears all that spam is coming from a single spam attack from a single server. We cut our spam down drastically just by setting up our own DNSBL zone. This is a powerful remedy.

Simple DNS Plus works well for maintaining such a zone because it has a scriptable API for updating records. In our case, we added our own zone as a supplemental DNSBL to our hMail Server config. After adding a shortcut to the Outlook quick access toolbar to access mail headers in one click, a simple .Net program updates our block-list with the delivering servers' IP addresses from those headers with only three keystrokes (ctrl-c, ctrl-v, click). This could just as easily have been done in html/JavaScript. If there is interest, I'll post the full VB.Net source code (Screen shot below.)

C) Block the server farms of spammers. i) Use an IP reputation site to see if the IP address of the delivering server is a known source of spam. ii) If IP is a known spammer use an IP WhoIs website to identify the netblock of the spammer. iii) Block the whole range. In hMail server, this is done under Settings \ Protocols \ IP Ranges by clicking "Add" and deselecting all permissions in the first column.

Answer 2

DNSBLs are a very potent weapon against spam, but they can only do so much. Five to ten years ago, they'd block 90% of your spam. Today, it's closer to 50% thanks mostly to modern snowshoe spam techniques (which are too fast for the DNSBLs) and "reputation hijacking" (sending spam through sources such as Yahoo that have good reputation and/or high enough volume to mask the spam campaign).

I am assuming you have things configured correctly (i.e. you're not whitelisting anything and sendmail really sees the spam-sending relay as opposed to a forwarding service, which will completely defeat sendmail's dnsbl system since sendmail would see the wrong IP addresses). One more DNSBL you can consider is PSBL, but don't forget that almost half of all spam is immune to this sort of filtering.

The next step is to set up additional anti-spam systems, ideally in a manner that lets them all play together. One very common system is SpamAssassin, which combines DNSBLs, URI DNSBLs, Bayesian spam filtering, and a powerful collection of regular expressions. It also supports lots of plugins to further improve its catch rate. I very highly suggest Razor and/or Pyzor.