This page allows you to enable/disable the DNS black lists for the current host. The black lists that are displayed in the list boxes depend on which black lists are enabled for the server. Once a black list is enabled, it is displayed in one of the list boxes on this page. If a black list is not enabled for the server, it cannot be used by a host, and will not be displayed on this page. These black list entries are stored in the spamblks.txt file, which is located in the host’s directory.
Note: No black lists are enabled by default for a host. Each host administrator must enable them after installation.
DNS black lists are separated into two categories:
DNS Black Lists (insert X-headers). If the IP address of an e-mail matches one of these black lists, an X-header is inserted into the message header to indicate which black list it matched. The message is then passed on to phrase filtering for further examination.
If you select Delete Message after X matches, the message will be immediately deleted if it matches X number of black lists plus the number of enabled verification tests. The value entered must not be greater than the number of black lists plus the number of verification options that are enabled. If you change this option, you must click Save in order for the changes to take effect.
Trusted DNS Black Lists (immediate deletion). If the IP address of an e-mail matches one of these black lists, it is immediately deleted and no further spam filtering is performed.
Verify MAIL FROM address. The "From" address of the connecting server is verified for each message to ensure that the user is a valid user on the mail server. If the user or server does not exist, the message is identified as spam.
Perform reverse DNS lookup for connecting server. The IP address of the connecting server is used to perform a reverse DNS lookup, to determine the domain name. If a domain has a valid PTR record, the message is accepted. If a reverse lookup fails, it means there is no reverse record for that IP address, and the message is identified as spam. An IP address with no PTR record is usually either a dial-up or spoofed, both of which are indicators of spam. However, it should be noted that a significant number of legitimate mail servers do not have a reverse DNS entry. This may cause legitimate mail to be identified as spam (false positive).
Verify HELO/EHLO Domain. The domain passed during the HELO/EHLO is used to perform a DNS query to verify that the domain specified has an "A" record or an "MX" record. If this test fails, an X-Header is inserted into the message.
Note: These options are resource intensive and may slow down mail processing.
Enabling a DNS Black List
Decide whether you want the black list to be a standard DNS Black list, or a Trusted DNS Black list.
Click Add in the appropriate grouping to open the Black list dialog box.
Select a black list, and click Add to the Host Black List. The black list now appears on the Host Black List page.
Removing a DNS Black List
Select the black list name from either the DNS Black Lists box, or the Trusted DNS Black Lists box,
Click Delete, and the DNS black list entry is removed.
Select the black list name from the Trusted DNS Black Lists box and click Delete.
Click Add under the DNS Black Lists box, and the Black List dialog box opens.
Select the black list name that you previously deleted and click Add to the Host Black List. The black list now appears in the Trusted DNS Black List box.
Name. The display name for the black list that is used in log lines to identify the black list entry. This name does not have to correlate to the actual name of the black list.
Server. The domain name or IP address of the DNS server to contact for black list queries.
Query Domain. The domain to query in the zone file of the black list. This name usually matches the server domain name. However, sometimes a black list will contain multiple zones to query on the same server. When this happens, the server name and the query domain will be different.
Type. Identifies the type of lookup that the black list performs:
ADDR (address). Uses a message’s "FROM" address to determine whether the message is spam.
DNS. Checks the IP address of the connecting SMTP server against spam databases to determine whether the message is spam. If the IP address is listed in one of the black lists databases, the message is identified as spam.
HELO. Checks the domain supplied in the HELO or EHLO command to determine whether to accept the message. The host name that is given in the HELO/EHLO command must match the IP address.
RHS (right-hand side). Checks the information following the @ symbol supplied in the "MAIL FROM" command to determine whether the message is spam.
Related Topics