I once wrote an article related to this topic some time ago but not in detail. Now I will try to write the know-hownya in detail as part of project implementation record in the office of Zimbra Mail Server clients a Japanese foreign direct investment company in Semarang at the weekend.
Zimbra by default it already includes anti-virus and anti spam, but the setting needs to diimprove for far more reliable. One simple way of improv that is adding an online blacklist facility that can be used to detect the ip / hostname of the sender, whether they are eligible sender or spammer in disguise.
REGISTRATION BARRACUDACENTRAL
Most of the service to detect spammers available for free and can be directly used, but specific to one of the best online anti-spam service that is barracudecentral requires free registration. Free registration is required so that we can melisting public ip anywhere that performs the query spammers to barracuda. Other services such as Spamhaus maximum query limit of 100 thousand hits per day, more than it had to use their commercial services. 100 thousand hits is equivalent to 100 thousand effort incoming mail server.
To register barracudecentral, please register first at http://www.barracudacentral.org/account/register. After register, we can enter the public IP we have for our IP is listed as an IP who want to perform queries to barracudacentral. To enter the public IP, do the login via the link http://www.barracudacentral.org/account/login and then click the "Update IP Address" which is on the top right corner of the display. Enter the public IP addresses, separated by commas if more than one public IP.
Zimbra by default it already includes anti-virus and anti spam, but the setting needs to diimprove for far more reliable. One simple way of improv that is adding an online blacklist facility that can be used to detect the ip / hostname of the sender, whether they are eligible sender or spammer in disguise.
REGISTRATION BARRACUDACENTRAL
Most of the service to detect spammers available for free and can be directly used, but specific to one of the best online anti-spam service that is barracudecentral requires free registration. Free registration is required so that we can melisting public ip anywhere that performs the query spammers to barracuda. Other services such as Spamhaus maximum query limit of 100 thousand hits per day, more than it had to use their commercial services. 100 thousand hits is equivalent to 100 thousand effort incoming mail server.
To register barracudecentral, please register first at http://www.barracudacentral.org/account/register. After register, we can enter the public IP we have for our IP is listed as an IP who want to perform queries to barracudacentral. To enter the public IP, do the login via the link http://www.barracudacentral.org/account/login and then click the "Update IP Address" which is on the top right corner of the display. Enter the public IP addresses, separated by commas if more than one public IP.
TESTING BARRACUDACENTRAL
To test whether public IP addresses were registered for querying barracuda, run the following command in konsole or terminal :
To test whether public IP addresses were registered for querying barracuda, run the following command in konsole or terminal :
If the public IP addresses are registered, the response is as follows: 2.0.0.127.b.barracudacentral.org has address 127.0.0.2
INSTALLING ON BARRACUDACENTRAL Zimbra
1. Log in to Zimbra Admin
2. Select the Global Settings | MTA
3. In the DNS check, fill in the list of RBLs with fields as follows: b.barracudacentral.org, zen.spamhaus.org, dnsbl.njabl.org, dnsbl.ahbl.org, cbl.abuseat.org.
INSTALLING ON BARRACUDACENTRAL Zimbra
1. Log in to Zimbra Admin
2. Select the Global Settings | MTA
3. In the DNS check, fill in the list of RBLs with fields as follows: b.barracudacentral.org, zen.spamhaus.org, dnsbl.njabl.org, dnsbl.ahbl.org, cbl.abuseat.org.
4. Click the OK button.
5. Restart the Zimbra services with the command :
5. Restart the Zimbra services with the command :
Here is an example of a successful block sender by barracudacentral and Spamhaus. The process of checking can be done by opening the Zimbra log files, the command is: cat / var / log / zimbra.log | grep "NOQUEUE":
Jun 4 07:41:31 mail postfix / smtpd [30925]: connect from unknown [112.223.137.3]Jun 4 07:41:32 mail postfix / smtpd [30925]: NOQUEUE: reject: RCPT from unknown [112.223.137.3]: 554 5.7.1 Service unavailable; Client host [112.223.137.3] blocked using b.barracudacentral.org; http://www.barracudanetworks.com/reputation/?pr=1&ip=112.223.137.3; from = <wisen5@ramponisas.com> to = <ari_sihasale@vavai.co.id> proto = ESMTP helo = <ZZNXXRG>Jun 4 07:41:33 mail postfix / smtpd [30925]: lost connection after DATA from unknown [112.223.137.3]Jun 4 07:41:33 mail postfix / smtpd [30925]: disconnect from unknown [112.223.137.3
Jun 4 07:40:38 mail postfix / smtpd [30925]: warning: 186.85.50.50: hostname Dynamic-IP-186855050.cable.net.co verification failed: Name or service not knownJun 4 07:40:38 mail postfix / smtpd [30925]: connect from unknown [186.85.50.50]Jun 4 07:40:40 mail postfix / smtpd [30925]: NOQUEUE: reject: RCPT from unknown [186.85.50.50]: 554 5.7.1 Service unavailable; Client host [186.85.50.50] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=186.85.50.50; <uuzeamun4355@cable.net.co> from = to = proto = ESMTP helo <niken.pudji.damayanti@vavai.co.id> = <cable.net.co>Jun 4 07:40:41 mail postfix / smtpd [30925]: disconnect from unknown [186.85.50.50]Jun 4 08:27:32 mail postfix / smtpd [21379]: NOQUEUE: reject: RCPT from unknown [190.43.249.160]: 554 5.7.1 Service unavailable; Client host [190.43.249.160] blocked using b.barracudacentral.org; http://www.barracudanetworks.com/reputation/?pr=1&ip=190.43.249.160; from = <estrangedgcv238@casetasmodulares.com> to = <vivian@vavai.co.id> proto = ESMTP helo = <MNXBSTJXSM>Jun 4 08:27:32 mail postfix / smtpd [21379]: NOQUEUE: reject: RCPT from unknown [190.43.249.160]: 554 5.7.1 Service unavailable; Client host [190.43.249.160] blocked using b.barracudacentral.org; http://www.barracudanetworks.com/reputation/?pr=1&ip=190.43.249.160; from = <estrangedgcv238@casetasmodulares.com> to = <vivian@vavai.co.id> proto = ESMTP helo = <MNXBSTJXSM>
Just additional info, block sender process as above can work well if the IP address in the sender does not rewrite the local IP. If all incoming mail through the NAT IP addresses direwrite, the block is not running because of all the IP is detected as the local IP.
Jun 4 07:41:31 mail postfix / smtpd [30925]: connect from unknown [112.223.137.3]Jun 4 07:41:32 mail postfix / smtpd [30925]: NOQUEUE: reject: RCPT from unknown [112.223.137.3]: 554 5.7.1 Service unavailable; Client host [112.223.137.3] blocked using b.barracudacentral.org; http://www.barracudanetworks.com/reputation/?pr=1&ip=112.223.137.3; from = <wisen5@ramponisas.com> to = <ari_sihasale@vavai.co.id> proto = ESMTP helo = <ZZNXXRG>Jun 4 07:41:33 mail postfix / smtpd [30925]: lost connection after DATA from unknown [112.223.137.3]Jun 4 07:41:33 mail postfix / smtpd [30925]: disconnect from unknown [112.223.137.3
Jun 4 07:40:38 mail postfix / smtpd [30925]: warning: 186.85.50.50: hostname Dynamic-IP-186855050.cable.net.co verification failed: Name or service not knownJun 4 07:40:38 mail postfix / smtpd [30925]: connect from unknown [186.85.50.50]Jun 4 07:40:40 mail postfix / smtpd [30925]: NOQUEUE: reject: RCPT from unknown [186.85.50.50]: 554 5.7.1 Service unavailable; Client host [186.85.50.50] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=186.85.50.50; <uuzeamun4355@cable.net.co> from = to = proto = ESMTP helo <niken.pudji.damayanti@vavai.co.id> = <cable.net.co>Jun 4 07:40:41 mail postfix / smtpd [30925]: disconnect from unknown [186.85.50.50]Jun 4 08:27:32 mail postfix / smtpd [21379]: NOQUEUE: reject: RCPT from unknown [190.43.249.160]: 554 5.7.1 Service unavailable; Client host [190.43.249.160] blocked using b.barracudacentral.org; http://www.barracudanetworks.com/reputation/?pr=1&ip=190.43.249.160; from = <estrangedgcv238@casetasmodulares.com> to = <vivian@vavai.co.id> proto = ESMTP helo = <MNXBSTJXSM>Jun 4 08:27:32 mail postfix / smtpd [21379]: NOQUEUE: reject: RCPT from unknown [190.43.249.160]: 554 5.7.1 Service unavailable; Client host [190.43.249.160] blocked using b.barracudacentral.org; http://www.barracudanetworks.com/reputation/?pr=1&ip=190.43.249.160; from = <estrangedgcv238@casetasmodulares.com> to = <vivian@vavai.co.id> proto = ESMTP helo = <MNXBSTJXSM>
Just additional info, block sender process as above can work well if the IP address in the sender does not rewrite the local IP. If all incoming mail through the NAT IP addresses direwrite, the block is not running because of all the IP is detected as the local IP.
Tidak ada komentar:
Posting Komentar