info.mailtraq.com > Anti-Spam > DNS Black Lists - DBLs > Introduction to DBLs Introduction to DBLsA DNS Black List is a public domain name server that keeps a list of IP addresses that are black listed for some reason. Most of these lists contain information about mail hosts that are open (i.e. will relay unauthorised mail) and can therefore be abused by spammers and other bulk-mail senders. Other lists are simply known sources of spam. By choosing to verify connecting clients against black lists you are choosing to refuse mail from them based on these criteria. Blacklist Tab This tab, accessed from the SMTP Service dialog and the Remote POP3 Mailbox properties dialog, enables the Black Listing facilities to be configured for this instance of the Service. Explicit Black and White Lists Click on these buttons to enter lists of client IP addresses, sender e-mail addresses and recipient e-mail addresses to black list or white list (respectively). Clients that send a message which matches the black list, or who are blacklisted by one of the configured DBLs, will be barred from sending any further messages for a period of time. DBLs DBL (DNS Black Lists) servers can also be configured, which allows Mailtraq to use public black lists to determine whether or not a client should be allowed to send messages to Mailtraq.
Click for a tutorial on configuring DBL
Tarpitting Tarpitting is the term given to a process which combats spam and abusers by making it difficult to send large volumes of mail. If Tarpitting is enabled and a client becomes blacklisted, rather than immediately refuse the connection or refuse the recipients, they are accepted but delayed substantially. This does not add any load to Mailtraq, but prevents the client from delivering additional messages to other servers. After all the recipients have been listed, Mailtraq will still refuse the message.
Configuration Tip When should I use the option to "Verify xth IP address(es) in Received: headers"? What this means is that Mailtraq will extract IP addresses from the received headers and analyse those as though the address was that of the client. This is necessary when you receive incoming mail from a relay (where the IP address is always the same). If the mail is always received along a specific route, you will get IP addresses in the same order in the Received: headers. The first Received: header is the most recent relay. Therefore if you want to check who sent to that relay you would use "2" (second IP address). You can specify a range, e.g. "2-9". It may even be useful to scan "1-9" which pretty much means all IP addresses in the header. The problem is that the last IP address is probably that of the sender and if they have a dynamic IP address it will get matched by DBLs that identify IP addresses that have no business connecting to your MX servers. Also the more IP addresses checked, the slower the process will be. For that reason, you need to have a good idea as to how your DBL sources work and how your network is configured. So if you aren't sure about either, don't use this feature.
|