Problem
Not enough Spam is being blocked with a high confidence level and it is suspected that checks against the RBL and DBL servers are not working
Background Information
SpamSentinel is configured to check RBL and DBL data from the Spamhaus Zen service. SpamSentinel also needs to be specific configured to ignore internal relay servers for RBL checks to be effective.
Possible Solutions
1. Check for and fix issues at DNS level preventing RBL data from being acquired.
SpamSentinel includes the use of a licensed key in the form of a unique hostname at SpamHaus against which RBL checks are made. This is important as servers using Google DNS (and others) won't process requests without using our licensed key. Not all DNS servers allow or handle RBL/DBL queries properly and some public DNS servers prohibit their use.
How to check if your server's DNS configuration supports RBL/DBL
- For a Standard installation run these test from the server where Domino is installed.
- For a Checking Machine installation, run these tests from the WIndows machine where SpamSentinel programs are installed.
Run a quick general test of RBL results
NOTE: For further reference: https://www.spamhaus.org/faq/section/DNSBL%20Usage#553
Run the following command from a DOS prompt. This uses our specific licensed host name.
C:/> nslookup 2.0.0.127.m5zdzzezz2y6ry2utob5rk2mju.zen.dq.spamhaus.net
You should get these results:
127.0.0.4
127.0.0.2
127.0.0.10
Test Specific IP addresses or DNS Servers
Here is the syntax. If the IP address from the IPLast is 1.2.3.4 you must invert it as follows:
nslookup 4.3.2.1.m5zdzzezz2y6ry2utob5rk2mju.zen.dq.spamhaus.net
using the machines DNS
nslookup 6.51.195.188.bad.psky.me
Using ANY DNS service, add it to the end.
nslookup 6.51.195.188.bad.psky.me nsvip01.windstream.net
IP addresses work too:
nslookup 6.51.195.188.bad.psky.me 8.8.8.8
Here is our license but using windstream DNS
nslookup 226.173.155.94.m5zdzzezz2y6ry2utob5rk2mju.zen.dq.spamhaus.net nsvip01.windstream.net
Successful replies are
127.0.0.1
127.0.0.2
127.0.0.3
etc
The red arrow shows Google refusing to run the DNS.
If the server is NOT on the RBL, the result looks like this (ie it is not listed in the DNS of spamhaus)
Test is DBL's are working
Known 'listed' (bad) domain 'dbtest.com' should always return a result
C:\>ping dbltest.com.dbl.spamhaus.org
Pinging dbltest.com.dbl.spamhaus.org [127.0.1.2] with 32 bytes of data:
Reply from 127.0.1.2: bytes=32 time<1ms TTL=128
Known 'not-listed' (good) domain 'dbtest.com' should always return a result
C:\>ping example.com.dbl.spamhaus.org
Ping request could not find host example.com.dbl.spamhaus.org. Please check the
name and try again.
2. Skip evaluating the external IP address of any relay servers
By default SpamSentinel is configured to check the 'Last IP Address' in the SMTP hop list against the SpamHaus RBL. This is a problem for customers who have dedicated SMTP relay servers which accept internet mail in front of their Domino server. SpamSentinel needs to know that if one of these IP addresses is encountered as the 'Last IP Address', it should be ignored and instead the prior IP address should be the one evaluated against SpamHaus.
By default, SpamSentinel is configured to skip all if the standardized 'Internal' IP address ranges.
If the hop through the relay server is captured in the headers with any other ip addresses, those should be identified and entered into the SpamSentinel Server Configuration document.
Look on the tab 'Verisend' then the sub-tab Relay Servers Listing for the field 'IP Addresses of Relaying Servers. If you do not know all your inbound relay server addresses, you can use the helpful Relay Detection Wizard which is available a little further down in the document.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article