How to test your spam block from zen.spamhaus.org

If ZEN is new to you, zen.spamhaus.org includes SBL, XBL and PBL

After setting up your enhanced postfix spam block using main.cf:

smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org

Your new configuration reject_rbl_client zen.spamhaus.org need to be tested. Crynwr Software operates a robot which can test DNS-based spam blocks. Hence login to your server - NOT your mail client in your desktop or laptop. Test mails must be initiated directly ON your server. Any mail will do, hence take ANY text file or create a text file with a line of any text - then save that file to whatever filename. Here I use testmail.txt as test file to test the spam block using http://www.crynwr.com/spam/ test robot.

Make sure you have your postfix restarted after making any changes to main.cf ! This is done by:
rcpostfix restart

Many ways to send a mail directly from the server while logged in by shell. cd to the directory of your testmail.txt, then enter in your shell the line:

cat testmail.txt | /usr/sbin/sendmail nelson-sbl-test@crynwr.com

Check your mail box. If your zen.spamhaus.org postfix configuration works, If so then the mail received reads among other text:

554 Service unavailable; Client host [192.203.178.107] blocked using zen.spamhaus.org

1. If you get however 2 eMails. The famous: Uh-oh, your SBL block is not working! and another giving you the full details of successful mail delivery. Then you have an easy to solve problem. If you still get have your SBL block not working,. then see next step.
2. postfix milters work in logical sequence. first milter first, second milter second, etc. To make life to my spiritual readers easier - I had first a number of permit rules to accept any mail coming from half way decent senders, fqdn, etc. Then the few permit rules are followed by the reject rules. As a result of this permit rules first in my main,cf the test mails sent to the test robots of http://www.crynwr.com/spam/ were accepted first and thus resulting in the test faillure. Hence to make such spam blacklists working, the reject rules need to be at the top of your smtpd_recipient_restrictions = list. After changing your postfix milter rules accordingly and another rcpostfix restart - my spam block test succeeded.

As you may know, in main.cf you may use either one filter per line or as shown in my below own postfix configuration one line for all smtpd_recipient_restrictions = postfix milter rules.

This first example of my configuration caused the reject_rbl_client zen.spamhaus.org to initially fail - note that this below italic code all is on ONE line!!

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, permit_auth_destination, reject_unauth_destination, reject_unknown_sender_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org, reject

Placing the spamhaus.org block as showin below at the very beginning of my smtpd_recipient_restrictions = results in correct block by my mail server with the error 554 Service unavailable - blocked using zen.spamhaus.org:

smtpd_recipient_restrictions = reject_rbl_client zen.spamhaus.org, permit_sasl_authenticated, permit_mynetworks, permit_auth_destination, reject_unauth_destination, reject_unknown_sender_domain, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_client_hostname, reject

With your initial test success, you may want to run the additional test mails for SBL, XBL and PBL as shown on the page crynwr.com spam block tests. Your Testing your PBL block and Testing your XBL block should now all result in a successful response mail: 554 Service unavailable; blocked using zen.spamhaus.org

Good luck

Love and Bliss

hans

After my last week's Hong Kong shopping trip - a total of 4 days in 14 hrs offline - I had exactly 6358 eMails waiting for download. That's a lot of eMails - but worst even - Busy Internet lines required a full 8+ hours non-stop download to get all eMail into my laptop. That definitely is far too much. Specially since I plan to return to a more quieter life in provincial areas in future months. Using mobile 3G connection hours of downloading mostly SPAM certainly is far too costly in time and resources.

Thus a need to further improve server side SPAM filters was / is needed. Thus far all of my spam filtering is done by spam assassin on my local machine. That requires all eMail to be downloaded. On a laptop always online that makes little difference in overall connection performance. With an average of far more than 1200 eMail per day and a planned online time of only a few times a short period per day or week. Hours of spam download needs to be avoided.

Hence as of this hour I have added improved spam filtering server side to reject reception of commonly known SPAM on server side before receiving the eMails into my mail server. That should reduce the overall mail traffic to be downloaded substantially. Several blacklists are available fur such spam filtering using common mail servers such as postfix. Currently I use for testing zen.spamhaus.org, other blacklists may be added as needed depending on results of the current zen.spamhouse.org filter results. An alternate possibility might be the use of spamassassin server side.

To avoid your eMails being lost - make sure you use proper precise subject lines and real content. As soon as several test days are successfully completed, I may post some results and details of postfix milters in current use for those wanting to improve their own server side spam filter procedure. If you have your own postfix server, you may want to have a look at the many highly efficient smtpd milters available for postfix. For newbies: milter is the correctly spelled word for mail filter commonly used in technical documentation!

God bless

hans