DNS Black Lists (DNS-BL)
DNS Black Lists (DNS-BL) can be used to prevent most "spam" email from reaching your users. This new security feature allows you to specify several ORDB and MAPS RBL type hosts (which maintain lists of servers known to relay "spam") that will be checked each time someone tries to send a message to your server. If the connecting IP has been blacklisted by any one of these hosts, the message(s) will be refused or flagged.
DNS Black Lists includes an "exception" database for designating IP addresses that will not be subject to DNS-BL lookups. Before activating this feature, you should add your local IP address range to the exception list to prevent lookups on it. 127.0.0.1 is exempt and therefore doesn't need to be added to the exceptions.
For information on spam and how to control and eliminate it using ORDB and MAPS RBL, visit:
http://www.ordb.org http://www.mail-abuse.com/rbl/
ORDB and MAPS RBL are trademarks of their respective organizations. Alt-N Technologies is proud to be associated with them and make use of their services on behalf of our customers.
DNS-BL
Enable DNS-BL engine
Click this checkbox to turn on DNS Black Lists.
Flag messages from blacklisted sites but go ahead and accept them
When this control is enabled, MDaemon will not refuse messages that receive a blacklisted result. However, those messages will have an X-RBL-Warning: header inserted. You can then use the Content Filter feature to search for messages with this header and do with them as you please.
Check 'Received' headers within SMTP collected messages
Click this switch if you want DNS Black Lists to check the IP address stamped in the "Received" headers of messages received via SMTP.
Check only this many 'Received' headers (0 = all)
Specify the number of 'Received' headers that you want DNS-BL to check starting with the most recent. A value of "0" means that all 'Received' headers will be checked.
Skip this many of the oldest 'Received' headers (0 =none)
Use this option if you want DNS-BL to skip over one or more Received headers when checking SMTP messages. Since it is often necessary to skip the oldest Received header, this option has a default setting of "1".
Check 'Received' headers within POP collected messages
When this switch is enabled DNS-BL will check the IP address stamped in the "Received" headers of messages collected via DomainPOP and MultiPOP.
Check only this many 'Received' headers (0 = all)
Specify the number of 'Received' headers that you want DNS-BL to check starting with the most recent. A value of "0" means that all 'Received' headers will be checked.
Skip this many of the oldest 'Received' headers (0 =none)
Use this option if you want DNS-BL to skip over one or more Received headers when checking DomainPOP and MultiPOP messages. Since it is often necessary to skip the oldest Received header, this option has a default setting of "1".
Skip 'Received' headers within messages from exempted IPs
When this option is enabled, DNS-BL will not check the "Received" headers within messages coming from IP addresses that you have designated as exceptions. Click the "Exceptions" button below to designate those IP addresses.
Automatically filter spam messages into user's IMAP spam folder
Click this option and an "Inbox\Spam\" IMAP folder will be created for all future user accounts that you add to MDaemon. MDaemon will also create an IMAP mail rule for each of those users that will search for the X-RBL-Warning header and then place messages containing that header into the user's spam folder. When you click this option you will also be asked whether or not you would like MDaemon to create this folder and rule for each of your already existing user accounts. See Auto-generating a Spam Folder and Rule for Each Account below.
Auto-generating a Spam Folder and Rule for Each Account
MDaemon can automatically create an "Inbox\Spam\" IMAP mail folder for each account and generate an IMAP Mail Rule that will move messages into that folder whenever if finds the X-RBL-Warning header. Whenever you click the above option, you will be presented with the option to create the folder and accompanying rule for all accounts. Simply choose "yes" on the dialog to create the folders and rules. Although not foolproof, this is an easy and generally reliable way to help your users quickly identify spam email messages-it can effectively prevent spam email from being mixed in with all of their legitimate email. They will only need to occasionally review the contents of their spam folder just to make sure that an important message doesn't accidentally get put there (which may sometimes occur). When creating the folders and rules for your accounts, if MDaemon finds that an account already has a rule that checks for the existence of the X-RBL-Warning header then no action will be taken and no rule will be created for that account. If you want the name of the IMAP folder to be something other than "Spam," you can change the default setting by editing the following key in the MDaemon.ini file:
[Special]
DefaultSpamFolder=Spam (Replace "Spam" with another name - 20 chars maximum)
Add blacklisted sites to the IP Screen (under All Domains)
When a DNS-BL lookup determines that a site is blacklisted, MDaemon will add it to the IP Screen if this control is enabled. Adding its IP address to the IP Screen will prevent it from ever connecting to your MDaemon in the future. If this feature is active MDaemon will only add blacklisted IP addresses to the IP Screen file if it is 20KB or smaller (approximately 500 entries). This will prevent the IP Screen from becoming inadvertently filled with huge numbers of addresses, which could impact server performance. When the IP Screen file reaches that size, blacklisted addresses will no longer be added automatically but can still be added manually using the IP Screening feature (located at Security Address suppression/IP screening/Host screening…).
Authenticated sessions are exempt from DNS-BL lookups
Click this checkbox if you want those sessions that were authenticated using the AUTH command to be exempt from DNS-BL lookups. It will perform no lookups for those sessions.
Always exempt Trusted IPs from DNS-BL lookups
Click this checkbox if you want addresses that are listed on the Trusted Hosts tab of Relay Settings to be exempt from DNS-BL lookups.
DNS-BL
MDaemon will query each of these hosts when performing a DNS-BL lookup on an IP address. If a host replies to the query with a positive result, MDaemon will refuse to accept the message from that IP address, and will send the short message associated with the host that blacklisted the address (if you have enabled the "Send 'Message' on match…" option below).
Remove
Select an entry from the RBL Hosts list and click this button to remove it from the list.
New host
If you wish to add a new host to be queried for blacklisted IP addresses, enter it here.
Message
This is the message that will be sent when an IP address has been blacklisted by the New Host.
Add
After entering a New Host and Message, click this button to add it to the RBL Hosts list.
Stop host lookups on first host match
Oftentimes there are multiple hosts contained in the headers of each message that DNS-BL processes, and multiple RBL hosts that are queried. Ordinarily, DNS-BL will continue to query the RBL hosts for all hosts in the message regardless of the number of matches found. Click this option if you want DNS-BL to discontinue RBL host queries for any given message as soon as a match is found.
Send "Message" on match rather than "User unknown"
Click this option if you want the specific message assigned to the RBL host to be passed during the SMTP session whenever an IP address is found to be blacklisted. Otherwise, a "user unknown" message will be passed instead. This option is not available if you have elected to use the option on the DNS-BL Options tab to flag messages as spam rather than refuse them.
Caching Options
Automatically cache DNS-BL results
Enable this control if you want to cache those IP addresses that receive a positive (i.e. blacklisted) result from a DNS-BL lookup.
cached. For more information on the implications of caching DNS-BL lookups, see:
www.mail-abuse.org.
Enter New Cached Entry
IP address
Enter the IP address that you wish to manually add to the DNS Black List cache.
Default time to live (in minutes)
This is the amount of time that the entry will remain in the DNS Black List cache. Entering 9999 into this field will prevent the entry from expiring-however this is not recommended.
Automatically cached entries use default time to live also
Click this check box if you want automatically cached entries to use the Default time to live setting specified above. Normally the time to live (TTL) parameter is based on information returned during the DNS lookup rather than by the Default time to live setting.
Maximum cached entries
This is the maximum number of entries that you want to allow to be cached.
Add
After entering the IP Address and Default Time To Live click this button to add the entry to the list of cached IP addresses.
Currently cached entries
This box list the IP addresses that are currently cached. MDaemon will not perform a lookup on them. They will be treated as blacklisted addresses.
Remove
Select an entry and then click this button to remove it from the list of cached addresses.
Clear
Click this button the clear the list of all cached IP addresses.
White List
Use this tab to designate IP addresses that will be exempt from DNS-BL lookups. You should always include your local IP address range to prevent DNS Black Lists from looking up messages originating from local users and domains (i.e. 127.0.0.1, 192.168.*.*, and so on). Place one address on each line. Wildcards are permitted.
