A DNS blackhole list (DNSBL) is an actively maintained DNS server with a database of IP addresses associated with Internet mail servers. These mail servers got into the database because of one or more spam-related criteria, e.g. known open relay, dial-up IPs used by spammers, etc. This window allows you to add these blacklist servers to Praetor.
Press the button to enter the domain name for the DNS blacklist server. Using these DNSBL servers, Praetor will perform a DNS query on every connection attempt it receives from a sending mail server to see if the IP address associated with the connecting session is found in the database. If the IP address is listed, Praetor can refuse the connection attempt at the protocol level (not recommended for this reason) or reject at the message level (default).
While you may list multiple DNSBL servers, keep in mind that multiple queries may slow Praetor's mail processing, either the message reception itself (protocol level) or the message filtering (message level). Thus CMS recommends and the administration program will permit no more than two DNSBL servers be checked.
Note:
|
If you want to use more than two DNSBL servers, it is best to have your own DNS server participate in the zone transfers of blacklist data. By doing this, you will set Praetor to query that local DNS server at much faster LAN speeds, and since it is being used exclusively by your Praetor that is querying only once for each IP address, the response times will be extremely fast. |
CMS has found in early 2005 that spammers have changed tactics making SMTP protocol level DNSBL testing susceptible to a denial-of-service attack. This susceptibility makes other competing products dangerous to use. Praetor G2 may be the first product to offer DNSBL testing at the message level (set as the default starting in v2.1), and the dangerous protocol level testing can be switched on by contacting CMS Technical Support.
This choice is mutually-exclusive and can be summarized as follows:
|
Using the connecting IP address, Praetor performs the DNSBL query even before a session is established. If found on the DNSBL, the connection is refused and terminated. Thus the message is never received. When such a refusal occurs, only basic information such as the connecting IP address and any information reported by the DNSBL is actually logged as a protocol event. | |
|
If you don't filter at the SMTP protocol level, then the message can be received and Praetor allows you to create rules to perform the DNSBL filtering using the recorded IP address found in the received header lines of the message. Naturally this DNSBL rule must be enabled. Based upon the response from the DNSBL, you may determine different actions for Praetor to take, giving you much greater control. For example, you may decide that if the response indicates the IP found in the server's database, then you may quarantine (default) the message instead of rejecting it. In this way, it is possible to 'reclaim' the message and release it for delivery to the recipients' mailbox.
|
From experience with the earlier version of Praetor, we learned that using the protocol level testing is difficult to identify partner mail servers that happen to be blacklisted by the DNSBL server. The logged entries only save the connecting IP address without any domain name. In contrast to this, the message level DNSBL test allows us to examine the quarantined message and find the sender who is in the trading partner's domain.
Here are some comparison points for you to consider.
|
Criterion |
Protocol level |
Message level |
|
Connectivity requirement? |
Praetor must receive the message directly from the sending mail server |
Praetor can be downstream from the point of entry (more
info) |
|
Message actually received? |
No since the IP session is closed immediately |
Yes |
|
Can blacklisted messages be approved and delivered? |
No |
Yes |
|
Saves on disk storage? |
Yes since the message is not received |
No since the message is received and likely to be quarantined |
|
Discovery of valid correspondents whose mail server is blacklisted? |
Difficult since protocol log entries only have IP addresses and no domain information |
Simple since the quarantined message is available for review to identify
the domain associated with the blacklisted IP address |
Based upon these factors and the fact that disk storage costs are falling, CMS recommends the use of message level DNSBL testing over the protocol level.
Warning:
|
Using message level DNSBL testing and choosing the (default) action to quarantine the message will mean messages will accumulate very quickly in the Quar folder. You will need to monitor the number of message files in the quarantine folder since this will impact performance due to limitations in the Windows OS. With 512MB of RAM, Windows gets bogged down when there are more than 40,000 message files in the Quar folder. You should take advantage of the PURGEQUAR tool to age and delete old quarantined message files. |
Sometimes you discover that a trading partner has been blacklisted on your specified DNSBL servers. If this happens use the DNSBL Bypass List so that Praetor will ignore the negative report and allow messages from your partner to get past the DNSBL test.
Note:
|
Although DNSBL may be bypassed using this list, messages will still be tested by your enabled message level rules. |