Spamhaus Zen Alternatives

edited April 25 in Technical

I recently installed ISPconfig on a VPS and encountered an issue. All incoming emails were blocked by Spamhaus (rspamd) because I'm using Cloudflare. (WTF)

It seems that you can apply for a free Spamhaus DQS subscription for non-commercial use. Otherwise, you will have to pay from $250 per year. (Lmao)

My quick fix was to replace Spamhaus Zen with bl.spamcorp.net as a real-time blackhole list, and my plan is to test it before using it in production for small sites with limited email usage.

What free blacklists are you using, and what can you recommend?

Thanked by (1)host_c

Comments

  • A DNSBL is just one indicator to use for blocking mails. Use multiple factors when deciding to block mails (is the IP address listed in multiple DNSBLs? does the sender have a proper reverse DNS record? does the sender use a proper name for HELO/EHLO? does the name match its IP address? does the sender bother to use TLS?) If only one factor fails, use greylisting and see if the sender retries.

    Thanked by (2)xvps someTom
  • @cmeerw said:
    A DNSBL is just one indicator to use for blocking mails. Use multiple factors when deciding to block mails (is the IP address listed in multiple DNSBLs? does the sender have a proper reverse DNS record? does the sender use a proper name for HELO/EHLO? does the name match its IP address? does the sender bother to use TLS?) If only one factor fails, use greylisting and see if the sender retries.

    Yes, but the problem here is that Spamhaus blocked my mail server with the error: open/public resolver.

    See: https://www.spamhaus.com/resource-center/successfully-accessing-spamhauss-free-block-lists-using-a-public-dns/

  • @xvps said:

    @cmeerw said:
    A DNSBL is just one indicator to use for blocking mails. Use multiple factors when deciding to block mails (is the IP address listed in multiple DNSBLs? does the sender have a proper reverse DNS record? does the sender use a proper name for HELO/EHLO? does the name match its IP address? does the sender bother to use TLS?) If only one factor fails, use greylisting and see if the sender retries.

    Yes, but the problem here is that Spamhaus blocked my mail server with the error: open/public resolver.

    See: https://www.spamhaus.com/resource-center/successfully-accessing-spamhauss-free-block-lists-using-a-public-dns/

    Then add "don't use public resolvers to query DNSBLs" to the list. A lot of these are only free to use for small email servers, but by using public resolvers, it's impossible for them to tell who is using the DNSBL, so they block access for public resolvers (I don't think Spamhaus is the only one doing this).

  • skhronskhron Hosting Provider

    @xvps, you can setup local recursor (for example, Unbound) to be able to use Spamhaus DNSBLs.

    Answering your question, you really should not rely on any single DNSBL but to use multiple ones for scoring.

    Thanked by (1)xvps

    Check our KVM VPS (flags are clickable): πŸ‡΅πŸ‡± πŸ‡ΈπŸ‡ͺ | Looking glass: πŸ‡΅πŸ‡± πŸ‡ΈπŸ‡ͺ

  • Necro, I know, but I just ran into this issue today and wanted to share my 2 cents;

    It's really quick, easy and free to request a 'Datafeed Query Key' (a.k.a. API key) for personal use via this form: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/ . After filling out the form, I instantly received my key and was back up and running 5 minutes later, so there's that.

    If you're still looking for alternatives, or additions to Zen Spamhaus (as you should never rely on a single DNSBL), I did some simple reverse engineering. I took the IP address of a recent, known, spammer and checked using MXToolbox which blacklists have it listed;
    https://mxtoolbox.com/blacklists.aspx
    I then added those DNSBLs to my server as well, after checking they have a removal policy in place that makes sense. Rinse and repeat a few times to get a more complete overview.

  • host_chost_c Hosting Provider

    @xvps

    for the moment, we use self hosted MAIL-COW, sincerely, I have no clue what it does and how, but for a free product, nothing to complain, we had a lot of other options before, some I remember:

    ZIMBRA (freaking awesome as mail server) + filters: EFA anti spam ( nice copy of cisco ) , then Proxmox Mail Filter ( nice product ) but issues persisted with all of them.

    Then one day I got a recommendation for mail-cow - works out of the box, with low false positive.

    This year, we will probably move all company related mail to G suite as we cannot manage to get our subnet out of DRONE BL, as the do not answer to nothing, mail, smoke signals, drums, pigeons....

    I just got tiered of e-mail setups and sincerely i hate it. :)

    Host-C - VPS Services Provider - AS211462

    "If there is no struggle there is no progress"

Sign In or Register to comment.