Configuring the RBL Filter

Topics:

•	Enabling RBL Blocking

•	Adding RBL Services

•	Configuring User-Defined SMTP Server Lists

•	Testing SMTP IP Addresses

Enabling RBL Blocking

When Enable Real-time Black List Blocking is enabled in the Real-time Black List Settings section on the RBL Filter page, inbound connections from hosts on the WAN or outbound connections to hosts on the WAN are checked against each enabled RBL service with a DNS request to the DNS servers configured under RBL DNS Servers.

The RBL DNS Servers menu allows you to specify the DNS servers. You can choose Inherit Settings from WAN Zone or Specify DNS Servers Manually. If you select Specify DNS Servers Manually, enter the DNS server addresses in the DNS Server fields.

When you have finished, click Accept.

The DNS responses are collected and cached. If any of the queries result in a blacklisted response, the server will be filtered. Responses are cached using TTL values, and non-blacklisted responses are assigned a cache TTL of 2 hours. If the cache fills up, then cache entries are discarded in a FIFO (first-in-first-out) fashion.

The IP address check uses the cache to determine if a connection should be dropped. Initially, IP addresses are not in the cache and a DNS request must be made. In this case the IP address is assumed innocent until proven guilty, and the check results in the allowing of the connection. A DNS request is made and results are cached in a separate task. When subsequent packets from this IP address are checked, if the IP address is blacklisted, the connection will be dropped.

Adding RBL Services

You can add additional RBL services in the Real-time Black List Services section.

To add an RBL service, click the Add button. In the Add RBL Domain window, you specify the RBL domain to be queried, enable it for use, and specify its expected response codes. Most RBL services list the responses they provide on their Web site, although selecting Block All Responses is generally acceptable.

Statistics are maintained for each RBL Service in the RBL Service table, and can be viewed with a mouseover of the (statistics) icon to the right on the service entry.

Configuring User-Defined SMTP Server Lists

The User Defined SMTP Server Lists section allows for Address Objects to be used to construct a white-list (explicit allow) or black-list (explicit deny) of SMTP servers. Entries in this list will bypass the RBL querying procedure.

 

NOTE: To see entries in the RBL User White List and RBL User Black List, click the arrow to the right of the checkbox for that list.

Topics:

•	Configuring a White List

•	Configuring a Black List

Configuring a White List

For example, to ensure that you always receive SMTP connections from a partner site's SMTP server:

1	Create an Address Object for the server using the Add Servers: Add… button. the Add Address Object window appears.

2	Configure the Address Object.

3	Click OK. The Address Object will be added to the RBL User White List in the User-Defined SMTP Server Lists table.

4	Click the edit icon in the Configure column of the RBL User White List row. The Edit Address Object window displays.

5	Add the Address Object by selecting it and clicking the right arrow.

6

Click OK.

The table will be updated, and that server will always be allowed to make SMTP exchanges.

Configuring a Black List

1	Click the Edit icon in the Configure column of the RBL User Black List row. The Edit Address Object window displays.

2	Add the Address Object by selecting it and clicking the right arrow.

3

Click OK.

Testing SMTP IP Addresses

The System > Diagnostics page also provides a Real-time Black List Lookup feature that allows for SMTP IP addresses (or RBL services, or DNS servers) to be specifically tested.

For a list of known spam sources to use in testing, refer to:

http://www.spamhaus.org/sbl/latest.lasso