Spamhaus XBL with DCC (Was: Experience with DKIM...)

Gary Mills
Sun Mar 30 13:35:31 UTC 2008

On Sat, Mar 29, 2008 at 06:42:57PM +0000, Vernon Schryver wrote:
> > From: Gary Mills <>
> > We are using Spamhaus' XBL, and are happy to pay for it.  
> Since you are already using the XBL, I think you should switch to
> Spamhaus' ZEN unless you are checking the XBL via dccm, dccproc, or
> dccifd.  Even if you are using `dccm -B`, you should enable ZEN checks
> on SMTP clients and on MX servers for SMTP envelope domains with something 
> like this in /var/dcc/dcc_conf
> DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 %ID %BT' -Bset:no-NS"
> That is because ZEN/PBL includes IP addresses of legitimate DNS servers
> and so should not be used for the default dccm, dccproc, or dccifd DNSBL
> checks on NS records.

Yes, I'm using XBL through DCC because I want users to be able to
whitelist messages rejected by XBL in the same manner that they can
for messages rejected for bulkiness.  I'm using this setting:

    DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 id %s from %s rejected. See' -Bset:no-body -Bset:no-MX -Bset:no-NS -Bxbl.dnsbl,any"

I don't want to use PBL, included in ZEN I believe, because it includes
the IP networks of many of our SMTP mail submission clients.  I don't
want to reject those.  Now that most ISPs are blocking the SMTP port,
it may be possible to revisit that decision.

-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-

More information about the DCC mailing list

Contact by mail or use the form.