What are RBLs? #
RBL is an acronym for Realtime Blackhole Lists. These are lists of IP addresses or domains of known sources of spam or malware. These lists are DNS based and checked during the initial SMTP handshake on Mailborder servers. If a remote server is found to be listed on an RBL in use, the connection is rejected and no email is accepted from the source. Additional RBLs are also checked during spam scanning after an email is accepted. If an RBL is matched during spam scanning, the rule match and associated spam score is added to the processing results.
Not all RBLs are created equal. Some are well maintained and very accurate. Others are poorly maintained and very inaccurate. Others are predatory. For example, the UCEPROTECT will delist your IP address if you pay them. They list entire ASNs (Autonomous System Number) of providers like Digital Ocean or Amazon Web Services. This RBL is a complete scam. If you see results for them in your spam scores, just ignore them. We set the spam score to 0.01 in Mailborder installations for UCEPROTECT3 results.
With all of that being said, RBLs are very effective tools for keeping garbage email out of your environment. Mailborder uses multiple layers of a defense in depth strategy to protect your environment. RBLs are one of the first layers of that defense.
#
Configuration #
As of this writing, the configuration is located in the Master GUI here: [ top menu > transport > RBL settings ]
The options are limited as this is a very simple check. The IP of the remote server will either be listed on your chosen RBL or not. You may set the system to either accept (not recommended) or reject the connection.
RBL Reject Mode #
What to do with a connection where the remote IP is triggered as a failure by one of the RBLs. The reject option will reject the remote server connection. The accept option will allow an email that would normally be rejected and prepend the header with the RBL failure. An email that fails RBL checks and is accepted will be prepended with a header called X-mailborder-rbl-fail. Recommended setting: reject.
Test Mode #
If enabled no messages will be rejected. The results will be sent to syslog and headers appended, but the email will be allowed to pass if the IP is listed on provided RBLs. Uncheck for normal processing and evaluation.
Verbose Logging #
Log more information to syslog during RBL evaluation.
#
Available RBLs #
Mailborder comes with several RBLs predefined in the configuration. The Barracuda RBL is enabled by default as it is one of the most accurate and reliable RBLs. To use and RBL simply check the box next to it. You may also add additional RBLs to the list.
#
Whitelists #
IP Whitelist #
If you encounter a legitimate source IP that is being rejected by one of your RBLs, you can whitelist that IP address. This will allow you to continue to use that RBL and also receive email from that source IP. It is safe to leave an IP on this list permanently.
Domain Whitelist #
This list should be used sparingly and for a limited time. Overall, this is a dangerous practice as this allows matching sender domains to bypass the RBL checks. If a spoofed email is going to come from somewhere, it would probably come from an IP listed on a reputable RBL. Any domain entry should be temporary!
