Stop Spam in SmarterMail with RBL SBL and BL
Posted on Feb 8, 2008 by Paul White
First thing you want to do is login to smarter mail as the server admin.
Then rollover security
and click on Anti-Spam Administration.
This will bring up a page like this
What is that? You don't have all these great RBL and SBL lists?
No problem Here are the servers I use for these
After you add these RBL lists to smarter mail you will still need to specify how you want them filtered.
Your have two options
- Enable for Filtering
- Enable for Incoming Blocking
Enable for Filtering will simply take your spam and move it to your spam folder
Enable for Incoming Blocking will reject the connections entirely.
Start out with the first option, then check after a couple days to make sure you aren't getting any false positives.
Then if everything looks good start enabling for blocking.
One other thing you will want to make sure you do is block the Dictionary attacks. This is when spammers setup servers to ping your mail server with every name they can find in a dictionary @ yourdomain.com. Naturally SmarterMail
will just respond with "User Not Here". But eventually the dictionary attach will determine exactly what email exists at your mail server. To stop this you will want to enable Abuse Detection on SmarterMail
, click on Abuse Detection
What I have found works well is to set the Bad SMTP Sessions ( Harvesting) to check back for IPs that have tried a dictionary attach within the last 60 minutes. If it find 2 or more instances of a bad request, IE ( 2+ attempts to send you email to a user that doesn't exists on your mail server ) Then it will put the IP on the Block list and refuse any future connections from this IP for your Block time, of which is 43200 minutes for me ( I am not friendly to spammers ), this is about 1 month.
To see how many Spammers get caught in your little trap, rollover Reports and click on Current Blocks.
You should see a list of IPs that are being blocked because they tried to dictionary attack one of your domains.
My client reported that some of his clients were having trouble sending him email. I am not sure which RBL list was causing this, so I had to take them all back to filter only, and not block. I am slowly adding them back on block status.