1. Using the Blacklist

E-mail server software receives and sends e-mail messages, but it should be able to ascertain whether or not an incoming message should be rejected due to not being in compliance with service guidelines, normative acts, or other criteria. The goal of a blacklist is to reduce the number of received e-mails from servers that do not comply with standards or normative act requirements, as well as to ensure normal server operation and minimise the chance of being blacklisted by foreign or other service providers.

If this description does not include your e-mail software, please use your e-mail server documentation to establish how to correctly implement blacklisting.

2. Blacklisting in several popular e-mail server software

A blacklist consists of IP addresses that have sent unwanted messages, or spam. When using a blacklist, it’s possible to configure the receiving e-mail server to stop the spam in the very beginning stages of communication: if the sender’s IP address is included in the blacklist, the message is not processed further.

Using the Blacklist in various e-mail server software:

Postfix

Editing the /etc/postfix/main.cf or main.cof file:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
(...),
reject_rbl_client lbl.bl.cert.lv,
(...),

Sendmail

1. Add this line to your server config.m4
FEATURE(`dnsbl', `lbl.bl.cert.lv', `"Mail blocked based on BLW.CERT.LV: http://blw.cert.lv/?m=query"$&{client_addr}')dnl

2. For newer versions:
FEATURE(`enhdnsbl', `lbl.bl.cert.lv', `" http://blw.cert.lv/?m=query"$&{client_addr}', `t')dnl

3. Recompile sendmail.cf using config.m4

4. Restart Sendmail

Microsoft Exchange

Microsoft Exchange 2003 SP2 and newer versions support blacklist use if you are using the Microsoft Exchange Server Intelligent Messaging component. To read more about its use, see http://support.microsoft.com/kb/823866
In the Connection filter parameter, enter lbl.bl.cert.lv as the “DNS Suffix of Provider” lbl.bl.cert.lv

3. An example of integrated use of the blacklist and other tools

Black List of Latvian Spammers (MMS) can be used with SpamAssasin software to ensure additional functionality.

If a message is sent from an IP address on the blacklist, it has 3 points added to the score, which influences its fate in further spam filtration.

In this case, the processing of a message is not always cancelled even if the sender’s IP address is in the blacklist.

SpamAssasin configuration:

header RCVD_IN_CERTLVBL eval:check_rbl('certlv', 'lbl.bl.cert.lv')
describe RCVD_IN_CERTLVBL Received via a relay listed by Cert.lv BL
tflags RCVD_IN_CERTLVBL net
score RCVD_IN_CERTLVBL 3.0

4. Tips

• We recommend not using the following Postfix configuration with the blacklist. It is outdated and could cause problems in newer versions of Postfix:

aps_rbl_domains = lbl.bl.cert.lv,
zen.spamhaus.org,

smtpd_recipient_restrictions =
(...),
reject_maps_rbl,
permit

• If the e-mail system has separate servers for sending and receiving – Relay and MX, then the suggested configuration is the following:

  • To use the blacklist on Relay servers on the e-mail server software level, as shown in the example of Postfix configuration.

  • To use the blacklist only as supplementary marking on the SpamAssasin level on MX servers, because:

    • more effective methods can be used, for example, Greylist http://www.greylisting.org/

    • the senders of spam can send messages using e-mail servers whose inclusion on blacklists would not be desirable.

5. MMS usage possibilities

• The Latvian MMS can be used by anyone.

• Additional opportunities can be secured by signing a contract with CERT NIC.LV.

• When using lbl.cert.lv and signing a contract with CERT NIC.LV:

• Your e-mail server will be included in the Whitelist, which will guarantee not being included in the Blacklist.

• You will have the opportunity to define the networks to be included in the Whitelist, as well as many other options.

• Your suggestions in regard to the improvement of services will be taken into account.

• If you are an Internet service provider, and assign IP addresses to your clients with DHCP, then we offer the possibility of defining separate networks, which, after a defined period of time, automatically are removed from the Blacklist. This time period can be modified to comply with the DHCP lease time defined in your infrastructure.

6. Necessary resources and possible problems when using the Blacklist

• Using the Blacklist does not require additional server capacity or other resources. In fact, the opposite is true: when using the Blacklist, it’s possible to partially unburden an e-mail server, because a part of unwanted letters are filtered out before being processed in spam filters.

So that end users (e-mail accounts) have a chance to choose whether or not to use filtration in their inbox, it’s recommended to use the MMS as one of the parameters in the SpamAssasin software.

• The Latvian MMS server lbl.cert.lv offers combined Blacklists as well as copies of other well-known Blacklists:
  

  1. lbl.bl.cert.lv = Latvia’s MMS