• Home
• About
• Download
• Contact, Support & Imprint
• License & Disclaimer
• Roadmap
• Changelog
• Tutorials
  • Install
  • Configure Doorman Server
  • Configure Detective server
  • Doorman and Detective interaction
• Configuration
  • Cache & Database
  • Defender
  • Detective
    • Archive
    • Bogofilter
    • ClamAV
    • CRM114
    • DeepDNSBL
    • DKIM Sign
    • DKIM Verify
    • DSPAM
    • HoneyCollector
    • Razor
    • SpamAssassin
  • Doorman
    • Association
    • Basic
    • CWL and CBL
    • DNSBL
    • Geo Weight
    • Greylist
    • Honeypot
    • Sender Permit
    • SPF

DeepDNSBL

Description

Deep inspection of received header IPs and comparing against DNSBLs.

It works much like the DNSBL Module in Doorman, but instead of using the connection IP, it tries to get all the IPs from the Received-header. The general idea is, that the mail might have been sent over a "good" MTA, but originated on a "bad" MTA (the spammer). Local network IPs (eg 10.0.0.0/8) will be ignored.

If a IP was checked by the DNSBL module from Doorman already, it will not be checked/weighted again.

Read also the Description section of the DNSBL module in Doorman, where the pros and cons of DNSBLs are discussed.

Configuration

blacklist

Allowed values: Array of { host: "hostname", weight: Integer }

You can use as much blacklists as you want. Don't overdo, 3-6 should be sufficient. Put the most trusted (reads: highest negative hit rate with least false-positive rate) in front, with highest weight, and less trusted below, with less weight.

Example

---

disable: 0
timeout: 30

blacklist:
    -
        host: ix.dnsbl.manitu.net
        weight: -80
    -
        host: bl.spamcop.net
        weight: -80
    -
        host: dnsbl.sorbs.net
        weight: -60

Performance

Depends on the speed of your DNS resolution. Normally quite fast. The more "hops" the mail took, the more IPs have to be checked.