Configuring SpamRATS on SmarterMail
How to configure SpamRATS RBLs on SmarterMail MTA
This article assumes you are running SmarterMail 17.x or newer. First, navigate to the SmarterMail admin interface:
Security >> Anti-Spam Administration
Click on RBLs (Real-time Blacklists) tab
Click 'New' to create a new RBL.
In the new RBL input section, enter
Name: SpamRats-NOPTR Description: Blocks IPs with no reverse DNS DNS Zone: [YOUR_API_KEY].dyna.spamrats.com Required Lookup Value: 127.0.0.2 (or blank to match any) Enable this RBL: Checked Weight: 20 or 30 (depending on your policy)
Repeat for other SpamRATS RBLs you wish to use, such as spam, dyna, etc.
Once done, you will need to Attach the RBL to SMTP Blocking. Go to Security >> SMTP Blocking.
Under RBLs, enable "Use RBLs to block incoming SMTP connections".
Check the box next to SpamRATS-NOPTR (or your custom name).
You can also configure SmarterMail to use any of our RBL lists, or the special 'auth.spamrats.com' list to block compromised IPs from logging in using any sort of compromised credentials for sending emails.
Go to Security >> RBLs, click New, and define:
Name: SpamRats-AUTH Description: Blocks IPs known for auth abuse DNS Zone: [YOUR_API_KEY].auth.spamrats.com Required Lookup Value: 127.0.0.2 (or blank to match any) Enable this RBL: Checked Weight: Suggest 50 (very high threat)
Now, go to Security >> SMTP Blocking (or even Incoming Gateways if applicable).
Under SMTP Authentication Abuse, configure: RBLs to use for authentication attempts -> Check SpamRats-AUTH
Warning: Please remember that you MAY not be able to query from some DNS servers, especially without an API key. You should use a DNS servers that clearly identifies who is making the query (PTR Record). Consider using your own local resolver if you have troubles. With a subscription, there are alternative ways to get data.
Caveats and Testing that it Works
RBL's work using DNS, and you should ALWAYS look for the correct IP Address being returned. Simply getting a "result" doesn't always mean the IP is listed. It should return the specific IP address, anything else might mean an error, and should be ignored and NOT rejected. Also, your DNS needs to be able to correctly query our mirrors. Bad firewall rules that prevent you from reaching our mirrors, means that you are not protected. You can always test at the command line first. A simple..
host 36.0.0.127.[YOUR_API_KEY].dyna.spamrats.com host 1.0.0.127.[YOUR_API_KEY].dyna.spamrats.com
.. the first example should work and return 127.0.0.36, while the second example should return NXDOMAIN. (IP Not found). If that doesn't work, check your firewalls first, and check which DNS servers you are using, and finally test/check your API key is correct, and active before reaching out to us for support.
Blocked Users
You may find that your ability to query the SpamRATS DNSBL Public Mirrors has been restricted. This could be due to the usage not falling within our Terms of Service. Before restricting any queries we try to reach out via email. Please check to see if you received an email from sales@mthreat.com at your public email address. If you have received the message, please reply to it.
If you would like to continue using the SpamRATS RBLs, please contact us and include the IP(s) that you used to query in your email.
Many thanks to our Sponsors, Subscription Holders, Users and Contributors.
