Jump to content

RBL and DNSBL advanced antispam protection on Mail Security for Exchange

Recommended Posts


I have some questions regarding Advanced settings under Antispam protection.

1. Not clear what is the difference between "Additional RBL servers" and "Additional DNSBL servers"?  The is no hints in administrative console/ And still not clear from Online help: https://help.eset.com/emsx/10.0/en-US/idh_antispam_engine.html

2. Does it make sense to add in RBL servers well known providers like zen.spamhaus.org, b.barracudacentral.org or bl.spamcop.net? As I see in logs each time an IP is listed in RBL provider it also is found in cloud blacklist 1 or cloud blacklist 2.

Link to comment
Share on other sites

  • ESET Staff


RBL servers are queried with IP addresses extracted from 'Received:' headers, DNSBL servers are queried with IP's and domains extracted from message body.

Hope that helps.

Link to comment
Share on other sites

Thank you for fast answer.   You confirmed what I found experimentally. Could you please change Online help to make this topic clearer? It is a bit confusing to understand it because RBL and DNSBL means the same at present.

What about second questions? Does it make sense to use well known DNSBL providers.

And one more question. Where can I find something like wish-list, where I could request to realize some improvements or features in Mail Security for Exchange?

Link to comment
Share on other sites

  • 2 weeks later...

Hello again!

To say the truth, we can't use RBL feature with other providers (spamhaus). Because of many false positive. At least one setting doesn't work properly:   "Maximum number of verified addresses from Received: headers"

"You can limit the number of IP addresses that are checked by Antispam. This concerns the IP addresses written in Received: from headers. The default value is 0, which means that only the last identified sender's IP address is checked."

Copied from online help:  https://help.eset.com/emsx/10.0/en-US/idh_antispam_engine.html

For some reason EMSX parse more IP addresses from header (not only last).  Here is the log example:

Antispam scan result:  Spam
IP (X.Y.Z.61) listed on RBL service (zen.spamhaus.org:
IP (A.B.C.220) wasn't found on cloud blacklist 2

Actually A.B.C.220 address is last from header, and from it was initiated the SMTP session.

Could you please check is this is an issue? Used EMSX version 9


Link to comment
Share on other sites

  • ESET Staff

Hi, when there is a limit on number of IP addresses from Received headers set by user, they are counted from the most recent (appears on top). Local IP addresses and addresses on Ignore list are skipped i.e. not counted towards the limit.

Note: besides Received headers, we also acquire the IP address of the connecting server from the SMTP session - this address is always checked against our cloud blacklists/whitelists, independent on whether it is part of Received headers or not. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...