RBL: How to exclude a SMTP IP address if its being blocked by SonicWall RBL filter?

03/26/2020 1069 12353

DESCRIPTION:

SonicOS enhanced 5.4.0.0 firmware onwards the The Security Services | RBL Filter page has been moved to Anti-Spam | RBL Filter. Clicking the RBL Filter selection under Security Services in the left navigation pane will open the Anti-Spam | RBL Filter page.

SMTP Real-time Black List (RBL) is a mechanism for publishing the IP addresses of SMTP servers from which or through which spammers operate. There are a number of organizations that compile this information both for free http://www.spamhaus.org, and for profit http://www.mail-abuse.com. A well maintained list of RBL services and their efficacy can be found at:
http://www.sdsc.edu/~jeff/spam/cbc.html

RESOLUTION:

1. Login to the SonicWall Management Interface
2. Go to Services Services | RBL Filter
3. Select the checkbox “Enable Real-time Black List Blocking”
4. Navigate to User-Defined SMTP Server Lists section

The User Defined SMTP Server Lists section allows for Address Objects to be used to construct a white-list (explicit allow) or black-list (explicit deny) of SMTP servers. Entries in this list will bypass the RBL querying procedure.

For example, to ensure that you always receive SMTP connections from a partner site's SMTP server,

- Create an Address Object for the server you added using the Add button,

- Click the edit icon in the Configure column of the RBL User White List row, and add the Address Object. The table will be updated, and that server will always be allowed to make SMTP exchanges. 

The System | Diagnostics page also provides a Real-time Black List Lookup feature that allows for SMTP IP addresses (or RBL services, or DNS servers) to be specifically tested.

For a list of known spam sources to use in testing, refer to http://www.spamhaus.org/sbl/latest.lasso