Prevent inbound spam in Lotus Domino Mail Server part3
Specifying the DNS blacklist sites to check
You can specify one or more sites that the Domino server’s SMTP task will use to identify whether a connecting host is a “known” open mail relay or spam source. You must specify sites that support IP-based DNS blacklist queries.
In order to minimize the impact on performance, you should limit the number of DNSBL sites by selecting only a few to use. Remember that Domino will perform a DNS lookup on each DNSBL site for each SMTP mail connection. Once Domino finds a match for a connecting host in one of the blacklists, it does not continue checking the lists. This is so the server’s work is kept to the minimum necessary to get the job done.
Performance considerations
When Domino checks a DNS blacklist, it performs DNS queries over the network. If the DNS query goes over the Internet, it could take a significant amount of time to resolve DNS queries and therefore slow the processing of blacklist filters on inbound messages. In a high volume mail environment, this can present a serious bottleneck on inbound mail.
When using a free public blacklist service, the network latency of DNS queries made over the Internet can result in slowed blacklist filtering performance. With a private service that allows DNS zone transfer, Domino can perform the required DNS lookups to a local DNS host that you set up with a copy of the DNS blacklist. With a zone transfer, the contents of the DNS zone file at the DNSBL service provider are copied to a DNS server in your local network. DNS queries for blacklist filtering can then be completed on the local network without going over the Internet, thereby improving the performance of blacklist filtering.
How DNS blacklist filters work
When DNS blacklist filters are enabled on a Domino server, every incoming SMTP mail connection is checked against one or more DNSBLs. Domino performs a DNS query against the blacklists at the DNSBL sites specified. If a connecting SMTP mail host is found on the blacklist, Domino can do any of the following:
* Log the message
* Log and tag the message
* Log and reject the message
The next panel takes a look at these actions in more depth.
Viewed 486 times by 165 viewers
