Mcafee Blacklist
Question asked by Ryan Wittenauer - April 3 at 7:44 AM
Answered
Does anyone have experience configuring RBL settings for Mcafee's blacklist?
We have it setup, but it does not appear to be working. 

Do you have to pay to use their service similarly to Spamhaus?

5 Replies

Reply to Thread
2
Richard Clafton Replied
McAfee returns a 127.0.0.2

From the page I reference below:
MCAFEE    cidr.bl.mcafee.com    127.0.0.2 - weight of 10

I used this for a reference.  I have to say, configuring my SM 16 install with these settings has made a massive difference to the amount of spam we get - greatly reduced.   And I have been monitoring the logs since to make sure there is no mail being rejected without cause.  No issues at all!

http://know.mailsbestfriend.com/papers/SmarterMail-Antispam-Settings.shtml
0
Ryan Wittenauer Replied
Richard, do you see the Mcafee RBL show up in logs? I can generally see every other RBL we have in SMTP logs giving weights but Mcafee isn't.
1
Richard Clafton Replied
Marked As Answer
Yes, it's checking.  I have it  enabled in DELIVERY, and SMTP - it does not show up in SMTP unless it's a fail it seems...  

For example this message failed on GBUDB but it did not give any detail on pass or fail for other checks.  And I have logging set to detailed.
[217.182.239.250][35955892] Mail rejected due to SMTP Spam Blocking: GBUDB (30,failed)

This is DELIVERY, which shows everything.

[2019.04.05] 00:51:04.644 [70671] Spam check results: [BARRACUDA: 0,passed], [SPAMCOP: 0,passed], [GBUDB: 0,passed], [HOSTKARMA-BLACK: 0,passed], [MCAFEE: 0,passed], [SURRIEL: 0,passed], [ZEN2: 0,passed], [_MESSAGESNIFFER: 0,code:0], [_INTERNALSPAMASSASSIN: 2:3], [_SPF: 0,None], [_DK: 0,None], [_DKIM: -2,Pass], [ZEN10: 0,passed], [ZEN5: 0,passed], [ZEN4: 0,passed], [ZEN11: 0,passed], [BACKSCATTER: 0,passed], [IX: 0,passed], [HOSTKARMA-YELLOW: 0,passed], [ZEN6: 0,passed], [ZEN7: 0,passed], [ZEN9: 0,passed], [ZEN3: 0,passed], [UCEPROTECT3: 0,passed], [UCEPROTECT2: 0,passed], [UCEPROTECT1: 0,passed], [MSRBL: 0,passed], [SEM-BS: 0,passed], [SEM-BL: 0,passed], [SENDERSCORE: 0,passed], [SPAMRATS: 0,passed], [UBL: 0,passed], [BONDEDSENDER: 0,passed], [IADB: 0,passed], [MAILSPIKE-L5: 0,passed], [MAILSPIKE-L4: 0,passed], [MAILSPIKE-L3: 0,passed], [MAILSPIKE-L2: 0,passed], [MAILSPIKE-L1: 0,passed], [MAILSPIKE-H1: 0,passed], [MAILSPIKE-H2: 0,passed], [MAILSPIKE-H3: 0,passed], [MAILSPIKE-H5: 0,passed], [MAILSPIKE-H4: 0,passed], [SURBL8: 0,passed], [SURBL16: 0,passed], [SURBL128: 0,passed], [SURBL64: 0,passed], [DNSBL: 0,passed], [URIBL-BLACK: 0,passed], [SEM-URIBL: 0,passed], [SEM-URIRED: 0,passed], [URIBL-WHITE: 0,passed], [URIBL-GREY: 0,passed], [CBL: 0,passed]
0
Ryan Wittenauer Replied
Richard, curious if you know, Gbudb seems to be built into Message Sniffer. Shouldn't Message Sniffer already be checking against that?
1
Richard Clafton Replied
I'm only using MessageSniffer as a trial - so I simply enabled it along with my other settings.  From the logs, it does not seem to be doing much more than my rules.  So won't be extending it to the paid version.

Reply to Thread