Configuring and Maintaining Your Server 69
Switching On Spam Protection Based on DNS Blackhole Lists
You can use free and paid subscription blackhole lists with your server. Visit
http://spamlinks.net/filter-dnsbl-lists.htm and choose a DNSBL server you want to use.
To switch on spam protection based on DNSBL:
1 Click the Server shortcut in the navigation pane.
2 Click the Mail icon in the Services group.
3 Select the Switch on spam protection based on DNS blackhole lists check box.
4 In the DNS zones for DNSBL service input box, specify the host name that
your mail server should query, for example: sbl.spamhaus.org.
5 Click OK.
Now, e-mail messages from known spammers should be rejected with an error code
550 (connection refused).
Setting Up Support for Sender Policy Framework System
To set up support for Sender Policy Framework on your server:
1 Click the Server shortcut in the navigation pane.
2 Click the Mail icon in the Services group. The server-wide mail
preferences screen will open on the Preferences tab.
3 Select the Switch on SPF spam protection check box and specify how to
deal with e-mail:
To accept all incoming messages regardless of SPF check results, select the
Create only Received SPF-headers, never block option from the SPF checking mode
drop-down box. This option is recommended.
To accept all incoming messages regardless of SPF check results, even if SPF
check failed due to DNS lookup problems, select the In case of DNS lookup
problems, generate temporary errors option from the SPF checking mode drop-down
box.
To reject messages from senders who are not authorized to use the domain in
question, select the option Reject mail if SPF resolves to fail from the SPF checking
mode drop-down box.
To reject the messages that are most likely from senders who are not authorized
to use the domain in question, select the option Reject mail if SPF resolves to softfail
from the SPF checking mode drop-down box.
To reject the messages from senders who cannot be identified by SPF system
as authorized or not authorized because the domain has no SPF records
published, select the option Reject mail if SPF resolves to neutral from the SPF
checking mode drop-down box.
To reject the messages that do not pass SPF check for any reason (for
example, when sender's domain does not implement SPF and SPF checking
returns the "unknown" status), select the option Reject mail if SPF does not resolve
to pass from the SPF checking mode drop-down box.
