New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Is there a list of anti spam black list servers?

Votes:

0

Your Vote:

Up

Down

Is there a list of blacklist servers available that I can use with the IP on DNS Blacklist sensor?

anti-spam blacklist ip prtg sensor spam

Created on Jun 20, 2012 9:30:43 AM by  Daniel Zobel [Paessler Support]

Last change on May 17, 2019 12:28:06 PM by  Maike Behnsen [Paessler Support]



12 Replies

Accepted Answer

Votes:

0

Your Vote:

Up

Down

This article applies to PRTG Network Monitor 19 or later

IP on DNS Blacklist Servers

By default, the IP on DNS Blacklist sensor checks some default blacklist servers. You can of course enter any servers you want to (as a comma-separated list).

To help you find some servers, see the link below.

Use with Care

With each scanning interval, the IP on DNS Blacklist sensor queries all servers that you entered in the sensor settings! In our tests, 50 blacklist servers with a 5-minute scanning interval worked fine. Values in your network may vary, depending on the connection speed and availability of servers.

We recommend that you do not enter more than 10 servers to make sure the check can be completed within the scanning interval of the sensor.

If you use too many blacklist servers, the sensor will show a Timeout (code: PE018) error message.

List of Blacklist Servers

For a list of other blacklist servers, see for example:

Note that you will have to pick some of them and put them together in a comma-separated list (without spaces in between).

Note: As of PRTG version 15.2.17, the IP on DNS Blacklist sensor follows RFC 5782, where IPv4-based DNSxLs (blacklists and whitelists) must contain an entry for 127.0.0.2 for testing purposes. In previous versions, the sensor did not check this, which provided a false sense of security when using non- (or no longer) existing DNS blacklist servers that always report that the IP is not listed.

Created on Jun 20, 2012 9:37:22 AM by  Daniel Zobel [Paessler Support]

Last change on May 17, 2019 12:29:02 PM by  Maike Behnsen [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Many of the servers on that external list are now generating errors as per the note above. This is the edited list of servers from http://dnsbllookup.com/ which currently work ok with PRTG.

access.redhawk.org,all.rbl.jp,all.s5h.net,all.spamrats.com,b.barracudacentral.org,bl.blocklist.de,bl.emailbasura.org,bl.mailspike.org,bl.score.senderscore.com,bl.spamcannibal.org,bl.spamcop.net,bl.spameatingmonkey.net,cblplus.anti-spam.org.cn,cidr.bl.mcafee.com,db.wpbl.info,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,dnsbl-3.uceprotect.net,dnsbl.dronebl.org,dnsbl.inps.de,dnsbl.justspam.org,dnsbl.kempt.net,dnsbl.sorbs.net,ips.backscatterer.org,ix.dnsbl.manitu.net,korea.services.net,l2.bbfh.ext.sorbs.net,mail-abuse.blacklist.jippg.org,psbl.surriel.com,rbl.efnetrbl.org,singlebl.spamgrouper.com,spam.dnsbl.sorbs.net,spam.pedantic.org,spamsources.fabel.dk,tor.dan.me.uk,truncate.gbudb.net,ubl.unsubscore.com,virbl.dnsbl.bit.nl

Created on Oct 5, 2015 10:58:55 AM by  Tim Boothby (70) 2

Last change on Jan 12, 2017 2:49:47 PM by  Torsten Lindner [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello, i want to check more than a Blacklist Server.

But i get the message "Error checking spam.dnsbl.sorbs, it contains no entry for 127.0.0.2"

Is the an workarround?

Created on Jun 23, 2016 9:59:16 AM by  Stephan (0) 1



Votes:

0

Your Vote:

Up

Down

@Stephan: The sensor will check the IP/DNS record of it's parent device against the blacklists. So the parent device must have an IP/DNS name which is reachable from the internet.
Best regards

Created on Jun 24, 2016 12:04:47 PM by  Konstantin Wolff [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Why does the sensor check the parent's IP ? Wouldn't be easier to scan a provided IP ?

According to this thread we should be able adding a provided line specifying IP and BL:

IPonDNSBL I suppose this is the sensor "IP on DNS blacklist" but I could not find a field for this line. Is there an old content?

Enter one or more blacklist servers to query. If you define several blacklist servers, separate the individual entries with commas and no spaces in between. Default is bl.spamcop.net. Further Help (Manual)

Thank you.

Created on May 15, 2017 7:28:50 AM by  Yann (150) 1 1

Last change on Nov 26, 2018 6:03:15 AM by  Luciano Lingnau [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi there,

The sensor uses the parents device IP/DNS name and queries this against the provided blacklist server or the provided list of blacklist servers.

Or do you want the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field?

Best regards.

Created on May 15, 2017 8:22:38 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field?

YES

Finally my question is where should I insert this string ?

IPonDNSBL -ip=mail.paessler.com [-bl=bl.spamcop.net]

Created on May 15, 2017 8:50:05 AM by  Yann (150) 1 1

Last change on Nov 26, 2018 6:03:34 AM by  Luciano Lingnau [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi there,

I am afraid that we won't change this as almost all sensors are using the parent devices IP/DNS name, sorry.

To use the exe by yourself, simply provide the parameters "-ip" is the parameter for the IP/DNS name that has to be checked against the blacklist servers. The "-bl" server is for the blacklist server or the multiple blacklist servers.

Best regards.

Created on May 15, 2017 9:25:17 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Sure I understand that you won't change.

"To use the exe by yourself" What exe are we talking about ? Is it a exe behind the sensor ??

I can't see explaination about this here

I'm affraid I don't understand, what exactly PRTG provide to monitor for example our IPs for MX, SMTP. I'm confused because of these two links which explain different approach.

Because I monitor our Exchange server with a local IP. So I would have to add a "fake" device with the external IP and so on with all our IPs ?

Created on May 15, 2017 11:19:34 AM by  Yann (150) 1 1

Last change on Nov 26, 2018 6:04:03 AM by  Luciano Lingnau [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi there,

Well you have to provide the paramters "-ip" and "-bl" if you want to use the EXE behind the sensor, correct (ProgramDir\Sensor System).

As we have already explained, PRTG uses the IP or DNS Name of the parent device where the sensor is added to. The blacklist servers that are contacted are submitted via the sensor settings:

  • IP that will be checked (your MailServer) is set in the parent device
  • contacted Blacklist Servers are set in the sensor settings itself

So if you want to check multiple WAN IPs against the blacklist servers, then you have to add a device for each IP and a sensor to each device.

Best regards.

Created on May 15, 2017 8:55:52 PM by  Dariusz Gorka [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Okay I finally understood because you provided me the path for the EXE. I thaught I could use the EXE within PRTG and was looking in this way. In a command line it works well with sbl-xbl.spamhaus.org, bl.spamcop.net... I'll then probably write a PS script which use the EXE. I'm not a noob with but almost.

But also if the link of this page was not broken I would certainly have understood quicker "The Custom Sensor can be downloaded from this page"

Created on May 16, 2017 3:28:57 PM by  Yann (150) 1 1



Votes:

0

Your Vote:

Up

Down

Hi there,

The sensor is actually provided by PRTG-Tools-Family, so you could also get the sensor there.

To use the sensor as a custom EXE, just copy it to "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE" and add a "EXE/Script" Sensor within PRTG. In the sensor settings you can provide the parameter as following:

-ip=127.0.0.1 -bl=blacklist.server

Afterwards add the channel limit to the created channel by setting "Upper Error Limit" to "0" in the channel settings.

Best regards.

Created on May 16, 2017 7:16:52 PM by  Dariusz Gorka [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.