Is there a list of blacklist servers available that I can use with the IP on DNS Blacklist sensor?
Is there a list of anti spam black list servers?
Votes:
0
12 Replies
Votes:
0
This article applies as of PRTG 22
IP address on DNS blacklist servers
By default, the IP on DNS Blacklist sensor checks some default blacklist servers. You can add additional servers as a comma-separated list. See the links below for more servers.
Use with care
With each scanning interval, the IP on DNS Blacklist sensor queries all servers that you entered in the sensor settings. In our tests, 50 blacklist servers with a 5-minute scanning interval worked fine. Values in your network may vary, depending on the connection speed and availability of servers.
We recommend that you do not enter more than 10 servers to make sure that the sensor can complete the check within its scanning interval.
If you use too many blacklist servers, the sensor shows this error message:
Your request has timed out. Depending on the sensor type you use, the reason might be that the sensor could not connect to the target host or that a PowerShell command takes too long to execute. For more information, see https://kb.paessler.com/en/topic/71899 or https://kb.paessler.com/en/topic/37633. (code: PE018)
List of blacklist servers
- access.redhawk.org
- all.s5h.net
- b.barracudacentral.org
- bl.blocklist.de
- bl.mailspike.org
- bl.score.senderscore.com
- bl.spamcop.net
- bl.spameatingmonkey.net
- cidr.bl.mcafee.com
- db.wpbl.info
- dnsbl-1.uceprotect.net
- dnsbl-2.uceprotect.net
- dnsbl-3.uceprotect.net
- dnsbl.dronebl.org
- dnsbl.justspam.org
- dnsbl.kempt.net
- dnsbl.sorbs.net
- ips.backscatterer.org
- ix.dnsbl.manitu.net
- korea.services.net
- mail-abuse.blacklist.jippg.org
- psbl.surriel.com
- spam.dnsbl.sorbs.net
- spam.pedantic.org
- spamsources.fabel.dk
- tor.dan.me.uk
- truncate.gbudb.net
- ubl.unsubscore.com
Note: As of PRTG 15.2.17, the IP on DNS Blacklist sensor follows RFC 5782, where IPv4-based DNSxLs (blacklists and whitelists) must contain an entry for 127.0.0.2 for testing purposes. In previous versions, the sensor did not check this, which provided a false sense of security when using nonexisting (or no longer existing) DNS blacklist servers that always report that the IP address is not listed.
Created on Jun 20, 2012 9:37:22 AM by
Daniel Zobel [Product Manager]
Last change on Jan 3, 2023 7:54:29 AM by
Brandy Greger [Paessler Support]
Votes:
0
Many of the servers on that external list are now generating errors as per the note above. This is the edited list of servers from http://dnsbllookup.com/ which currently work ok with PRTG.
access.redhawk.org,all.s5h.net,all.spamrats.com,b.barracudacentral.org,bl.blocklist.de,bl.mailspike.org,bl.score.senderscore.com,bl.spamcop.net,bl.spameatingmonkey.net,cidr.bl.mcafee.com,db.wpbl.info,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,dnsbl-3.uceprotect.net,dnsbl.dronebl.org,dnsbl.justspam.org,dnsbl.kempt.net,dnsbl.sorbs.net,ips.backscatterer.org,ix.dnsbl.manitu.net,korea.services.net,mail-abuse.blacklist.jippg.org,psbl.surriel.com,spam.dnsbl.sorbs.net,spam.pedantic.org,spamsources.fabel.dk,tor.dan.me.uk,truncate.gbudb.net,ubl.unsubscore.co
Created on Oct 5, 2015 10:58:55 AM
Last change on Apr 14, 2020 10:27:25 AM by
Matthias Kupfer [Paessler Support]
Votes:
0
Hello, i want to check more than a Blacklist Server.
But i get the message "Error checking spam.dnsbl.sorbs, it contains no entry for 127.0.0.2"
Is the an workarround?
Votes:
0
@Stephan: The sensor will check the IP/DNS record of it's parent device against the blacklists. So the parent device must have an IP/DNS name which is reachable from the internet.
Best regards
Votes:
0
Why does the sensor check the parent's IP ? Wouldn't be easier to scan a provided IP ?
According to this thread we should be able adding a provided line specifying IP and BL:
- Can I check an IP address against blacklist servers using DNSBL? (besides the link is down)
IPonDNSBL I suppose this is the sensor "IP on DNS blacklist" but I could not find a field for this line. Is there an old content?
Enter one or more blacklist servers to query. If you define several blacklist servers, separate the individual entries with commas and no spaces in between. Default is bl.spamcop.net. Further Help (Manual) |
Thank you.
Created on May 15, 2017 7:28:50 AM
Last change on Nov 26, 2018 6:03:15 AM by
Luciano Lingnau [Paessler]
Votes:
0
Hi there,
The sensor uses the parents device IP/DNS name and queries this against the provided blacklist server or the provided list of blacklist servers.
Or do you want the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field?
Best regards.
Votes:
0
the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field? |
YES
Finally my question is where should I insert this string ?
IPonDNSBL -ip=mail.paessler.com [-bl=bl.spamcop.net] |
Created on May 15, 2017 8:50:05 AM
Last change on Nov 26, 2018 6:03:34 AM by
Luciano Lingnau [Paessler]
Votes:
0
Hi there,
I am afraid that we won't change this as almost all sensors are using the parent devices IP/DNS name, sorry.
To use the exe by yourself, simply provide the parameters "-ip" is the parameter for the IP/DNS name that has to be checked against the blacklist servers. The "-bl" server is for the blacklist server or the multiple blacklist servers.
Best regards.
Votes:
0
Sure I understand that you won't change.
"To use the exe by yourself" What exe are we talking about ? Is it a exe behind the sensor ??
I can't see explaination about this here
I'm affraid I don't understand, what exactly PRTG provide to monitor for example our IPs for MX, SMTP. I'm confused because of these two links which explain different approach.
Because I monitor our Exchange server with a local IP. So I would have to add a "fake" device with the external IP and so on with all our IPs ?
Created on May 15, 2017 11:19:34 AM
Last change on Nov 26, 2018 6:04:03 AM by
Luciano Lingnau [Paessler]
Votes:
0
Hi there,
Well you have to provide the paramters "-ip" and "-bl" if you want to use the EXE behind the sensor, correct (ProgramDir\Sensor System).
As we have already explained, PRTG uses the IP or DNS Name of the parent device where the sensor is added to. The blacklist servers that are contacted are submitted via the sensor settings:
- IP that will be checked (your MailServer) is set in the parent device
- contacted Blacklist Servers are set in the sensor settings itself
So if you want to check multiple WAN IPs against the blacklist servers, then you have to add a device for each IP and a sensor to each device.
Best regards.
Votes:
0
Okay I finally understood because you provided me the path for the EXE. I thaught I could use the EXE within PRTG and was looking in this way. In a command line it works well with sbl-xbl.spamhaus.org, bl.spamcop.net... I'll then probably write a PS script which use the EXE. I'm not a noob with but almost.
But also if the link of this page was not broken I would certainly have understood quicker "The Custom Sensor can be downloaded from this page"
Votes:
0
Hi there,
The sensor is actually provided by PRTG-Tools-Family, so you could also get the sensor there.
To use the sensor as a custom EXE, just copy it to "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE" and add a "EXE/Script" Sensor within PRTG. In the sensor settings you can provide the parameter as following:
-ip=127.0.0.1 -bl=blacklist.server |
Afterwards add the channel limit to the created channel by setting "Upper Error Limit" to "0" in the channel settings.
Best regards.
Add comment