AHBL and its Shutdown
(Disclaimer: this is all tech talk; feel free to ignore (; )
So… there’s a funny story about the AHBL (Abusive Hosts Blocking List): it was shut down in January. It cited a few reasons for closing, one of which was that the admin “…can not justify allocating the resources necessary to support queries from people who refuse to properly maintain their mail servers.”
That’s a pretty straightforward, if somewhat aggressive, statement. Essentially it boils down to: “I’m going to shut down this list. People are still using a bunch of my services despite me advertising this… shutting down anyway.”
As a sysadmin, I can respect that completely. Here’s where it gets a little weird and annoying: the admin shut down the service, but the apparent default behavior of this list is to mark an email as violating the blacklist, which typically marks an email as spam.
Again, I can respect not putting the effort into making a workaround or “blanket positive” response setup given that the service is being shut down. I mean, a sysadmin should have a firm handle on the blacklists implemented on their systems, right? Exactly.
…where I start to get really annoyed is that Zimbra–what we use for our mail server since it is a full collaboration suite–hardcodes this blacklist. It’s just tucked away in the SpamAssassin config. There’s no management of the blacklist anywhere else; it’s just a single line in that configuration.
Which leads me to…
… the fact that since January, our incident of false-positives has been extremely high (about 1-6 a day across the server, specifically over the past couple weeks) and I’ve been tearing out my hair trying to find why I can’t find which blacklist was causing a value of 2.699 to be added to every message. Until…
Today I found this poorly worded article on the Zimbra announcement board that describes one way to disable the AHBL. However, the automated tool suggested doesn’t work, but the following does:
cd /opt/zimbra/conf/spamassassin vim 50_scores.cf ### Find the following line: score DNS_FROM_AHBL_RHSBL 0 2.438 0 2.699 # n=0 n=2 ### Comment it out by putting a # in front of it like so: #score DNS_FROM_AHBL_RHSBL 0 2.438 0 2.699 # n=0 n=2 ### Next add the following line below it: score DNS_FROM_AHBL_RHSBL 0 ### Save the file and exit su - zimbra zmamavisdctl restart
That should do it. Send some test emails and you should see the “DNS_FROM_AHBL_RHSBL” section is removed from your Spam checking area of the headers.
If for some reason it doesn’t, you can try restarting Zimbra completely just to be safe:
su - zimbra zmcontrol restart
That’s kind of like hitting it with a hammer though.
Anyway, I hope this helps some of you out there who weren’t aware that Zimbra was using the AHBL and are getting complaints of a lot of false positives.