ESWL: Spanish mailserver Whitelist

  Introduction |   Zones |   How to use? |   Configuration |   adding your IP addresses |   IP address check |   FAQ (spanish) | 

Whitelisting Zone ESWL has 1236 IPs
Whitelisting Zone MTAWL has 11751 IPs

News (26 September 2010): Support for IPv6 addresses
News (22 January 2007): Spanish Whitelist are including IPs as "high" and "medium" from Whitelising DNSwl.org.
News (05 Frebuary 2007): Dnswl.org Whitelist are including IPs from ESWL zone of Spanish Whitelisting.

Introduction

The use of Blacklists has grown exponentially as resulting from that most of spam and malware come from PCs infected (zombies) with virus, troyanos or worms. Blacklist has demonstrated to be the most economical mechanism to block transactions SMTP coming from zombies, better than to analyze the contents. But sometimes its possible that some domain/IP well managed could be included automatically in some Blacklists that we are using, due to negligence's of some of their users doing good email don't arrive to receipt. The policies of those BlackLists are unilateral and try eliminate an IP in some of them can be a very complex process. On the other hand many institutions or companies are using their own local Whitelists to avoid block mail coming from specific ISPs or domains.

The use of the Whitelisting is very simple and for those who knows it's similar to mechanism of the Blacklists. A inbound mailhub when its receiving a SMTP connection it will check IP source doing a data base query which will indicate if this IP is trustworthy (whitelisting) or not (blacklisting). Using whitelist if query result its positive then SMTP transaction will be accepted. But using blacklist if answer its positive SMTP transaction will be rejected. In both cases if result its negative the SMTP transaction will be accepted.

The idea of Spanish Whitelisting, is that while a Blacklist store records of certain senders whom originate a high proportion of unwanted mail and/or don't respond effectively abuse complaints, a WhiteList record of those domains/IPs where there is a higher than average proportion of useful mail or we have confidence that complaints will be solve with effectively. Then main objectives of Spanish Whitelisting are:

  • Avoid the negative impact of anti spam filters , specially filters using Blacklists
  • Guarantee email interchange between Spanish ISPs

Whitelisting Zones

Spanish Whitelisting (ESWL) is formed by two independent zones with different policies: ESWL and MTAWL.

ESWL. Its a IP list of outbound mailhubs directly managed by ISPs members of Spanish Abuse Forum (Foro ABUSES).The policy of this ESWL zone is implicit in the own policy (Terms and Conditions) of Foro ABUSES:

  • IPs in ESWL will be provided by ISPs member of Foro ABUSES. In order to be include in ESWL it will be necessary to be member of this Foro ABUSES
  • IPs in ESWL are outbound mailhubs directly managed by these IPs not of its clients except RedIRIS (Spanish Academic Network) as ISP and Foro ABUSES member which can include IPs of universities and research institutions
  • The members of Foro ABUSES will maintain updated this owns IPs
  • IPs will have abuse@ contact and must respond effectively to complaints

MTAWL Its a IP list of outbound mailhubs proposed and validated by the Foro ABUSES members. Usually ISPs are using local whitelisting generated by they themselves, are IPs which SMTP traffic does not have to be rejected as spam. Its reasonable to think than many of this local whitelisting records similar IPs.Could be shared? similar of PGP rings. The main idea of MTAWL zone its create a common store of all of them with the following conditions

  • Any ISP, company, institution can propose the IPs of its own outbound mailhubs but all must to be approved by Foro ABUSES members.
  • Should be possible accept proposals of no Spanish domains , domains very know, but always approved by Foro ABUSES members
  • The way for proposals its directly through some Foro ABUSES members or indirectly sending a email

Typical examples of outbound mailhubs into MTABL could be hotmail, terra, gmail, yahoo, ebay, banks, travel agencies etc in general any relay server considered by Foro ABUSES.

ESWL its a selective zone, controlled and therefore more reduced than MTAWL, which will be bigger. We can use only ESWL zone but if when we are using MTAWL zone we are using records of ESWL.

ES Whitelisting formats

A Whitelisting its a listing of IPs from outbound mailhubs. ESWL will generate a IP listing in different formats in order to make more flexible and to facilitate its use. The main use of ESWL its accept queries from mail relay servers looking IP to permit and guarantee the mail delivery. This queries can be done using DNS or locally storing ESWL database updated downloading periodically from a central store in RedIRIS. ESWL offer the follow formats to be used for anyone:

  • DNS Zone. It allow to be checked doing queries by each MTA software or associated (as spamassassin). The zones will be under the dominion dnsbl.rediris.es

    Allow checking direct DNS in:

    • eswl.dnsbl.rediris.es
    • mtawl.dnsbl.rediris.es

    Allow checking inverse DNS (similar Blacklisting) in:

    • eswlrev.dnsbl.rediris.es
    • mtawlrev.dnsbl.rediris.es

    Example, if the IP of your box is 130.206.1.3, you can lookup 3.1.206.130.eswlrev.dnsbl.rediris.es , if it returns 127.0.0.2 this IP its whitelisted.

    
    130.206.1.3.eswl.dnsbl.rediris.es
    Server:         130.206.1.39
    Address:        130.206.1.39#53
    
    Non-authoritative answer:
    Name:   130.206.1.3.eswl.dnsbl.rediris.es
    Address: 127.0.0.2
    

    Online checking in ESWL. Its a web interface to check IP into ESWL and MTAWL zones.

  • Text files. Accessible via http:

    There are files prepared for configuration of: postfix, sendmail, spamassassin and Greylist (milter-greylist)

    ESWL

    • ESWL zone file for greylist This file contains information about ESWL zone. It is prepared to be include into Greylist (milter-greylist) configuration. Its possible to get this file periodically into a cron command in this way:

      
      /usr/bin/wget -O greylistESWL.conf http://www.abuses.es/priv/eswl/eswl.greylist
      

    • ESWL zone file for postfix/sendmail This file contains information about ESWL zone. Its prepared to be include into postfix/sendmail configuration. Its possible to get this file periodically into a cron command in this way:

      
      /usr/bin/wget -O whitelist http://www.abuses.es/eswl/data/eswl.postfix
      

    • ESWL zone file for postfix CIDR format This file contains information about ESWL zone. Its prepared to be include into postfix, using CIDR (IP address/netmask format). Its possible to get this file periodically into a cron command in this way:

      
      /usr/bin/wget -O whitelist http://www.abuses.es/eswl/data/eswl.postfixcidr.txt
      

    • MTAWL

      • MTAWL zone file for greylist This file contains information about MTAWL zone. Its prepared to be include into Greylist (milter-greylist) configuration. Its possible to get this file periodically into a cron command in this way:

        
        
        /usr/bin/wget -O greylistMTAWL.conf http://www.abuses.es/priv/eswl/mtawl.greylist
        
      • MTAWL zone file for postfix/sendmail This file contains information about MTA zone. Its prepared to be include into postfix/sendmail configuration. Its possible to get this file periodically into a cron command in this way:

        
        /usr/bin/wget -O whitelist http://www.abuses.es/eswl/data/eswl.postfix
        

      • MTAWL zone file for postfix CIDR format This file contains information about MTA zone. Its prepared to be include into postfix, using CIDR format (IP address / netmask). Its possible to get this file periodically into a cron command in this way:

        
        /usr/bin/wget -O whitelist http://www.abuses.es/eswl/data/eswl.postfixcidr.txt
        

      How to be include into ESWL?

      The requirements to be on the ESWL are:
    • The mail server must not have significant spam problems. A small amount of spam may be acceptable if the overall percentage is low enough or if it appears that the spam. Always Foro ABUSES reserver the right to make the final decision on these issues

    • Mail server into ESWL must to have abuse contact wich its no necesary to be include on MTAWL.

      ESWL only will accept IPs of outbound mailhubs. All the requests will be processed by Foro ABUSES and will be their members those that evaluate and decide about those requests. If yo want to be include into Spanish whitelisting follow this instructions:

      • YES, I'm a member of Foro ABUSES.

        You have to send your request directly to Distribution list of Foro ABUSES in this way:

        To: ABUSES at LISTSERV.REDIRIS.ES
        Subject: Request in ESWL
        
        1.2.3.4  ISP name
        1.2.3.5  ISP name
        1.2.3.6  ISP name
        1.2.3.7  ISP name
        

        Your request should be evaluate to be include int ESWL zone. Remember that its necesary to have update abuse contacts into Foro ABUSES

      • NO, I'm not member of Foro ABUSES

        It will only be able to send request for MTAWL zone. You will have to send it to: < eswl at rediris.es > in this way:

        To: ESWL at REDIRIS.ES
        Subject: Request for MTAWL
        
        1.2.3.4  # info1. abuse@mail
        1.2.3.4  # info2. abuse@mail
        1.2.3.4  # info3. abuse@mail
        

        Where "info" text are a words whit information of a that belongs the IP. abuse @ email its email abuse contact.For example:

        
        208.37.136.102 # eListas.net. abuse@elistas.net
        208.37.136.103 # eListas.net. abuse@elistas.net
        
        Its possible to add all IP of a Class C, placing "XX" string:
        
        66.163.187.XX # groups.yahoo.com
        
        Your request will be sent to Foro ABUSES for evaluation into MTAWL zone.

      • If you are member of RedIRIS (Spanish Research and Academic Network) You have to send a email to eswl at RedIRIS.es. Your request should be included directly into ESWL zone.