Abusix Mail Intelligence is a set of blocklists that are designed to help protect mail servers from spam, malware, phishing and ransom attacks.
You can sign up for a free 14-day trial of Abusix Mail Intelligence at https://abusix.com/. The trial will monitor the number of queries you make against Abusix Mail Intelligence and as long as the number isn’t in excess of 5,000 queries a day, you’d typically be able to sign up for their free usage tier. On very large or very busy mail servers, prices start at $10 a month for 10,000 queries a day. For further details please see the Abusix Mail Intelligence Pricing Page.
Setup Steps:
Once signed up to Abusix, at https://app.abusix.com/email-protection make a note of Your API Key.
MDaemon Configuration:
At Security -> Spam Filter -> DNS-BL -> Hosts, tick “Enable DNS-BL queries” (if it is not already ticked) and add a new DNS-BL in the form:
DNS-BL host: YOUR-API-KEY.combined.mail.abusix.zone
Message: $IP$ blocked by Abusix
(replace YOUR-API-KEY with the actual API KEY Abusix provide)
In Security -> Spam Filter -> DNS-BL -> Settings, you can now decide what action MDaemon should take if a sender mail server returns a positive blocked response from Abusix.
If you’d prefer to accept the email and add a score that means MDaemon flags it as spam, then make a note of the Security -> Spam Filter -> “A message is spam if it scores greater or equal to” value (the default value here is 5.0). Then set the Security -> Spam Filter -> DNS-BL -> Settings -> “DNS-BL match adds this many points to the spam score”, to a similar score (that is, 5.5):
MDaemon would then route this email according to your Security -> Spam Filter -> “Fate of Spam” setting.
If you’d rather MDaemon just rejects connections from mail servers that return a positive response from Abusix, then tick Security -> Spam Filter -> DNS-BL -> Settings -> “SMTP server should refuse mail from block-listed IP’s”:
SecurityGateway Configuration:
At Security -> Anti-Spam -> DNS Blacklists (DNSBL) -> Configuration, tick “Enable DNSBL queries” (if it is not already ticked) and add a new DNS-BL to “DNS-Blacklists (All domains)” in the form:
Host: YOUR-API-KEY.combined.mail.abusix.zone
SMTP Response: $IP$ blocked by Abusix
(replace YOUR-API-KEY with the actual API KEY Abusix provide)
If you’d prefer SecurityGateway to accept the email and automatically quarantine it, then at Security -> Anti-Spam -> DNS Blacklists (DNSBL) -> Configuration -> “If the sending server of a message is listed”, choose “quarantine the message”. You may also want to tag the subject with a value that helps you easily see it was quarantined in this way, like in this example:
If you’d rather SecurityGateway just rejects connections from mail servers that return a positive response from Abusix, then at Security -> Anti-Spam -> DNS Blacklists (DNSBL) -> Configuration -> “If the sending server of a message is listed”, choose “refuse the message”:
Important Note:
Abusix allow you to perform queries against them regardless of the DNS servers MDaemon or SecurityGateway is using, as long as you have a valid API Key and account with them.
However, if you are already using other DNS-BL’s in either MDaemon or SecurityGateway like zen.spamhaus.org, then its important that MDaemon or SecurityGateway is not using open DNS resolvers (Google DNS, CloudFlare DNS, etc) or these checks might fail. These specific DNS-BL’s don’t allow queries from these DNS servers due to the volume of queries they create.
You can check the DNS servers being used here:
MDaemon: Setup -> Server Settings -> DNS
SecurityGateway: Setup/Users -> System -> DNS Servers