Email Reputation Services Standard - Trend Micro Australia

Important Note
4th Dimension WebSTAR V
Aladdin eSafe
Alt-N MDaemon
Bizanga’s IMP
Borderware MXtreme
Cisco
Clearswift MAILsweeper
CMS Praetor
Critical Path Memova Anti Abuse
Deerfield VisNetic Mail Server
Eudora Internet Mail Server
exim Internet Mailer
Fortinet Fortigate
Foundry
Gordano Messaging Server
GWAVA
Ipswitch IMail Server
IronPort
Kerio Mail Server
Lotus Domino
Mac OS X Server
MailFrontier Gateway
McAfee Webshield e250, e500
Microsoft Exchange Server 2003
Mirapoint
Net IQ MailMarshal
OmniTI Ecelerity
Openwave Edge GX
Postfix
Proofpoint Protection Server
qmail
Secure Computing Sidewinder
Sendmail
SonicWALL
SpamAssassin
Sun ONE Messaging Server
SurfControl Email Filter
Sybari ANTIGEN
Symantec Anti-Virus for SMTP Gateways
Symantec Firewall
Symantec Mail Security
Trend Micro InterScan Messaging Security Suite for Windows
Tumbleweed Enterprise Mail Firewall
WatchGuard SpamScreen
XWall
ZixCorp Message Inspector

Important Note

Whether you have signed up for a 30-day trial or purchased the Network Reputation Services, you will receive an Activation Code (AC) that you will need to use when configuring your Mail Transfer Agent (MTA).Select your MTA or firewall from the list below. Please follow the instructions for your specified MTA and insert your AC as indicated to activate the service. The instructions below have been provided by the vendor or manufacturer of the product. We will assist you in the configuration process, but you may wish to refer to your product’s manuals and/or technical support organization for detailed configuration and set-up options.For assistance from Trend Micro Support Team, please send an email to ers_support@trendmicro.com.

4th Dimension WebSTAR V

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your WebStar server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Under SMTP Server/DNS Blacklists, You'll need to have 15 entries for all 15 Response codes ranging from 127.1.0.1 through 127.1.0.15
- Name Hostname
- Response MAPS activationcode.r.mail-abuse.com 127.1.0.1
- Denial Message. Please see http://www.mail-abuse.com/cgi-bin/lookup

Aladdin eSafe

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Aladdin eSafe server to use Trend Micro Network Reputation Services. NOTE: Make sure all 15 RBL server entries are at the top of the search list. eSafe 4.0: Open up the eSafe Gateway Configuration. Under 'Anti-Spam',
Select 'Mail Server Validation'.
Under 'Check mail server validity at RBL server:',
Choose 'Check incoming email'. You will need to add a new RBL server with the reponses. For 'RBL server' name,
enter activationcode.r.mail-abuse.com
For 'Reponse',
enter 127.1.0.1 You will need to repeat this step many times. Once for each Response ranging from 127.1.0.1 through 127.1.0.15. NOTE: You must enter all 15 response codes to get full benefit of our RBL+ service.
eSafe 5.0:
ftp://ftp.aladdin.com/pub/manuals/esg/esg5.x/econsole_admin.pdf
Pages 196-198. Open up the eSafe Gateway Configuration.Under 'Anti-Spam',
Select 'Mail Server Validation'.
Check the box next to 'Check if mail server is in RBL for INCOMING email'
Click 'List' on the right of there.
That will bring up a list of existing RBL entries.You will need to add a new RBL server with the reponse.
Click 'Add'
For 'RBL server' name,
enter activationcode.r.mail-abuse.com
For 'Reponse (to block)',
enter 127.1.0.1
Check the box next to 'Activate use of this server'You will need to repeat this step 15 times. Once for each Response ranging from 127.1.0.1 through 127.1.0.15.NOTE: You must enter all 15 response codes to get full benefit of our RBL+ service.

Alt-N MDaemon

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your MDaemon to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

On DNS Black Lists (DNS-BL) screen, select 'DNS-BL options' tab
Check 'Enable DNS-BL engine"
Check 'Block email from servers which have been blacklisted'
Click 'Apply' Select 'DNS-BL Hosts' tab

· For 'New host' enter: activationcode.r.mail-abuse.com · For 'Message" enter: blocked by Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup

Click 'Add'
Check 'Stop host lookups on the first host match'
Check 'Send Message" on match rather than "User unknown"' and click 'Apply'

Bizanga’s IMP

Bizanga’s IMP solution is highly customizable. In order to ensure that you have the most comprehensive and effective solution to meet your needs, please refer to the technical configuration document provided with the product and/or contact Bizanga’s customer support for assistance. If you have questions regarding setting up the appropriate DNSBL zone, the proper error message to utilize, testing that your configuration is set-up correctly, or need general assistance in accessing the service, please contact the Trend Micro Support Team, by sending an email to ers_support@trendmicro.com.

Borderware MXtreme

We currently do not have instructions on how to configuration this product to utilize Trend Micro Reputation Services. Please refer to your product manual for information on the proper method to configure your MTA to utilize DNSBLs or block lists. Your vendor’s Technical Support organization should also be able to assist you with detailed configuration and set-up options. When you are configuring this product you will need to access our DNSBL zone. Please insert this string where indicated:
activationcode.r.mail-abuse.comNote: You will need to insert your unique valid "activation code" to replace the instructional text example: do not include any dashes.If you have questions regarding setting up the appropriate DNSBL zone, the proper error message to utilize, testing that your configuration is set-up correctly, or need general assistance in accessing the service, please contact the Trend Micro Support Team, by sending an email to ers_support@trendmicro.com.

Cisco

For instructions on how to configure your Cisco product to access Trend Micro Network Reputation Services, please refer to your Trend Micro product manual.If you have questions regarding testing that your configuration is set-up correctly, or need general assistance in accessing the service, please contact the Trend Micro Support Team, by sending an email to ers_support@trendmicro.com.

Clearswift MAILsweeper

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your MAILsweeper to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

In Policies Properties, Under the Security Tab, Check the box "Look up SMTP hosts in unsolicited mail database"
For "Web site:" enter activationcode.r.mail-abuse.com
Check the box "Record rejected host in Event Log" if you want it to log the rejections. This is the MailSweeper Event Log, not the Windows Event Log

CMS Praetor

We currently do not have instructions on how to configuration this product to utilize Trend Micro Reputation Services. Please refer to your product manual for information on the proper method to configure your MTA to utilize DNSBLs or block lists. Your vendor’s Technical Support organization should also be able to assist you with detailed configuration and set-up options. When you are configuring this product you will need to access our DNSBL zone. Please insert this string where indicated:
activationcode.r.mail-abuse.com Note: You will need to insert your unique valid "activation code" to replace the instructional text example: do not include any dashes. If you have questions regarding setting up the appropriate DNSBL zone, the proper error message to utilize, testing that your configuration is set-up correctly, or need general assistance in accessing the service, please contact the Trend Micro Support Team, by sending an email to ers_support@trendmicro.com.

Critical Path Memova Anti Abuse

Deerfield VisNetic Mail Server

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Deerfield VisNetic Mail Server to use Trend Micro Network Reputation Services. Visnetic 7.x Login to Visnetic Web Admin.
On the left side of the main configuration screen,
Click the "Delivery" button.
Under there, look for the "Anti-Relaying" subset.
Under there, check the box next to "DNSBL" to enable the feature.
Now, Click "DNSBL". That will bring up a screen to add DNSBL server names.
Add 1 server name per line. Enter: activationcode.r.mail-abuse.com Click "Save"

Eudora Internet Mail Server

We currently do not have instructions on how to configuration this product to utilize Trend Micro Reputation Services. Please refer to your product manual for information on the proper method to configure your MTA to utilize DNSBLs or block lists. Your vendor’s Technical Support organization should also be able to assist you with detailed configuration and set-up options. When you are configuring this product you will need to access our DNSBL zone. Please insert this string where indicated:
activationcode.r.mail-abuse.com Note: You will need to insert your unique valid "activation code" to replace the instructional text example: do not include any dashes. If you have questions regarding setting up the appropriate DNSBL zone, the proper error message to utilize, testing that your configuration is set-up correctly, or need general assistance in accessing the service, please contact the Trend Micro Support Team, by sending an email to ers_support@trendmicro.com.

exim Internet Mailer

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your exim server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Edit your /usr/exim/configure file. (Yours may be in a different location) Look to see if you have a dnslists section already. You'll need to enter the following information:

· deny message = $sender_host_address blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup · dnslists = activationcode.r.mail-abuse.com

Make sure the deny line is one really long line. Then stop and restart exim.

Fortinet Fortigate

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Fortigate Firewall to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Under the Spam Filter>DNBSBL & ORDBL section,
Click Create New.
For 'RBL Server'name enter: activationcode.r.mail-abuse.com
Select the 'Action' you want to use and select 'Enable' and then click 'OK'

Foundry

Gordano Messaging Server

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Gordano Messaging Server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

You will need to setup 15 response codes for our RBL+ service:
- 127.1.0.1 through 127.1.0.15
- For 'RBL Server' enter activationcode.r.mail-abuse.com
- Set 'Action' to 'Fail'
- For 'IP Response' enter 127.1.0.1 Be sure to setup all 15 entries.

For more information on configuring filters for Gordano Messaging Server click here.

GWAVA

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your GWAVA Mail Server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Under Configuration>GWAVA Manager>RBL lists please do the following
- Check the box for 'Enable RBL lookup'
- Click 'Add' and enter activationcode.r.mail-abuse.com

For more information on configuring the GWAVA Mail Servers please visiti http://www.beginfinite.com/html/gwav_manual/index.htm

Ipswitch IMail Server

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your IMail Server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

You need to configure the RBL checking in 2 places, under the main server configuration and the host connection filtering. For more information click here.
Main Server Configuration: Configure DNS Black Lists by following the steps given below. (For more information click here )
- Getting to the DNS Black Lists tab

o Under Server Configuration, In the left panel, expand the localhost folder, and select the Antispam folder. o In the right panel, click the DNS Black Lists tab. On the DNS Black Lists tab,

Click Add to open the Add DNS BlackList dialog box.
Enter the requested information in the Add DNS BlackList dialog box

o Name: Trend Micro RBL+ Server o Query Domain: activationcode.r.mail-abuse.com o Type: DNS click 'OK',

Click 'Apply' to save the Server black list information.
Select the Trend Micro RBL+ name and click Enabled
If you would like to log the rejections, click the Logging tab.

Note: 1. Anti-spam logging is separate from other IMail Server logging and is configured on the anti-spam Logging tab 2. Only black lists that are configured and enabled on this tab are available for use by a host. Once a black list is enabled for the server, it must be enabled for the host on the Connection Filtering tab. 3. A DNS black list must be enabled at the server level in order for it to be available for use by hosts. If a DNS black list is disabled, it is not available for hosts. If a DNS black list is in use by a host, but is then disabled at the server level, the black list is immediately disabled for the host and removed from the Connection Filtering tab.

Now, you must enable Trend Micro RBL+ in the Connection Filtering tab. Follow the steps below to get to the Connection Filtering tab. (For more information click here )

· Under Host Configuration
In the left panel, expand the localhost folder and select a host
with an IP address. · Expand the host, and select the Antispam folder. · In the right panel, click the Connection Filtering tab. 4. Enabling/Disabling DNS Black lists · Decide whether you want the black list to be a Standard DNS blacklist, or a Trusted DNS blacklist. ( Note: If an e-mail matches one of these black lists, it is immediately deleted and no further spam checks are performed. a) If you choose to use 'Standard DNS blacklists' : · Click 'Add' in the appropriate grouping to open the Add DNS Blacklist dialog box. · Select a black list · Select 'Delete Message after X matches' · Enter '1' for the number of matches. b) If you choose to use 'Trusted DNS Blacklists': · Click 'Add' in the appropriate grouping to open the Add DNS Blacklist dialog box. · Select a black list click 'OK' Note: Only blacklists that are configured and enabled for the server are displayed in the Add DNS Blacklist dialog box. To save the blacklists, click 'Apply' at the top of the right panel.

IronPort

Kerio Mail Server

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Kerio Mail Server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Under Spam Filtering, you'll need to Add a new Interet blacklist. Enter the following:
- 'DNS Suffix' activationcode.r.mail-abuse.com
- 'Description' Trend Micro RBL+
- Select 'Block the message'
- Do not check the box that says "Ask the blacklist DNS servers directly"
- Click OK

Lotus Domino

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Domino server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Make sure you already have a Configuration Settings document for the server(s) to be configured.
From the Domino Administrator, click the Configuration tab and expand the Messaging section.
Click Configurations.
Select the Configuration Settings document for the mail server or servers where you want to enable DNS blacklist filters, and click Edit Configuration.
Click the Router/SMTP>Restrictions and Controls
>SMTP Inbound Controls tab.
Complete the following fields in the DNS Blacklist Filters section, and then click Save & Close
- DNS Blacklist filters: Enabled
- DNS Blacklist sites: activationcode.r.mail-abuse.com
- Desired action: Log and reject message
- Custom SMTP error response: Blocked by Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=%s
- Reload the SMTP task, or update the SMTP configuration to put changes into effect.

For more information on configuring filters on Domino Server click here .

Mac OS X Server

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to your Mac OS X Server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

In Server Admin, select Mail in the Computers & Services pane.
Click Settings.
Select the Filters tab.
Check "Use these junk mail rejection servers."
Edit the list of servers by adding the DNS name of an RBL server.
- Click the Add button to add a server to the list.
- Click the Remove button to delete the currently selected server from the list.
- Click the Edit button to change the currently selected server from the list.
- Enter the domain name of the desired RBL server, such as rbl.example.com

o Enter: activationcode.r.mail-abuse.com For more information click here .(refer page 48)

MailFrontier Gateway

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes.

We currently do not have exact instructions on how to configuration this product to utilize Trend Micro Reputation Services. Please refer to your product manual for information on the proper method to configure your MTA to utilize DNSBLs or block lists. Your vendor’s Technical Support organization should also be able to assist you with detailed configuration and set-up options.

We believe you a looking for the Anti-Spam Techniques tab. Under there it looks like Blocked List Services might be what you are looking for. Please insert this string where indicated:
activationcode.r.mail-abuse.com If you have questions regarding setting up the appropriate DNSBL zone, the proper error message to utilize, testing that your configuration is set-up correctly, or need general assistance in accessing the service, please contact the Trend Micro Support Team, by sending an email to nrs_clientsupport@trendmicro.com.

McAfee Webshield e250, e500

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Webshield server to use Trend Micro Network Reputation Services DNSBL zone.

Under E-mail (SMTP)>Anti-Spam>Real-time Spam, check there will be a Blackhole Server box.
Click Add, then enter activationcode.r.mail-abuse.com

Microsoft Exchange Server 2003

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Microsoft Exchange Server 2003 to use Trend Micro Network Reputation Services DNSBL zone with custom error messages.

Under Global Settings, right click on Message Delivery and Select Properties. Click the Connection Filter tab.
Click New to add a new filter Enter the following:

· 'Display Name' Trend Micro RBL+ · 'DNS Suffix of Provider' activationcode.r.mail-abuse.com · 'Custom Error Message to Return'

Host %0 was blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup . Click Return Status Code button
Select the top option 'Match Filter Rule to Any Return Code'
Click Ok, a warning message will pop up indicating that Connection, Recipient and Sender Filter must manually be enabled on specific SMTP virtual servers as they are not enabled by default.
Under Protocols/SMTP/Default SMTP Virtual Server right click and Select Properties. Click on the General tab then Advanced>Edit and check the box to 'Apply Connection Filter' and click 'ok'

For more information on configuring filters on Microsoft Exchange Server 2003 click here .

Mirapoint

We currently do not have instructions on how to configuration this product to utilize Trend Micro Reputation Services. Please refer to your product manual for information on the proper method to configure your MTA to utilize DNSBLs or block lists. Your vendor’s Technical Support organization should also be able to assist you with detailed configuration and set-up options. When you are configuring this product you will need to access our DNSBL zone. Please insert this string where indicated:
activationcode.r.mail-abuse.com Note: You will need to insert your unique valid "activation code" to replace the instructional text example: do not include any dashes. If you have questions regarding setting up the appropriate DNSBL zone, the proper error message to utilize, testing that your configuration is set-up correctly, or need general assistance in accessing the service, please contact the Trend Micro Support Team, by sending an email to ers_support@trendmicro.com.

Net IQ MailMarshal

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your MailMarshal to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Under Server Properties, select the Host Validation tab. You'll need to create DNS Blacklist entries:
- Name: Trend Micro RBL+
- Domain: activationcode.r.mail-abuse.com
- Reply message. Some versions have separate boxes for Message Number and Description.

o Message Number: 550 o Message Description: {SenderIP} blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin?ip_address={SenderIP}

If yours does not, then enter both in the box.

o 550 {SenderIP} blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address={SenderIP}

OmniTI Ecelerity

Edit your ecelerity.conf file (/opt/ecelerity/etc/ecelerity.conf):

Module generic/spf_macros spf_macros { }

Validate validate/sieve sieve { connect_phase1 = /opt/ecelerity/etc/rbl.siv }

Place the following in /opt/ecelerity/etc/rbl.siv:

$a = ec_dns_lookup "%{spfv1:ir}.activationcode.r.mail-abuse.com" "a"; if ec_test :matches "${a}" "127.1.0.*" { ec_disconnect 550 "Your host is in the TrendMicro RBL+, please see http://www.mail-abuse.com/cgi-bin/lookup?%{spfv1:i}";
}"; }

This will disconnect the connection right after it is created, in lieu of the SMTP banner. This is ideal for most situations, except for when XCLIENT is used. In those cases, connect_phase1 should be changed to mailfrom_phase1, which will process the script with the XCLIENT address.

Openwave Edge GX

Postfix

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Postfix to use Trend Micro Network Reputation Services DNSBL zone with a custom error message Postfix 2.x 1. Find out if your OS supports hash or dbm tables.
type postconf -m If you see hash, use hash in steps 2 and 3 below.
If you see dbm, use dbm in steps 2 and 3 below. 2. Edit main.cf and add our RBL and rbl_reply_maps entries. While it's really a client check, we have it in
"smtpd_recipient_restrictions" (as is recommended by many experts) as that is needed if you want to whitelist any recipients (e.g. Postmaster). Putting it as a recipient restriction only affects the timing (after the RCPT TO command), not the effect. NOTE: Be sure the smtpd_recipient_restrictions = is one really long line. We had to add line breaks to show you the example. rbl_reply_maps = hash:/$config_directory/rbl_reply
smtpd_recipient_restrictions = permit_mynetworks,
reject_rbl_client activationcode.r.mail-abuse.com,
reject_unauth_destination 3. Create the rbl_reply map and "postmap" it. NOTE: Be sure each line is one really long line. Also be sure there are no leading spaces in front of the activationcode lines. ....contents of rbl_reply file....
activationcode.r.mail-abuse.com 550 Service unavailable; $rbl_class [$rbl_what] blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=$rbl_what${rbl_reason?; $rbl_reason}
....contents of rbl_reply file.... Save and then type 'postmap hash:rbl_reply' to create the hash table. NOTE: If postmap complains about unknown "hash", type postconf -m
If you do not see hash, but you do see dbm, then change the words hash to dbm in steps 2 and 3 above.4. Reload postfix by typing "postfix reload"

Proofpoint Protection Server

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Proofpoint server to use Trend Micro Network Reputation Services DNSBL zone.

Open the GUI and click 'System' and then 'Settings' on the left menus.
Click 'DNS Block List' on the top right menu.
Click 'Add'

For 'ID' enter TrendMicroRBL+
For 'Domain' enter activationcode.r.mail-abuse.com
For 'Has TXT Records' click No. Our DNSBL zones do not have TXT records.
Click 'Save Changes'

Check the box next to 'Enabled'
Check the box next to 'TrendMicroRBL+'
Click 'Save Changes'

qmail

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your qmail server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message. NOTE: Our DNSBL zone does not contain TXT messages, so you MUST compile RBLSMTPD to use the "A" record patch or our service will not work. Here is a sample run file to show you the rblsmtpd syntax. ..... sample /var/qmail/supervise/qmail-smtpd/run file….. #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -H -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/rblsmtpd \
-b -r "activationcode.r.mail-abuse.com:blocked using Trend Micro RBL+, please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=%IP%" \" \
/var/qmail/bin/qmail-smtpd 2>&1 ..... sample /var/qmail/supervise/qmail-smtpd/run file…..

Your setup may use different options, but that is a working rblsmtpd -b -r "...." entry. qmail will log rblsmtpd rejections in /var/log/qmail/smtpd/current @400000003fd843f92af91f1c rblsmtpd: xx.xx.xx.xx pid 19122: 553 Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=xx.xx.xx.xx

Secure Computing Sidewinder

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Sidewinder to use Trend Micro Network Reputation Services DNSBL zone with a custom error message. If you have the newer version of Sidewinder, follow the steps below:

On the Sidewinder, go to Service Configuration Tab
Click Servers
Click Sendmail
Click m4 config on external burb (This will bring up a text editor)
Locate the following line: FEATURE(`blacklist_recipients')dnl

· Below that, add:
FEATURE(`dnsbl',`activationcode.r.mail-abuse.com', ` "550 Mail from " $&{client_addr} " blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=" $&{client_addr} ')dnl
Note : Make sure the FEATURE line you enter is one long line when you add it.

Save and Exit the file
Apply the change (that will rebuild the Sendmail config and restart Sendmail)

If you have the older version of Sidewinder, follow the steps below: On Sidewinder v5.2.1.10, the following file has to be edited: /etc/sidewinder/sendmail/sidewinder.X.mc X designates the burb

Locate the following line: FEATURE(`blacklist_recipients')dnl
Below that, add:
FEATURE(`dnsbl',`activationcode.r.mail-abuse.com', ` "550 Mail from " $&{client_addr} " blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address =" $&{client_addr} ')dnl
Note :Make sure the FEATURE line you enter is one long line when you add it.
Rebuild your sendmail.cf and restart sendmail.
Save the file.
Rebuild the sendmail server with the following command: reconfigure_mail rebuild

Sendmail

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Sendmail to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Here is a working sendmail.mc entry for Trend Micro RBL+ service.

FEATURE(`dnsbl',`activationcode.r.mail-abuse.com', ` "550 Mail from " $&{client_addr} " blocked using Trend Micro RBL+. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address =" $&{client_addr} ')dnl
Note :Make sure the FEATURE line you enter is one long line when you add it.

Rebuild your sendmail.cf and restart sendmail.

SonicWALL

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your SonicWALL server to use Trend Micro Network Reputation Services DNSBL zone.

You are looking for the RBL Domain Settings screen.
Click the box to the left of "Enable RBL Domain" to Enable RBL checking.
For "RBL Domain:" enter activationcode.r.mail-abuse.com
Under "RBL Blocked Responses" click "Block ALL Responses"
Click "OK"

NOTE: Some customers have told us that their version of SonicWALL has a 39 character limit and our RBL Domain entry is 48 characters. If your version has this limitation, please contact SonicWALL support to see if they have an update.

SpamAssassin

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your SpamAssassin server to use Trend Micro Network Reputation Services DNSBL zone.

SpamAssassin 3.00
http://www.spamassassin.org/

1. Edit /etc/mail/spamassassin/local.cf and add the following:

rewrite_header Subject *SPAM*
skip_rbl_checks 0
required_score 5
header RCVD_IN_TM_RBL_PLUS eval:check_rbl('tmrblplus','activationcode.r.mail-abuse.com.')
describe RCVD_IN_TM_RBL_PLUS Received via Trend Micro RBL+, see http://www.mail-abuse.com/cgi-bin/lookup
score RCVD_IN_TM_RBL_PLUS 5.0

NOTE: Make sure the header, describe and score lines do not have any line breaks.

That will add *SPAM* to the beginning of the subject line when a detection is made.
skip_rbl_checks 0 should be default, but just make sure.
The required_score needs to match the score you set for RCVD_IN_TM_RBL_PLUS

Sun ONE Messaging Server

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes.

NOTE: Trend Micro RBL+ service does not have TXT records for the error message. Please see the Sun ONE Messaging Server 6.0 Administrator's Guide, December 2003 http://docs-pdf.sun.com/816-6738-10/816-6738-10.pdf There is an example at the bottom of page 420 to specify the error message.Example: Edit your MAPPINGS file and look for the FROM_ACCESS section.NOTE: Make sure there are two spaces at the start of the TCP line.NOTE: Make sure each line is less than 252 characters.FROM_ACCESSTCP|*|25|*.*.*.*|*|SMTP*|*|tcp_local|* $[IMTA_LIB:dns_verify.so,dns_verify,+$4.$3.$2.$1.activationcode.r.mail-abuse.com.+$$N$$X5.5.0|IP$ $$1.$$2.$$3.$$4$ found$ on$ MAPS-RBL$ list+$$CTCP|$$0|25|$$1.$$2.$$3.$$4|$$5|SMTP$$6|$$7|tcp_local|$$8]

Now rebuild and restart the mail service. imsimta cnbuild imsimta restart dispatcher For more information on configuring Sun ONE Messaging Server, see http://docs-pdf.sun.com/816-6738-10/816-6738-10.pdf

SurfControl Email Filter

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your SurfControl to use Trend Micro Network Reputation Services DNSBL zone with a custom error message. To configure SurfControl E-mail Filter for RBLs In the Server Configuration Settings window, follow the steps below:

Open the E-Mail Filter Monitor.
Click the Server Configuration icon on the toolbar.
Click the SMTP tab.
Click the Enable RBL DNS Lookup check box.
Highlight Anti Spam Servers (RBL) and enter the domain name of an RBL. Enter: activationcode.r.mail-abuse.com

Sybari ANTIGEN

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Antigen server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Under Filtering/Mailhost Filtering there is a Mailhosts List box. Click 'RBL Servers' to see the current Filter Lists.
Below that, click 'Add'.
Enter activationcode.r.mail-abuse.com for the domain name of the RBL server and 'Save' it. Make sure the Filter is set to 'Enabled' Action: can be Skip/Purge/Identify (tag subject line)
Select 'Purge' to have it delete all email detected in Trend Micro service.

Symantec Anti-Virus for SMTP Gateways

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Symantec Anti-Virus for SMTP Gateways server to use Trend Micro Network Reputation Services DNSBL zone. For Symantec versions 3.1.0.29, 3.1.1.32, 3.2.x, 4.0, follow the steps below.

Under Blocking Policy/Anti-Spam click the small box on the left of DNSBL domain name and enter: activationcode.r.mail-abuse.com
Do not check the box "Identify spam by return codes", which appears under the domain name. That will block everything detected in Trend Micro service. Below that, select Drop message

Symantec Firewall

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Symantec Firewall to use Trend Micro Network Reputation Services DNSBL zone with a custom error message. 1. In SMTPD Properties, under Antispam Tab, check the box for "Use Black Hole List" and type activationcode.r.mail-abuse.com for the domain name for blackhole list · If nslookup 2.0.0.127.activationcode.r.mail-abuse.com fails, check the firewall log for the following dnsd warning...
"<TIME> <FIREWALL> dnsd[277]: 343 dnsd Warning: Asked about Address for <IP ADDRESS>.activationcode.r.mail-abuse.com. -- server <SERVER IP> sent (<IP ADDRESS>.activationcode.r.mail-abuse.com. A 127.1.0.4) - Answer includes data under our authority." · To fix: o Under DNS Records Tab rename 127.in-addr.arpa to 0.127.in-addr.arpa (original notes, try 1st) o rename 127.in-addr.arpa to 1.0.0.127.in-addr.arpa (try 2nd) o The web page says to restart the firewall computer, but for some cases it works without a restart. For more information refer to Symantec Knowledgebase Document ID: 2002060308412154 Document ID: 2002010905574554

Symantec Mail Security

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your Symantec server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Symantec Mail Security 4.5 for Microsoft Exchange

To block by real-time blacklists

1. Do one of the following:
. Open Symantec Mail Security for the single server.
. In the Symantec Mail Security for Microsoft Exchange console, in the left pane, select a server group.

2. In the left pane, expand Configuration.
3. Click Spam Prevention Settings.
4. In the right pane, under Real-time Blacklist Blocking, in the Domains of providers supporting IP-based lookup box, type the domains of the RBL providers. Separate domains with commas with no spaces between entries. RBL providers are queried in the order in which you list them. The first RBL provider to return a match during an SMTP connection results in the message being rejected, and no other RBL providers are queried.

Enter: activationcode.r.mail-abuse.com

5. Click Save.

Symantec Mail Security 5.0.3.360 for Microsoft Exchange did not work at this writing. You will need to download a patch from Symantec, but it is not available yet, 7/26/2006.

Trend Micro InterScan Messaging Security Suite for Windows

Note: If you have InterScan Messaging Security Suite for Windows, this requires InterScan Messaging Security Suite 5.5 SP4 or newer. Follow the steps below to configure your InterScan Messaging Security Suite to use Trend Micro Network Reputation Services DNSBL zone with a custom error message. 1. Open the GUI and click 'Configuration' 2. Under 'Configuration', click 'Product Licenses' 3. Under 'Network Reputation Services', click 'View license details' 4. Enter your activationcode 5. Under 'Configuration', select 'Network Reputation' 6. Check the box next to 'Enable Network Reputation Service' 7. Under 'Action:', select 'Default: intelligent action'
Click 'Save'

Tumbleweed Enterprise Mail Firewall

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes.

Follow the steps below to configure your Tumbleweed Enterprise Mail Firewall to use Trend Micro Network Reputation Services.

Login to the web manager Click "Setup" in the lower portion of the left pane Click "Relays" Scroll to DNSBL settings and enter the RBL name and select the action you wish to take if the sender is found on the RBL.

DNSBL Source Domain: activationcode.r.mail-abuse.com Response to Client: Refuse connection with a permanent error response.

Click "Setup" Click "Network Connections" Look for a "DNSBL" entry and check the box to enable it.

WatchGuard SpamScreen

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your WatchGuard SpamScreen to use Trend Micro Network Reputation Services.

In the Services Arena, double-click the SMTP Proxy icon. The service Properties dialog box opens.
Click the Properties tab.
Click Incoming. The Incoming SMTP Proxy dialog box appears displaying the General tab.
To check email against RBL servers, select "Use RBLs to determine the email's spam classification." You can now configure the RBL/DNS servers.
From the SpamScreen dialog box, click the RBL Lists tab.
Click Add and enter: activationcode.r.mail-abuse.com
Check the box next to: activationcode.r.mail-abuse.com
Click OK

XWall

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Follow the steps below to configure your XWall server to use Trend Micro Network Reputation Services DNSBL zone with a custom error message.

Under Options/Spam Tab, check the box to "Enable lookup of the IP address of the connecting host in the Spam Lookup Service database".
Below that is the list of Services.
Click 'New' and enter: activationcode.r.mail-abuse.com
For 'Action', select 'Block message transfer at the SMTP level'
Then, click 'Apply'

ZixCorp Message Inspector

Note: Insert your unique valid "activation code" to replace the instructional text example; do not include any dashes. Configure Message Inspector to use Trend Micro RBL+ Services DNSBL zone with a custom error message, follow the steps below:(For Reference click here )

Launch the Administration Client, login and go to Manage | MTA Configuration.
Scroll downwards to the Custom configuration field.
Enter the Realtime Blackhole List of your choosing. For Trend Micro RBL+, you should use the following:

FEATURE(`dnsbl',`activationcode.r.mail-abuse.com',` "550 Mail from " $&{client_addr} " refused. Please see http://www.mail-abuse.com/cgi-bin/lookup =" $&{client_addr} " for further information."')dnl
Note: Make sure that is one really long line. 4. Click the Apply button at the bottom to implement the change.