RBL Troubleshooting

‎11-02-2004

Article

Description This article troubleshoots RBLs (Realtime Blackhole Lists) if they are not satisfactorily blocking spam.

Components

All FortiGate units running FortiOS 2.8.

Steps or Commands

Remember you can only block or discard/reject spam through SMTP. This is most commonly used between mail servers or MTA to MTA. To check that an RBL is going to stop SMTP or tag POP3/IMAP spam, you can do a quick test.

In the following network scenario, you can check the RBL being used:

PC workstation -----|FGT|-----|Internet/RBL server|

On a terminal or at the DOS prompt, enter the command:

nslookup 178.34.231.205.list.dsbl.org

Replace list.dsbl.org with the RBL you are using. This IP is a known bad IP, entered backwards. This is only being used for the purposes of this test. You can substitute another IP in the same format, backward.RBL, but this is one that can be used for testing. The expected return from this command will contain 127.0.0.2. We do accept returns other that 127.0.0.2. We actually accept any return 127.0.0.X

If you don’t get the expected return, check that your PC is using the same DNS as the FortiGate unit.

If the test passes but anti-spam still fails, do an execute ping from the command line of the FortiGate:

exec ping <RBL server IP>.

This will check that the FortiGate unit is able to resolve this server name and IP.