DNSBL

DNSBL stands for Domain Name System Block List. Most DNSBL systems list IP addresses, often those that have been observed by the list operator to be sending spam, hosting spammers, or by policy not allowed to deliver email directly to servers using that particular DNSBL. These lists are used by applications to decrease the delivery of spam email. Some DNSBLs have other listing criteria, for example geographic lists of IPs by country, or other categories, too, and they may be used for a variety of purposes.

DNSBLs which list domain names are called URIBLs.

It is important to note that a DNSBL cannot stop anyone from sending mail, it only prevents delivery at the receiving end, by the receiver's instruction. DNSBLs are strictly defensive tools, they cannot do any offensive damage such as denial of service attacks.

zen.spamhaus.org
ZEN is the combination of all Spamhaus DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, the XBL and the PBL blocklist.

In most cases, zen.spamhaus.org replaces sbl-xbl.spamhaus.org. If you are currently using sbl-xbl.spamhaus.org you should now replace 'sbl-xbl.spamhaus.org' with 'zen.spamhaus.org'.

zen.spamhaus.org should now be the only spamhaus.org DNSBL in your configuration. You should not use ZEN together with other Spamhaus blocklists, or with blocklists already included in our zones (such as the CBL) or you will simply be wasting DNS queries and slowing your mail queue.

Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers). Do not use ZEN in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers.

SBL (Spamhaus Block List)
The Spamhaus Block List (SBL) is a realtime database of IP addresses of verified spam sources and spam operations (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help email administrators better manage incoming email streams.

XBL (Exploits Block List)
The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.

PBL (Policy Block List)
The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.

PBL IP address ranges are added and maintained by each network participating in the PBL project, working in conjunction with the Spamhaus PBL team, to help apply their outbound email policies.

Additional IP address ranges are added and maintained by the Spamhaus PBL Team, particularly for networks which are not participating themselves (either because the ISP/block owner does not know about, is proving difficult to contact, or because of language difficulties), and where spam received from those ranges, rDNS and server patterns are consistent with end-user IP space which typically contain high concentrations of "botnet zombies", a major source of spam. Once aware of them, the ISP/block owner can take over such records at any time to manage them further.

The PBL lists both dynamic and static IPs, any IP which by policy (whether the block owner's or -interim in its absence- Spamhaus' policy) should not be sending email directly to the MX servers of third parties.

Using zen.spamhaus.org with Postfix
In /etc/postfix/main.cf add reject_rbl_client zen.spamhaus.org to the smtpd_recipient_restrictions section. This entry should be near the bottom of the list since DNSBL's use more resources then most other tests. smtpd_recipient_restrictions = ...   reject_rbl_client zen.spamhaus.org

zen.spamhaus.org troubleshooting
To troubleshoot an address, you need to query the spamhaus DNS servers. So if you were trying troubleshooting the domain mattrude.com, first you need to find the name of the domain's mail server. mattrude.com mail is handled by 10 mail.mattrude.com. So since we now know what the mail server's name is we need to find it's IP address. mail.mattrude.com has address 76.17.242.165 Now lets query spamhaus. Spamhaus uses the inverse IP address as a subdomain of the DNSBL zone. So for IP address 76.17.242.165 you would query spamhaus by running. 165.242.17.76.zen.spamhaus.org has address 127.0.0.10 As you can see by the table below, this address is being blocked by the PBL list.
 * 1) host mattrude.com
 * 1) host mail.mattrude.com
 * 1) host 165.242.17.76.zen.spamhaus.org