What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Is there a list of anti spam black list servers?

Votes:

0

Is there a list of blacklist servers available that I can use with the IP on DNS Blacklist sensor?

anti-spam blacklist ip prtg sensor spam

Created on Jun 20, 2012 9:30:43 AM by  Daniel Zobel [Product Manager]

Last change on May 17, 2019 12:28:06 PM by  Maike Guba [Paessler Support] (2,404) 2 1



12 Replies

Accepted Answer

Votes:

0

This article applies as of PRTG 22

IP address on DNS blacklist servers

By default, the IP on DNS Blacklist sensor checks some default blacklist servers. You can add additional servers as a comma-separated list. See the links below for more servers.

Use with care

With each scanning interval, the IP on DNS Blacklist sensor queries all servers that you entered in the sensor settings. In our tests, 50 blacklist servers with a 5-minute scanning interval worked fine. Values in your network may vary, depending on the connection speed and availability of servers.

We recommend that you do not enter more than 10 servers to make sure that the sensor can complete the check within its scanning interval.

If you use too many blacklist servers, the sensor shows this error message:

Your request has timed out. Depending on the sensor type you use, the reason might be that the sensor could not connect to the target host or that a PowerShell command takes too long to execute. For more information, see https://kb.paessler.com/en/topic/71899 or https://kb.paessler.com/en/topic/37633. (code: PE018)

List of blacklist servers

  • access.redhawk.org
  • all.s5h.net
  • b.barracudacentral.org
  • bl.blocklist.de
  • bl.mailspike.org
  • bl.score.senderscore.com
  • bl.spamcop.net
  • bl.spameatingmonkey.net
  • cidr.bl.mcafee.com
  • db.wpbl.info
  • dnsbl-1.uceprotect.net
  • dnsbl-2.uceprotect.net
  • dnsbl-3.uceprotect.net
  • dnsbl.dronebl.org
  • dnsbl.justspam.org
  • dnsbl.kempt.net
  • dnsbl.sorbs.net
  • ips.backscatterer.org
  • ix.dnsbl.manitu.net
  • korea.services.net
  • mail-abuse.blacklist.jippg.org
  • psbl.surriel.com
  • spam.dnsbl.sorbs.net
  • spam.pedantic.org
  • spamsources.fabel.dk
  • tor.dan.me.uk
  • truncate.gbudb.net
  • ubl.unsubscore.com


Note: As of PRTG 15.2.17, the IP on DNS Blacklist sensor follows RFC 5782, where IPv4-based DNSxLs (blacklists and whitelists) must contain an entry for 127.0.0.2 for testing purposes. In previous versions, the sensor did not check this, which provided a false sense of security when using nonexisting (or no longer existing) DNS blacklist servers that always report that the IP address is not listed.

Created on Jun 20, 2012 9:37:22 AM by  Daniel Zobel [Product Manager]

Last change on Jan 3, 2023 7:54:29 AM by  Brandy Greger [Paessler Support]



Votes:

0

Many of the servers on that external list are now generating errors as per the note above. This is the edited list of servers from http://dnsbllookup.com/ which currently work ok with PRTG.

access.redhawk.org,all.s5h.net,all.spamrats.com,b.barracudacentral.org,bl.blocklist.de,bl.mailspike.org,bl.score.senderscore.com,bl.spamcop.net,bl.spameatingmonkey.net,cidr.bl.mcafee.com,db.wpbl.info,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,dnsbl-3.uceprotect.net,dnsbl.dronebl.org,dnsbl.justspam.org,dnsbl.kempt.net,dnsbl.sorbs.net,ips.backscatterer.org,ix.dnsbl.manitu.net,korea.services.net,mail-abuse.blacklist.jippg.org,psbl.surriel.com,spam.dnsbl.sorbs.net,spam.pedantic.org,spamsources.fabel.dk,tor.dan.me.uk,truncate.gbudb.net,ubl.unsubscore.co


Created on Oct 5, 2015 10:58:55 AM

Last change on Apr 14, 2020 10:27:25 AM by  Matthias Kupfer [Paessler Support]



Votes:

0

Hello, i want to check more than a Blacklist Server.

But i get the message "Error checking spam.dnsbl.sorbs, it contains no entry for 127.0.0.2"

Is the an workarround?

Created on Jun 23, 2016 9:59:16 AM



Votes:

0

@Stephan: The sensor will check the IP/DNS record of it's parent device against the blacklists. So the parent device must have an IP/DNS name which is reachable from the internet.
Best regards

Created on Jun 24, 2016 12:04:47 PM by  Konstantin Wolff [Paessler Support]



Votes:

0

Why does the sensor check the parent's IP ? Wouldn't be easier to scan a provided IP ?

According to this thread we should be able adding a provided line specifying IP and BL:

IPonDNSBL I suppose this is the sensor "IP on DNS blacklist" but I could not find a field for this line. Is there an old content?

Enter one or more blacklist servers to query. If you define several blacklist servers, separate the individual entries with commas and no spaces in between. Default is bl.spamcop.net. Further Help (Manual)

Thank you.

Created on May 15, 2017 7:28:50 AM

Last change on Nov 26, 2018 6:03:15 AM by  Luciano Lingnau [Paessler]



Votes:

0

Hi there,

The sensor uses the parents device IP/DNS name and queries this against the provided blacklist server or the provided list of blacklist servers.

Or do you want the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field?

Best regards.

Created on May 15, 2017 8:22:38 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

the sensor to have its own "Target IP/DNS name" field and the "Blacklist Servers" field?

YES

Finally my question is where should I insert this string ?

IPonDNSBL -ip=mail.paessler.com [-bl=bl.spamcop.net]

Created on May 15, 2017 8:50:05 AM

Last change on Nov 26, 2018 6:03:34 AM by  Luciano Lingnau [Paessler]



Votes:

0

Hi there,

I am afraid that we won't change this as almost all sensors are using the parent devices IP/DNS name, sorry.

To use the exe by yourself, simply provide the parameters "-ip" is the parameter for the IP/DNS name that has to be checked against the blacklist servers. The "-bl" server is for the blacklist server or the multiple blacklist servers.

Best regards.

Created on May 15, 2017 9:25:17 AM by  Dariusz Gorka [Paessler Support]



Votes:

0

Sure I understand that you won't change.

"To use the exe by yourself" What exe are we talking about ? Is it a exe behind the sensor ??

I can't see explaination about this here

I'm affraid I don't understand, what exactly PRTG provide to monitor for example our IPs for MX, SMTP. I'm confused because of these two links which explain different approach.

Because I monitor our Exchange server with a local IP. So I would have to add a "fake" device with the external IP and so on with all our IPs ?

Created on May 15, 2017 11:19:34 AM

Last change on Nov 26, 2018 6:04:03 AM by  Luciano Lingnau [Paessler]



Votes:

0

Hi there,

Well you have to provide the paramters "-ip" and "-bl" if you want to use the EXE behind the sensor, correct (ProgramDir\Sensor System).

As we have already explained, PRTG uses the IP or DNS Name of the parent device where the sensor is added to. The blacklist servers that are contacted are submitted via the sensor settings:

  • IP that will be checked (your MailServer) is set in the parent device
  • contacted Blacklist Servers are set in the sensor settings itself

So if you want to check multiple WAN IPs against the blacklist servers, then you have to add a device for each IP and a sensor to each device.

Best regards.

Created on May 15, 2017 8:55:52 PM by  Dariusz Gorka [Paessler Support]



Votes:

0

Okay I finally understood because you provided me the path for the EXE. I thaught I could use the EXE within PRTG and was looking in this way. In a command line it works well with sbl-xbl.spamhaus.org, bl.spamcop.net... I'll then probably write a PS script which use the EXE. I'm not a noob with but almost.

But also if the link of this page was not broken I would certainly have understood quicker "The Custom Sensor can be downloaded from this page"

Created on May 16, 2017 3:28:57 PM



Votes:

0

Hi there,

The sensor is actually provided by PRTG-Tools-Family, so you could also get the sensor there.

To use the sensor as a custom EXE, just copy it to "C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE" and add a "EXE/Script" Sensor within PRTG. In the sensor settings you can provide the parameter as following:

-ip=127.0.0.1 -bl=blacklist.server

Afterwards add the channel limit to the created channel by setting "Upper Error Limit" to "0" in the channel settings.

Best regards.

Created on May 16, 2017 7:16:52 PM by  Dariusz Gorka [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.