Automatically allow for subdomains of configured upstream relays.

REJECTED:  black.rbl.ctipd.astaro.local

Not sure what changed earlier today, but it was necessary to add msf1  to my existing dnsmadeeasy.com upstream relay. 

What about an upstream relay entry like:  *.dnsmadeeasy.com

 

  • I'm confused, William.

    I don't understand what was REJECTED or where you saw that message.

    What is your dnsmadeeasy.com upstream relay and what is msf1?

    If you're talking about a network definition, wildcards don't work.

    Cheers - Bob

  • In reply to BAlfson:

    Sorry,  msf1 being a subdomain of dnsmadeeasy.com  --  msf1.dnsmadeeasy.com

    I  had an existing upstream exclusion for dnsmadeeasy.com that's been working since forever, but I'm guessing DME began forwarding via the msf1 subdomain which wasn't explicitly trusted. 

    Thanks for the response and info regarding wildcards.  

     

    BTW, here's a UTM rejection subsequently reported back to the sender by DME (sent by me via gmail.)

    ---------------------------------------------------

    This is the mail system at host msf1.dnsmadeeasy.com.

    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.

    For further assistance, please send mail to postmaster.

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

    The mail system

    <me@my-server.com>: host utm.my-server.com[##.###.###.###] said:
    550-delivery from 208.80.120.35 is rejected. Check at
    550-www.commtouch.com/.../Check_IP_Reputation.asp.
    Reference 550 code:tid=#####.#######.#####.##### (in reply to RCPT TO
    command)

    ....

     

  • In reply to WilliamByrne:

    Ah, I understand now, William.  I've moved this thread to the Mail Protection forum - I should have realized that as your first post used the term "upstream relay."

    That CommTouch link is an old link.  The current one is: http://www.cyren.com/security-center/ip-reputation-check.  That is the basis for being included in black.rbl.ctipd.astaro.local.  It's the only RBL kept locally in the UTM and is the first one considered by the SMTP Proxy.  That IP is no longer listed and so should have disappeared from black.rbl.ctipd.astaro.local.

    DNSMadeEasy should have informed you that they were changing the IP that they were sending from.  Part of the advantage of using one of those outside services is the ability to select 'Allow upstream/relay hosts only'.  They don't charge much though, so it may be too much to expect.

    Cheers - Bob

  • In reply to BAlfson:

    Good to know re CommTouch.  

    I'll check to see if there were any related notices from DME that I overlooked; otherwise, I'll get in touch to request notices in the future.

    Thanks again!

  • In reply to WilliamByrne:

    I saw a Sophos employee post in another thread that CommTouch/Cyren had had a glitch that resulted in a blowup of false positives, but that it's now repaired.

    Cheers - Bob