This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RBL working too well

Greetings, 

Yesterday morning I upgraded to firmware version 9.705-7. This morning at about 6:00 am the RBL feature has started rejecting well-known hosts. Shown here are oktax.state.ok and pharmacy.cvs.com. 

Checking pharmacy.cvs.com with www.anti-abuse.org I see that it's all green.

I have turned off the RBL checks in the SMTP Antispam page and those email addresses are now going through the mail server.
However, so are any 'bad-guy' sites that actually test as RBL failures. So, this is a workaround, not a fix.

Thoughts?



This thread was automatically locked due to age.
Parents
  • I see the pharmacy.cvs IP on the SORBS SPAM blacklist using mxtoolbox.com, but the OK State Tax Commission's IP is not listed anywhere. The cbl.abuseat.org RBL is one that you get when you select 'Use recommended RBLs'.  I would uncheck that for the time being and add zen.spamhaus.org to 'Extra RBL Zones'.

    To see all of the RBL-rejected addresses, run the following command:

         zgrep 'reason="rbl"' /var/log/smtp/2021/05/*26*|grep -oP 'from=".*?"'|sort -n|uniq -c

    That will let you know if any other desired domain is on an RBL.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bob, I flipped to the zen.spamhous.org site, and the first message blocked was from ADT... bounce.adtpulse.com
    MXTOOLBOX.com shows that domain as clean and green on all RBLs. 
    I've disabled it again. 
    That 'update' seems to be the same 9.705-7 that we're running. I'll take a closer look overnight when the users are quiet.

    Thanks.

Reply
  • Bob, I flipped to the zen.spamhous.org site, and the first message blocked was from ADT... bounce.adtpulse.com
    MXTOOLBOX.com shows that domain as clean and green on all RBLs. 
    I've disabled it again. 
    That 'update' seems to be the same 9.705-7 that we're running. I'll take a closer look overnight when the users are quiet.

    Thanks.

Children
  • It's time to open a case with Support.  If Up2Dating to 9.706-9 doesn't resolve this, they'll need to be involved.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA