This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RBL working too well

Greetings, 

Yesterday morning I upgraded to firmware version 9.705-7. This morning at about 6:00 am the RBL feature has started rejecting well-known hosts. Shown here are oktax.state.ok and pharmacy.cvs.com. 

Checking pharmacy.cvs.com with www.anti-abuse.org I see that it's all green.

I have turned off the RBL checks in the SMTP Antispam page and those email addresses are now going through the mail server.
However, so are any 'bad-guy' sites that actually test as RBL failures. So, this is a workaround, not a fix.

Thoughts?



This thread was automatically locked due to age.
Parents
  • I see the pharmacy.cvs IP on the SORBS SPAM blacklist using mxtoolbox.com, but the OK State Tax Commission's IP is not listed anywhere. The cbl.abuseat.org RBL is one that you get when you select 'Use recommended RBLs'.  I would uncheck that for the time being and add zen.spamhaus.org to 'Extra RBL Zones'.

    To see all of the RBL-rejected addresses, run the following command:

         zgrep 'reason="rbl"' /var/log/smtp/2021/05/*26*|grep -oP 'from=".*?"'|sort -n|uniq -c

    That will let you know if any other desired domain is on an RBL.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Well, I updated to 9.706-9 and zen.spamhaus.org blocked live.com
    mxtoolbox.com shows live.com to be OK!

  • This reply was deleted.
  • also. long as we both admit we're obsessed or great at spam filtering, invaluement DNSBL list has been super awesome for the last 3 years I've used it, the owner is Rob McEwen, on linkedin also, we discuss this kind of nonsense.  Invaluement has a free trial to show it works,  just register the IPs and you're done, they're rolling out a newer system that will get around the big dns IDIOTS issues. for example, you've probably learned this the hard way also, never ever use 1111 9999 8888 for dns on the sophos.  psychological damage will occur.   hahaThank you sir

  • when i said inexperienced people, I mean at SPAMHAUS.....

Reply Children
No Data