today it seems like the RBL Pattern is broken, some E-Mails are getting blocked who are not on the Blacklist.
We are seeing the same thing with multiple customers.
The log says that IPs are blocked due to an RBL entry with cbl.abuseat.org or sbl-xbl.spamhaus.org and rejects the mail. But when you check with the…
This is currently a known issue and is being investigated actively under NUTM-13047
The current Work Around is:
Uncheck "Use recommended RBL" and enter in a custom RBL if necessary.
Do not use cbl.abuseat.org as a custom RBL at present.
An additional Work Around has been provided by GES.
Option 1:Uncheck "Use recommended RBL" and enter in a custom RBL if necessary.Do not use cbl.abuseat.org as a custom RBL at present if you use public DNS.www.anti-abuse.org/.../ Contains a listing of common RBLs
Option 2:Under Network Services>DNS>Request Routing add cbl.abuseat.org to the domain field and then either directly add the Spamhaus IP or an alternate DNS server to not forward this domain via public DNS.
I am a little bit confused. We had the zen.spamhaus.org in our custom RBL not zen.spamHOUSE.org.
I think zen.spamhaus.org is the real problem with RBL because the rbl blockings are not only wiithspamhaus.org, also abuseat.org blocks the same ip addresses.
As you can read at abuseat.org
"IMPORTANT TO ALL CBL users: If you were using the CBL to filter access to your mail servers or anything else, you will need to take note of several changes to the CBL that occured in January 2021. In short, the CBL infrastructure was replaced by the Spamhaus XBL structure, the lookup pages and access methods have changed."
they changed their infrastructure to spamhaus.
Because of the fact that abuseat.org is in the recommended RBLs of sophos all utm customers run into the same problem.
So we disabled the recommendes rbl and used two other rbl lists as workaround.