Hi everyone, a customer told us today to add some custom RBLs at his UTM, because he is getting a lot of spam and the "recommended RBLs" are not enough for him. So I added four RLBs today: zen.spamhaus.org psbl.surriel.com sbl-xbl.spamhaus.org blackholes.easynet.nl As soon as I configured it like that, nearly all incoming mails are blackholed as spam, even if their IPs are NOT on any spamlist. Does anybody know that problem with custom RBLs? Best regards, Johnny

The final answer from the Sophos support is here. The RBLs abuseat and spamhaus changed something and they do not work, if you use public DNS servers, like we do with cloudflare. If you want those RBLs and use public DNS servers, you need to create a DNS request route for those specific domains, so that they will be resolved by your local ISP. I don't get it why/how DNS is involved in that, but I did it and now spamhaus is working without any problems. support.sophos.com/.../KB-000043004

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RBL blocking all mails

JohnnyInc over 1 year ago

Hi everyone,

a customer told us today to add some custom RBLs at his UTM, because he is getting a lot of spam and the "recommended RBLs" are not enough for him.

So I added four RLBs today:

zen.spamhaus.org
psbl.surriel.com
sbl-xbl.spamhaus.org
blackholes.easynet.nl

As soon as I configured it like that, nearly all incoming mails are blackholed as spam, even if their IPs are NOT on any spamlist.

Does anybody know that problem with custom RBLs?

Best regards, Johnny

This thread was automatically locked due to age.

Top Replies

PhilippRusch over 1 year ago +1

Hello Johnny, you should remove the two spamhaus.org entries. I don't remember exactly, but either there was a problem or they are not in business for Sophos UTM usage anymore.

Parents

0 PhilippRusch over 1 year ago

Hello Johnny,

you should remove the two spamhaus.org entries. I don't remember exactly, but either there was a problem or they are not in business for Sophos UTM usage anymore.

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 JohnnyInc over 1 year ago in reply to PhilippRusch
Thank you very much for your fast and very helpful reply. In the meantime I opened a ticket at Sophos, but it hasn't been helpful yet.

I removed the two spamhaus RBLs and added yours so I have now:

ix.dnsbl.manitu.net

bl.spamcop.net

dnsbl-1.uceprotect.net

dnsbl-2.uceprotect.net

psbl.surriel.com

blackholes.easynet.nl

dnsbl.sorbs.net

blackholes.mail-abuse.org

and there was not one false positive yet.

Of course it would be nice to use spamhaus because I consider spamhaus as the biggest, safest and most spam defending RLB in Europe (hopefully I am not right with that, if we could not use them), so it would be nice if we could use them.

If my Sophos support ticket leads anywhere, I will let anybody now.

Thank you very much!
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JohnnyInc over 1 year ago in reply to PhilippRusch
Thank you very much for your fast and very helpful reply. In the meantime I opened a ticket at Sophos, but it hasn't been helpful yet.

I removed the two spamhaus RBLs and added yours so I have now:

ix.dnsbl.manitu.net

bl.spamcop.net

dnsbl-1.uceprotect.net

dnsbl-2.uceprotect.net

psbl.surriel.com

blackholes.easynet.nl

dnsbl.sorbs.net

blackholes.mail-abuse.org

and there was not one false positive yet.

Of course it would be nice to use spamhaus because I consider spamhaus as the biggest, safest and most spam defending RLB in Europe (hopefully I am not right with that, if we could not use them), so it would be nice if we could use them.

If my Sophos support ticket leads anywhere, I will let anybody now.

Thank you very much!
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data