Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 9702 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

black.rbl.ctipd.astaro.local blocking emails for one user but not another

jraley
I have someone emailing to my company from a @bellsouth.net address (which is actually yahoo email servers) and it is getting: Rejected: RBL (black.rbl.ctipd.astaro.local). Another person is able to receive email from this same email address with no problems.

Here are the errors I see in the SMTP Log:

Delivery from 98.139.44.112 rejected. Check at Check IP Reputation | Commtouch - Internet Security Solutions. Reference code: tid=0001.0A090301.4DA1F949.0153

Delivery from 98.139.44.129 rejected. Check at Check IP Reputation | Commtouch - Internet Security Solutions. Reference code: tid=0001.0A090304.4DA39AA2.0003

Yet when I check the IP addresses at commtouch, I get the result of:

IP Query Result:
 IP Address: 98.139.44.112
 Risk Level: No Risk
 Description: This IP address has not been used for sending Spam

IP Query Result:
 IP Address: 98.139.44.129
 Risk Level: No Risk
 Description: This IP address has not been used for sending Spam


This thread was automatically locked due to age.
  • 0
    Based on a quick google search for 98.139.44.129, I would say they are in fact sending spam.
  • 0
    It wasn't spam. It was coming from a person that is known. I am guessing commtouch was having some issues. It would block the emails to one of my users and then allow it to his secretary. Both of those IP addresses are Yahoo mail servers that handle the Bellsouth.net domain emails now.
  • 0

    EDIT 2020 June 02: CommTouch was purchased several years ago and is now named Cyren.  I have corrected the link.

    That IP currently is listed by CommTouch as "High RisK".  They probably have an automated tool that monitors some honeypots and populates their list quickly when an outbreak is seen.

    You can check and report false positives here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Being a yahoo mail server, I am sure it does send out a lot of spam. I just thought it was odd that it would block to one user and then not the other. I whitelisted the email address and I haven't seen it block it since so hopefully it won't pose a problem.
  • 0
    We are having the same issue with both @yahoo.com and @rogers.com e-mail both their mail servers show high risk.  We had this issue since shortly after we switch to v8.1 and are now looking at adding our own blacklist server instead of the default ones Astaro have.
  • 0
    Staffa, I don't think that has anything to do with the RBLs listed in the Astaro.  That's the CommTouch Reputation check that rejected the emails in jraley's example above.  I'm not sure why he mentioned black.rbl.ctipd.astaro.local.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    That was just the reason for rejection in the Mail Manager before I dug into the SMTP logs to see exactly what was going on. It was a little misleading.
Unfiltered HTML