You've got a bunch going on here. First, take a look at the noRBL entry. You could exclude the single IP from having DNSBL used. You could also list the Ip in whiteListedIPs, which is just a list, not something through DNS.
If there's a reason you have to use DNSBL, you'll need to be able to exclude the single IP one way or another. I'm not sure what DNS BL topology you're using, but instead of having the entire 170.0.0.0/8 subnet, you could break that up into smaller subnets that exclude the single IP that you don't want in there. Starting point: 170.0.0.0/10 (gets you 170.0.0.0. through 170.63.255.255) 170.64.0.0/13 (170.64.0.0-170.71.255.255) 170.72.0.0./14 (170.72.0.0-170.75.255.255) keep going for the full range, just don't include 174.77.239.34, so you'll have to have a couple of /32 in there. You also need to look at if you're outright blocking DNS BL matches or just scoring. If it's blocking, no matter what happens next (including a specific Ip being in TWL, the message will be rejected. Why do you have you DNS BL set up with such a huge range? You want to outright reject any message from 1/255th of the internet (the entire class A starting with 170.)? Why are you hosting your own DNSBL? Have you looked at using public dnsbl services (Free) to block (or score) known bad senders? On Wed, Nov 3, 2021 at 9:36 AM Farokh - Best Tech Service, LLC < far...@besttechsvc.com> wrote: > I'm still getting messages rejected when they are coming from IP addresses > that are within a blacklisted range, as well as being whitelisted. > > In my BL DNS I have an entry for 174.0.0.0 > > I also have a WL DNS entry for 174.77.239.34 > > Here are the ASSP headers for an email that was rejected: > > Received: from assp.xmsi.net (ns1.xmsi.net [165.254.4.23]) > by linuxmail.xmsi.net (Postfix) with ESMTP id 9413E2486F16 > for <s...@besttechsvc.com> <s...@besttechsvc.com>; Tue, 2 Nov 2021 > 13:54:34 -0400 (EDT) > X-Assp-Version: 2.6.5(21218) on assp.xmsi.net > X-Assp-ID: assp.xmsi.net m1-75672-02918 > X-Assp-Session: 7FAFD12372D0 (mail 1) > X-Assp-Intended-For-IP: 165.254.4.49 > X-Assp-Client-TLS: yes > X-Assp-Server-TLS: yes > X-Assp-Received-RWL: whitelisted from (wl.mcf.com->127.0.4.3; > ) - high trust is 2-[medium] - client-ip=174.77.239.34 > X-Original-Authentication-Results: assp.xmsi.net; dkim=invalid > X-Assp-Message-Score: 15 (DKIM invalid) > X-Assp-IP-Score: 15 (DKIM invalid) > X-Assp-Message-Score: 60 (DNSBL: failed, 174.77.239.34 listed in > bl.mcf.com) > X-Assp-IP-Score: 60 (DNSBL: failed, 174.77.239.34 listed in bl.mcf.com) > X-Assp-DNSBL: failed, 174.77.239.34 listed in (bl.mcf.com<-127.0.0.8) > X-Assp-Message-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net') > X-Assp-IP-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net') > X-Assp-Tag: MessageLimit > X-Assp-Spam: YES > X-Spam-Status:yes > X-Assp-Spam-Reason: MessageScore 90, limit 50 > X-Assp-Message-Totalscore: 90 > X-Assp-Spam-Level: ******************* > > What do I need to do to ensure that whitelisted IPs always get the OK? > > Thanks. > > -- > > Farokh > ---------------------------------------------------------------------------- > Best Tech Service, LLC - When only the Best Tech will do... > For all your technology needs including hosting solutions. > Office: 845-735-0210 > Cell: 914-262-1594 > Like us on Facebook: https://www.facebook.com/besttechsvc > > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user >
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
