subject:"Re\: \[Assp\-user\] Still confused about whitelisting ip addresses."

Re: [Assp-user] Still confused about whitelisting ip addresses.

2021-11-16 Thread Thomas Eckardt

>X-Assp-Received-RWL: whitelisted from (wl.mcf.com->127.0.4.3;
>) - high trust is 2-[medium] - client-ip=174.77.239.34

The highest trust value is 2, which is one too less to whitelist the mail.

If you expect that your local rwl works the same way like list.dnswl.org 
(the trust would be 3 for 127.0.4.3) , you need to register your local rwl 
(wl.mcf.com) in $dnswlorg or you need to rename your local rwl to 
something like: list.dnswl.org.wl.mcf.com
check your RWL settings
increase RWLLog and watch assp log

Read the manual for RWL providers again and have a look in to the code 
(near line 650)

###
# DNSWL.ORG special settings for local instances  #
###
# #

>I tried adding IPs to an onRBL file, and they still got blocked.

If an IP is in noRBL it can be blocked by any feature but not by RBL!

If a mail is whitelisted or rwlok or both, the RBL check is skipped!

You need to enable RWLwhitelisting to process high trust RWL-listed mails 
as whitelisted. The 'rwlok' flag is less "white" than the 'whitelisted' 
flag. For the 'rwlok' to be set, the highest trust or RWLminhits must be 
reached.

Thomas

Von:"Farokh - Best Tech Service, LLC" 
An: "For Users of ASSP" 
Datum:  16.11.2021 13:01
Betreff:    Re: [Assp-user] Still confused about whitelisting ip 
addresses.

I tried adding IPs to an onRBL file, and they still got blocked.
Now I'm trying to add IPs to the noProcessingIPs list.
I don't see why it should be so difficult :( 

Farokh

Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook: https://www.facebook.com/besttechsvc
On 11/6/21 10:49, K Post wrote:
Hey, if that methodology works for you, have at it.  

How about adding the exception IP to a noRBL file so that this specific IP 
isn't checked against the DNS BL
Enter IP addresses that you don't want to be DNSBL validated, separated by 
pipes (|). For example: 127.0.0.1|172.16.

If you're only scoring for ValidateRBL (which is what controls after a 
DNSBL hit - I'm not interested in DoBlackDomain here), then the score plus 
other scoring must have pushed the hit beyond the threshold. Take a look 
at your log and analyze. 

Hope this helps.
Ken

On Sat, Nov 6, 2021 at 8:02 AM Farokh - Best Tech Service, LLC <
far...@besttechsvc.com> wrote:
I use my own DNS based blacklist and whitelist, along with a couple of 
public ones (such as spamcop, etc). The reason I use my own is so I can 
add entries as I see fit. I'm only running email for a few people, so I 
can block ranges that normally would have to be open. I've been doing this 
for something like 10+ years, so I've built up a large database of IP 
addresses that are blacklisted, along with ones that are whitelisted.
I actually duplicate the whitelisted IPs. Not only do I have a DNS WL, but 
I also have them all listed in the whiteListedIPs file.
I don't want to have to break up /8s into smaller subnets. It would become 
a logistical nightmare to try and keep track of it all, and from what I 
can tell most of the time, the whitelist works, it's just sometimes that 
it fails, and I can't seem to track down why.
I'm using score for DoBlackDomain, but I'm not 100% sure that answers your 
comment about blocking DNS BL matches.
Thanks.
Farokh

Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook: https://www.facebook.com/besttechsvc
On 11/3/21 11:45, K Post wrote:
You've got a bunch going on here.   

First, take a look at the noRBL entry.  You could exclude the single IP 
from having DNSBL used.  You could also list the Ip in whiteListedIPs, 
which is just a list, not something through DNS.

If there's a reason you have to use DNSBL, you'll need to be able to 
exclude the single IP one way or another.
I'm not sure what DNS BL topology you're using, but instead of having the 
entire 170.0.0.0/8 subnet, you could break that up into smaller subnets 
that exclude the single IP that you don't want in there.  Starting point:

170.0.0.0/10  (gets you 170.0.0.0. through 170.63.255.255)
170.64.0.0/13  (170.64.0.0-170.71.255.255)
170.72.0.0./14 (170.72.0.0-170.75.255.255)
keep going for the full range, just don't include 174.77.239.34, so you'll 
have to have a couple of /32 in there.

You also need to look at if you're outright blocking DNS BL matches or 
just scoring.  If it's blocking, no matter what happens next (including a 
specific Ip being in TWL, the message will

Re: [Assp-user] Still confused about whitelisting ip addresses.

2021-11-16 Thread Farokh - Best Tech Service, LLC


I tried adding IPs to an onRBL file, and they still got blocked.

Now I'm trying to add IPs to the noProcessingIPs list.

I don't see why it should be so difficult :(

Farokh

Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc

On 11/6/21 10:49, K Post wrote:

Hey, if that methodology works for you, have at it.

How about adding the exception IP to a *noRBL *file so that this 
specific IP isn't checked against the DNS BL


Enter IP addresses that you don't want to be DNSBL validated,
separated by pipes (|). For example: 127.0.0.1|172.16.

If you're only scoring for ValidateRBL (which is what controls after a 
DNSBL hit - I'm not interested in DoBlackDomain here), then the score 
plus other scoring must have pushed the hit beyond the threshold. Take 
a look at your log and analyze.


Hope this helps.
Ken




On Sat, Nov 6, 2021 at 8:02 AM Farokh - Best Tech Service, LLC 
 wrote:


I use my own DNS based blacklist and whitelist, along with a
couple of public ones (such as spamcop, etc). The reason I use my
own is so I can add entries as I see fit. I'm only running email
for a few people, so I can block ranges that normally would have
to be open. I've been doing this for something like 10+ years, so
I've built up a large database of IP addresses that are
blacklisted, along with ones that are whitelisted.

I actually duplicate the whitelisted IPs. Not only do I have a DNS
WL, but I also have them all listed in the whiteListedIPs file.

I don't want to have to break up /8s into smaller subnets. It
would become a logistical nightmare to try and keep track of it
all, and from what I can tell most of the time, the whitelist
works, it's just sometimes that it fails, and I can't seem to
track down why.

I'm using score for DoBlackDomain, but I'm not 100% sure that
answers your comment about blocking DNS BL matches.

Thanks.

Farokh

Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc

On 11/3/21 11:45, K Post wrote:

You've got a bunch going on here.

First, take a look at the noRBL entry.  You could exclude the
single IP from having DNSBL used.  You could also list the Ip in
whiteListedIPs, which is just a list, not something through DNS.

If there's a reason you have to use DNSBL, you'll need to be able
to exclude the single IP one way or another.
I'm not sure what DNS BL topology you're using, but instead of
having the entire 170.0.0.0/8  subnet, you
could break that up into smaller subnets that exclude the single
IP that you don't want in there.  Starting point:

170.0.0.0/10   (gets you 170.0.0.0. through
170.63.255.255)
170.64.0.0/13   (170.64.0.0-170.71.255.255)
170.72.0.0./14 (170.72.0.0-170.75.255.255)
keep going for the full range, just don't include 174.77.239.34,
so you'll have to have a couple of /32 in there.

You also need to look at if you're outright blocking DNS BL
matches or just scoring.  If it's blocking, no matter what
happens next (including a specific Ip being in TWL, the message
will be rejected.

Why do you have you DNS BL set up with such a huge range?  You
want to outright reject any message from 1/255th of the internet
(the entire class A starting with 170.)?  Why are you hosting
your own DNSBL?  Have you looked at using public dnsbl services
(Free) to block (or score) known bad senders?



On Wed, Nov 3, 2021 at 9:36 AM Farokh - Best Tech Service, LLC
 wrote:

I'm still getting messages rejected when they are coming from
IP addresses that are within a blacklisted range, as well as
being whitelisted.

In my BL DNS I have an entry for 174.0.0.0

I also have a WL DNS entry for 174.77.239.34

Here are the ASSP headers for an email that was rejected:

Received: fromassp.xmsi.net    (ns1.xmsi.net  
  [165.254.4.23])
bylinuxmail.xmsi.net    (Postfix) 
with ESMTP id 9413E2486F16
for  ; Tue,  
2 Nov 2021 13:54:34 -0400 (EDT)
X-Assp-Version: 2.6.5(21218) onassp.xmsi.net  
X-Assp-ID:assp.xmsi.net    m1-75672-02918
X-Assp-Session: 7FAFD12372D0 (mail 1)
X-Assp-Intended-For-IP: 165.254.4.49

Re: [Assp-user] Still confused about whitelisting ip addresses.

2021-11-06 Thread Farokh - Best Tech Service, LLC

I use my own DNS based blacklist and whitelist, along with a couple of 
public ones (such as spamcop, etc). The reason I use my own is so I can 
add entries as I see fit. I'm only running email for a few people, so I 
can block ranges that normally would have to be open. I've been doing 
this for something like 10+ years, so I've built up a large database of 
IP addresses that are blacklisted, along with ones that are whitelisted.


I actually duplicate the whitelisted IPs. Not only do I have a DNS WL, 
but I also have them all listed in the whiteListedIPs file.


I don't want to have to break up /8s into smaller subnets. It would 
become a logistical nightmare to try and keep track of it all, and from 
what I can tell most of the time, the whitelist works, it's just 
sometimes that it fails, and I can't seem to track down why.


I'm using score for DoBlackDomain, but I'm not 100% sure that answers 
your comment about blocking DNS BL matches.


Thanks.

Farokh

Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc

On 11/3/21 11:45, K Post wrote:

You've got a bunch going on here.

First, take a look at the noRBL entry.  You could exclude the single 
IP from having DNSBL used.  You could also list the Ip in 
whiteListedIPs, which is just a list, not something through DNS.


If there's a reason you have to use DNSBL, you'll need to be able to 
exclude the single IP one way or another.
I'm not sure what DNS BL topology you're using, but instead of having 
the entire 170.0.0.0/8  subnet, you could break 
that up into smaller subnets that exclude the single IP that you don't 
want in there.  Starting point:


170.0.0.0/10   (gets you 170.0.0.0. through 
170.63.255.255)

170.64.0.0/13   (170.64.0.0-170.71.255.255)
170.72.0.0./14 (170.72.0.0-170.75.255.255)
keep going for the full range, just don't include 174.77.239.34, so 
you'll have to have a couple of /32 in there.


You also need to look at if you're outright blocking DNS BL matches or 
just scoring.  If it's blocking, no matter what happens next 
(including a specific Ip being in TWL, the message will be rejected.


Why do you have you DNS BL set up with such a huge range? You want to 
outright reject any message from 1/255th of the internet (the entire 
class A starting with 170.)?  Why are you hosting your own DNSBL?  
Have you looked at using public dnsbl services (Free) to block (or 
score) known bad senders?




On Wed, Nov 3, 2021 at 9:36 AM Farokh - Best Tech Service, LLC 
 wrote:


I'm still getting messages rejected when they are coming from IP
addresses that are within a blacklisted range, as well as being
whitelisted.

In my BL DNS I have an entry for 174.0.0.0

I also have a WL DNS entry for 174.77.239.34

Here are the ASSP headers for an email that was rejected:

Received: fromassp.xmsi.net    (ns1.xmsi.net  
  [165.254.4.23])
bylinuxmail.xmsi.net    (Postfix) with ESMTP 
id 9413E2486F16
for  ; Tue,  2 Nov 
2021 13:54:34 -0400 (EDT)
X-Assp-Version: 2.6.5(21218) onassp.xmsi.net  
X-Assp-ID:assp.xmsi.net    m1-75672-02918
X-Assp-Session: 7FAFD12372D0 (mail 1)
X-Assp-Intended-For-IP: 165.254.4.49
X-Assp-Client-TLS: yes
X-Assp-Server-TLS: yes
X-Assp-Received-RWL: whitelisted from (wl.mcf.com->127.0.4.3;
) - high trust is 2-[medium] - client-ip=174.77.239.34
X-Original-Authentication-Results:assp.xmsi.net  ; 
dkim=invalid
X-Assp-Message-Score: 15 (DKIM invalid)
X-Assp-IP-Score: 15 (DKIM invalid)
X-Assp-Message-Score: 60 (DNSBL: failed, 174.77.239.34 listed in
bl.mcf.com  )
X-Assp-IP-Score: 60 (DNSBL: failed, 174.77.239.34 listed inbl.mcf.com  
)
X-Assp-DNSBL: failed, 174.77.239.34 listed in (bl.mcf.com  
<-127.0.0.8)
X-Assp-Message-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net  
')
X-Assp-IP-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net  
')
X-Assp-Tag: MessageLimit
X-Assp-Spam: YES
X-Spam-Status:yes
X-Assp-Spam-Reason: MessageScore 90, limit 50
X-Assp-Message-Totalscore: 90
X-Assp-Spam-Level: ***

What do I need to do to ensure that whitelisted IPs always get the OK?

Thanks.

-- 


Farokh

Best Tech Service, LLC - When only the Best Tech will do...
For all your

Re: [Assp-user] Still confused about whitelisting ip addresses.

2021-11-03 Thread K Post

You've got a bunch going on here.

First, take a look at the noRBL entry.  You could exclude the single IP
from having DNSBL used.  You could also list the Ip in whiteListedIPs,
which is just a list, not something through DNS.

If there's a reason you have to use DNSBL, you'll need to be able to
exclude the single IP one way or another.
I'm not sure what DNS BL topology you're using, but instead of having the
entire 170.0.0.0/8 subnet, you could break that up into smaller subnets
that exclude the single IP that you don't want in there.  Starting point:

170.0.0.0/10  (gets you 170.0.0.0. through 170.63.255.255)
170.64.0.0/13  (170.64.0.0-170.71.255.255)
170.72.0.0./14 (170.72.0.0-170.75.255.255)
keep going for the full range, just don't include 174.77.239.34, so you'll
have to have a couple of /32 in there.

You also need to look at if you're outright blocking DNS BL matches or just
scoring.  If it's blocking, no matter what happens next (including a
specific Ip being in TWL, the message will be rejected.

Why do you have you DNS BL set up with such a huge range?  You want to
outright reject any message from 1/255th of the internet (the entire class
A starting with 170.)?  Why are you hosting your own DNSBL?  Have you
looked at using public dnsbl services (Free) to block (or score) known bad
senders?

On Wed, Nov 3, 2021 at 9:36 AM Farokh - Best Tech Service, LLC <
far...@besttechsvc.com> wrote:

> I'm still getting messages rejected when they are coming from IP addresses
> that are within a blacklisted range, as well as being whitelisted.
>
> In my BL DNS I have an entry for 174.0.0.0
>
> I also have a WL DNS entry for 174.77.239.34
>
> Here are the ASSP headers for an email that was rejected:
>
> Received: from assp.xmsi.net (ns1.xmsi.net [165.254.4.23])
>   by linuxmail.xmsi.net (Postfix) with ESMTP id 9413E2486F16
>   for  ; Tue,  2 Nov 2021 
> 13:54:34 -0400 (EDT)
> X-Assp-Version: 2.6.5(21218) on assp.xmsi.net
> X-Assp-ID: assp.xmsi.net m1-75672-02918
> X-Assp-Session: 7FAFD12372D0 (mail 1)
> X-Assp-Intended-For-IP: 165.254.4.49
> X-Assp-Client-TLS: yes
> X-Assp-Server-TLS: yes
> X-Assp-Received-RWL: whitelisted from (wl.mcf.com->127.0.4.3;
>   ) - high trust is 2-[medium] - client-ip=174.77.239.34
> X-Original-Authentication-Results: assp.xmsi.net; dkim=invalid
> X-Assp-Message-Score: 15 (DKIM invalid)
> X-Assp-IP-Score: 15 (DKIM invalid)
> X-Assp-Message-Score: 60 (DNSBL: failed, 174.77.239.34 listed in
>bl.mcf.com)
> X-Assp-IP-Score: 60 (DNSBL: failed, 174.77.239.34 listed in bl.mcf.com)
> X-Assp-DNSBL: failed, 174.77.239.34 listed in (bl.mcf.com<-127.0.0.8)
> X-Assp-Message-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net')
> X-Assp-IP-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net')
> X-Assp-Tag: MessageLimit
> X-Assp-Spam: YES
> X-Spam-Status:yes
> X-Assp-Spam-Reason: MessageScore 90, limit 50
> X-Assp-Message-Totalscore: 90
> X-Assp-Spam-Level: ***
>
> What do I need to do to ensure that whitelisted IPs always get the OK?
>
> Thanks.
>
> --
>
> Farokh
> 
> Best Tech Service, LLC - When only the Best Tech will do...
> For all your technology needs including hosting solutions.
> Office: 845-735-0210
> Cell: 914-262-1594
> Like us on Facebook: https://www.facebook.com/besttechsvc
>
> ___
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
___
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Re: [Assp-user] Still confused about whitelisting ip addresses.

Re: [Assp-user] Still confused about whitelisting ip addresses.

Re: [Assp-user] Still confused about whitelisting ip addresses.

Re: [Assp-user] Still confused about whitelisting ip addresses.

4 matches

Site Navigation

Mail list logo

Footer information