I use my own DNS based blacklist and whitelist, along with a couple of
public ones (such as spamcop, etc). The reason I use my own is so I can
add entries as I see fit. I'm only running email for a few people, so I
can block ranges that normally would have to be open. I've been doing
this for something like 10+ years, so I've built up a large database of
IP addresses that are blacklisted, along with ones that are whitelisted.
I actually duplicate the whitelisted IPs. Not only do I have a DNS WL,
but I also have them all listed in the whiteListedIPs file.
I don't want to have to break up /8s into smaller subnets. It would
become a logistical nightmare to try and keep track of it all, and from
what I can tell most of the time, the whitelist works, it's just
sometimes that it fails, and I can't seem to track down why.
I'm using score for DoBlackDomain, but I'm not 100% sure that answers
your comment about blocking DNS BL matches.
Thanks.
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc
On 11/3/21 11:45, K Post wrote:
You've got a bunch going on here.
First, take a look at the noRBL entry. You could exclude the single
IP from having DNSBL used. You could also list the Ip in
whiteListedIPs, which is just a list, not something through DNS.
If there's a reason you have to use DNSBL, you'll need to be able to
exclude the single IP one way or another.
I'm not sure what DNS BL topology you're using, but instead of having
the entire 170.0.0.0/8 <http://170.0.0.0/8> subnet, you could break
that up into smaller subnets that exclude the single IP that you don't
want in there. Starting point:
170.0.0.0/10 <http://170.0.0.0/10> (gets you 170.0.0.0. through
170.63.255.255)
170.64.0.0/13 <http://170.64.0.0/13> (170.64.0.0-170.71.255.255)
170.72.0.0./14 (170.72.0.0-170.75.255.255)
keep going for the full range, just don't include 174.77.239.34, so
you'll have to have a couple of /32 in there.
You also need to look at if you're outright blocking DNS BL matches or
just scoring. If it's blocking, no matter what happens next
(including a specific Ip being in TWL, the message will be rejected.
Why do you have you DNS BL set up with such a huge range? You want to
outright reject any message from 1/255th of the internet (the entire
class A starting with 170.)? Why are you hosting your own DNSBL?
Have you looked at using public dnsbl services (Free) to block (or
score) known bad senders?
On Wed, Nov 3, 2021 at 9:36 AM Farokh - Best Tech Service, LLC
<far...@besttechsvc.com> wrote:
I'm still getting messages rejected when they are coming from IP
addresses that are within a blacklisted range, as well as being
whitelisted.
In my BL DNS I have an entry for 174.0.0.0
I also have a WL DNS entry for 174.77.239.34
Here are the ASSP headers for an email that was rejected:
Received: fromassp.xmsi.net <http://assp.xmsi.net> (ns1.xmsi.net
<http://ns1.xmsi.net> [165.254.4.23])
bylinuxmail.xmsi.net <http://linuxmail.xmsi.net> (Postfix) with ESMTP
id 9413E2486F16
for<s...@besttechsvc.com> <mailto:s...@besttechsvc.com>; Tue, 2 Nov
2021 13:54:34 -0400 (EDT)
X-Assp-Version: 2.6.5(21218) onassp.xmsi.net <http://assp.xmsi.net>
X-Assp-ID:assp.xmsi.net <http://assp.xmsi.net> m1-75672-02918
X-Assp-Session: 7FAFD12372D0 (mail 1)
X-Assp-Intended-For-IP: 165.254.4.49
X-Assp-Client-TLS: yes
X-Assp-Server-TLS: yes
X-Assp-Received-RWL: whitelisted from (wl.mcf.com->127.0.4.3;
) - high trust is 2-[medium] - client-ip=174.77.239.34
X-Original-Authentication-Results:assp.xmsi.net <http://assp.xmsi.net>;
dkim=invalid
X-Assp-Message-Score: 15 (DKIM invalid)
X-Assp-IP-Score: 15 (DKIM invalid)
X-Assp-Message-Score: 60 (DNSBL: failed, 174.77.239.34 listed in
bl.mcf.com <http://bl.mcf.com>)
X-Assp-IP-Score: 60 (DNSBL: failed, 174.77.239.34 listed inbl.mcf.com
<http://bl.mcf.com>)
X-Assp-DNSBL: failed, 174.77.239.34 listed in (bl.mcf.com
<http://bl.mcf.com><-127.0.0.8)
X-Assp-Message-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net
<http://wsip-174-77-239-34.ga.at.cox.net>')
X-Assp-IP-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net
<http://wsip-174-77-239-34.ga.at.cox.net>')
X-Assp-Tag: MessageLimit
X-Assp-Spam: YES
X-Spam-Status:yes
X-Assp-Spam-Reason: MessageScore 90, limit 50
X-Assp-Message-Totalscore: 90
X-Assp-Spam-Level: *******************
What do I need to do to ensure that whitelisted IPs always get the OK?
Thanks.
--
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
