I tried adding IPs to an onRBL file, and they still got blocked.
Now I'm trying to add IPs to the noProcessingIPs list.
I don't see why it should be so difficult :(
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc
On 11/6/21 10:49, K Post wrote:
Hey, if that methodology works for you, have at it.
How about adding the exception IP to a *noRBL *file so that this
specific IP isn't checked against the DNS BL
Enter IP addresses that you don't want to be DNSBL validated,
separated by pipes (|). For example: 127.0.0.1|172.16.
If you're only scoring for ValidateRBL (which is what controls after a
DNSBL hit - I'm not interested in DoBlackDomain here), then the score
plus other scoring must have pushed the hit beyond the threshold. Take
a look at your log and analyze.
Hope this helps.
Ken
On Sat, Nov 6, 2021 at 8:02 AM Farokh - Best Tech Service, LLC
<far...@besttechsvc.com> wrote:
I use my own DNS based blacklist and whitelist, along with a
couple of public ones (such as spamcop, etc). The reason I use my
own is so I can add entries as I see fit. I'm only running email
for a few people, so I can block ranges that normally would have
to be open. I've been doing this for something like 10+ years, so
I've built up a large database of IP addresses that are
blacklisted, along with ones that are whitelisted.
I actually duplicate the whitelisted IPs. Not only do I have a DNS
WL, but I also have them all listed in the whiteListedIPs file.
I don't want to have to break up /8s into smaller subnets. It
would become a logistical nightmare to try and keep track of it
all, and from what I can tell most of the time, the whitelist
works, it's just sometimes that it fails, and I can't seem to
track down why.
I'm using score for DoBlackDomain, but I'm not 100% sure that
answers your comment about blocking DNS BL matches.
Thanks.
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc
On 11/3/21 11:45, K Post wrote:
You've got a bunch going on here.
First, take a look at the noRBL entry. You could exclude the
single IP from having DNSBL used. You could also list the Ip in
whiteListedIPs, which is just a list, not something through DNS.
If there's a reason you have to use DNSBL, you'll need to be able
to exclude the single IP one way or another.
I'm not sure what DNS BL topology you're using, but instead of
having the entire 170.0.0.0/8 <http://170.0.0.0/8> subnet, you
could break that up into smaller subnets that exclude the single
IP that you don't want in there. Starting point:
170.0.0.0/10 <http://170.0.0.0/10> (gets you 170.0.0.0. through
170.63.255.255)
170.64.0.0/13 <http://170.64.0.0/13> (170.64.0.0-170.71.255.255)
170.72.0.0./14 (170.72.0.0-170.75.255.255)
keep going for the full range, just don't include 174.77.239.34,
so you'll have to have a couple of /32 in there.
You also need to look at if you're outright blocking DNS BL
matches or just scoring. If it's blocking, no matter what
happens next (including a specific Ip being in TWL, the message
will be rejected.
Why do you have you DNS BL set up with such a huge range? You
want to outright reject any message from 1/255th of the internet
(the entire class A starting with 170.)? Why are you hosting
your own DNSBL? Have you looked at using public dnsbl services
(Free) to block (or score) known bad senders?
On Wed, Nov 3, 2021 at 9:36 AM Farokh - Best Tech Service, LLC
<far...@besttechsvc.com> wrote:
I'm still getting messages rejected when they are coming from
IP addresses that are within a blacklisted range, as well as
being whitelisted.
In my BL DNS I have an entry for 174.0.0.0
I also have a WL DNS entry for 174.77.239.34
Here are the ASSP headers for an email that was rejected:
Received: fromassp.xmsi.net <http://assp.xmsi.net> (ns1.xmsi.net
<http://ns1.xmsi.net> [165.254.4.23])
bylinuxmail.xmsi.net <http://linuxmail.xmsi.net> (Postfix)
with ESMTP id 9413E2486F16
for<s...@besttechsvc.com> <mailto:s...@besttechsvc.com>; Tue,
2 Nov 2021 13:54:34 -0400 (EDT)
X-Assp-Version: 2.6.5(21218) onassp.xmsi.net <http://assp.xmsi.net>
X-Assp-ID:assp.xmsi.net <http://assp.xmsi.net> m1-75672-02918
X-Assp-Session: 7FAFD12372D0 (mail 1)
X-Assp-Intended-For-IP: 165.254.4.49
X-Assp-Client-TLS: yes
X-Assp-Server-TLS: yes
X-Assp-Received-RWL: whitelisted from (wl.mcf.com->127.0.4.3;
) - high trust is 2-[medium] - client-ip=174.77.239.34
X-Original-Authentication-Results:assp.xmsi.net
<http://assp.xmsi.net>; dkim=invalid
X-Assp-Message-Score: 15 (DKIM invalid)
X-Assp-IP-Score: 15 (DKIM invalid)
X-Assp-Message-Score: 60 (DNSBL: failed, 174.77.239.34 listed in
bl.mcf.com <http://bl.mcf.com>)
X-Assp-IP-Score: 60 (DNSBL: failed, 174.77.239.34 listed inbl.mcf.com
<http://bl.mcf.com>)
X-Assp-DNSBL: failed, 174.77.239.34 listed in (bl.mcf.com
<http://bl.mcf.com><-127.0.0.8)
X-Assp-Message-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net
<http://wsip-174-77-239-34.ga.at.cox.net>')
X-Assp-IP-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net
<http://wsip-174-77-239-34.ga.at.cox.net>')
X-Assp-Tag: MessageLimit
X-Assp-Spam: YES
X-Spam-Status:yes
X-Assp-Spam-Reason: MessageScore 90, limit 50
X-Assp-Message-Totalscore: 90
X-Assp-Spam-Level: *******************
What do I need to do to ensure that whitelisted IPs always get the OK?
Thanks.
--
Farokh
----------------------------------------------------------------------------
Best Tech Service, LLC - When only the Best Tech will do...
For all your technology needs including hosting solutions.
Office: 845-735-0210
Cell: 914-262-1594
Like us on Facebook:https://www.facebook.com/besttechsvc
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
