-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there. We use in our postfix servers several programs to prevent spam (amavisd-new + spamassassin, postgrey, and policyd-weight). We like very much policyd-weight because it bases its blocking decissions on a score calculated by the number of blacklists a server is in. We are, however, puzzled by the fact that we are blocking all incoming email from terra.es, a division of telefonica, the largest ISP in Spain. Before we contact terra's postmaster, we are trying to figure out where the problem is. Although this is a postfix list (and not policyd-weight's), I humbly ask you all email gurus for help since this is more related to rbl and dns stuff than policyd-weight malfunctioning. Here's the log:
Jun 25 20:36:24 isp0 postfix/policyd-weight[7542]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 IN_UCEPROTECT1=3.25 NOT_IN_BL_NJABL=-1.5 IN_IX_MANITU=4.35 CL_IP_EQ_HELO_IP=-2 (check from: .terra. - helo: .impaqm2.telefonica. - helo-domain: .telefonica.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=2.9 CLIENT_NOT_MX/A_FROM_DOMAIN=9.1; <client=213.4.149.62> <helo=impaqm2.telefonica.net> <from=anyterrau...@terra.es> <to=sa...@ourdomain.ltd>; rate: 13.1 Jun 25 20:36:24 isp0 postfix/policyd-weight[7542]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; please relay via your ISP (terra.es); <client=213.4.149.62> <helo=impaqm2.telefonica.net> <from=soraya....@terra.es> <to=sa...@ourdomain.ltd>; delay: 1s Jun 25 20:36:24 isp0 postfix/smtpd[11556]: NOQUEUE: reject: RCPT from impaqm2.telefonica.net[213.4.149.62]: 550 5.7.1 <sa...@ourdomain.ltd>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; please relay via your ISP (terra.es); from=<anyterrau...@terra.es> to=<sa...@ourdomain.ltd> proto=ESMTP helo=<IMPaqm2.telefonica.net> Please know that although terra.es show listed twice in rbl lists, we do not block them for that particular reason (we block when anyone is listed 3 times in rbl lists). We are blocking them because of this line: FROM/MX_MATCHES_NOT_HELO(DOMAIN)=2.9 CLIENT_NOT_MX/A_FROM_DOMAIN=9.1 we have checked their dns entries and seem normal (I'm no dns expert though) Any help is much appreciated. Regards, Ignacio -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpEwVUACgkQoYMx3fsuWupUeQCcCkh2bXy6F0Wkozgh2S0CSl5i 5SUAnAxCHbND8FcVeZV3K9r5tRkly/5A =8KGC -----END PGP SIGNATURE-----
