On 02/23/2018 08:26 AM, shridhar shetty wrote:
Hello,
In our infra we use spamassassin to scan our **outgoing** mails too.
This is to prevent spammers using our infra to send mails and get our
IP's blacklisted. We perform various DNSBL tests on the mail body.
We also scan outbound aggressively to keep our own IPs clean. I monitor
for our own IPs getting listed in major RBLs every 15 minutes and hourly
I have a script that checks my own IPs in all RBLs listed at
http://multirbl.valli.org/. You need to make sure you have a good
abuse@ contact setup for your IP ranges based on a WHOIS lookup of the
IPs. You must setup feedback loops with all of the major platforms out
there like Yahoo, AOL, Comcast, etc.
We send out millions of spammy looking emails every week from from
student management systems that don't have an opt-out method to lots of
parents on freemail platforms. We very rarely get listed on RBLs and
have excellent delivery rates mainly because of compromised account
detection and blocking of outbound mail from the single sender quickly
when this is triggered. Most sane RBLs will allow for a little junk
outbound as long as you stop it quickly because compromised accounts happen.
One of our IPs got listed in Spamhaus SBL for some reason, so now our
outgoing mails are getting detected as spam if the email body contains
our local domainname whose IP is listed in SBL(hitting URIBL_SBL rule).
We have hundreds of domainnames mapped to an single IP.
Is there a way to exclude local IP from DNSBL checks. For eg: if there
is a local domainname xyz.org <http://xyz.org> present in the mail body,
then spamassassin should not mark it as spam even if A or NS record for
xyz.org <http://xyz.org> is listed in SBL.
Setup a quick meta rule that subtracts the same points that the local IP
on Spamhaus adds until you can find a better way to handle this.
header __RCVD_LOCAL_IP Received =~ /\[xx\.xx\.xx\.xx\]/
meta SPAMHAUS_LOCAL_IP_OFFSET __RCVD_LOCAL_IP && RCVD_IN_XBL
score SPAMHAUS_LOCAL_IP_OFFSET -1.0
You will need to adjust the header rule to match your Received header
format of your particular MTA and also match the actual Spamhaus rule
that is getting hit. I just guessed it was RCVD_IN_XBL.
--
David Jones