On 02/23/2018 10:46 AM, Axb wrote:
On 02/23/2018 04:33 PM, David Jones wrote:
On 02/23/2018 08:26 AM, shridhar shetty wrote:

In our infra we use spamassassin to scan our **outgoing** mails too. This is to prevent spammers using our infra to send mails and get our IP's blacklisted. We perform various DNSBL tests on the mail body.

We also scan outbound aggressively to keep our own IPs clean.  I monitor for our own IPs getting listed in major RBLs every 15 minutes and hourly I have a script that checks my own IPs in all RBLs listed at http://multirbl.valli.org/.  You need to make sure you have a good abuse@ contact setup for your IP ranges based on a WHOIS lookup of the IPs.  You must setup feedback loops with all of the major platforms out there like Yahoo, AOL, Comcast, etc.

We send out millions of spammy looking emails every week from from student management systems that don't have an opt-out method to lots of parents on freemail platforms.  We very rarely get listed on RBLs and have excellent delivery rates mainly because of compromised account detection and blocking of outbound mail from the single sender quickly when this is triggered.  Most sane RBLs will allow for a little junk outbound as long as you stop it quickly because compromised accounts happen.

One of our IPs got listed in Spamhaus SBL for some reason, so now our outgoing mails are getting detected as spam if the email body contains our local domainname whose IP is listed in SBL(hitting URIBL_SBL rule).
We have hundreds of domainnames mapped to an single IP.

Is there a way to exclude local IP from DNSBL checks. For eg: if there is a local domainname xyz.org <http://xyz.org> present in the mail body, then spamassassin should not mark it as spam even if A or NS record for xyz.org <http://xyz.org> is listed in SBL.

Setup a quick meta rule that subtracts the same points that the local IP on Spamhaus adds until you can find a better way to handle this.

header __RCVD_LOCAL_IP         Received =~ /\[xx\.xx\.xx\.xx\]/

You will need to adjust the header rule to match your Received header format of your particular MTA and also match the actual Spamhaus rule that is getting hit.  I just guessed it was RCVD_IN_XBL.

you are aware that your recommendation doesn't apply to a
uridnssub  URIBL_SBL        zen.spamhaus.org.       A
hit ?

I was in a hurry, sorry. My last paragraph had a disclaimer that 2 things would need to be adjusted. Here is 1 of them corrected so the OP will only have to make sure the header rule matches his MTA's format:

header __RCVD_LOCAL_IP         Received =~ /\[xx\.xx\.xx\.xx\]/

David Jones

Reply via email to