Considering the issue, couldn't you in theory just add "uridnsbl_skip_domain
I mean, according to URIBL_SBL, it would be if the IP itself is on the
blacklist, so wouldn't skipping the "domain" of a specific IP skip
On Fri, Feb 23, 2018 at 4:55 PM, David Jones <djo...@ena.com> wrote:
> On 02/23/2018 10:46 AM, Axb wrote:
>> On 02/23/2018 04:33 PM, David Jones wrote:
>>> On 02/23/2018 08:26 AM, shridhar shetty wrote:
>>>> In our infra we use spamassassin to scan our **outgoing** mails too.
>>>> This is to prevent spammers using our infra to send mails and get our IP's
>>>> blacklisted. We perform various DNSBL tests on the mail body.
>>> We also scan outbound aggressively to keep our own IPs clean. I monitor
>>> for our own IPs getting listed in major RBLs every 15 minutes and hourly I
>>> have a script that checks my own IPs in all RBLs listed at
>>> http://multirbl.valli.org/. You need to make sure you have a good
>>> abuse@ contact setup for your IP ranges based on a WHOIS lookup of the
>>> IPs. You must setup feedback loops with all of the major platforms out
>>> there like Yahoo, AOL, Comcast, etc.
>>> We send out millions of spammy looking emails every week from from
>>> student management systems that don't have an opt-out method to lots of
>>> parents on freemail platforms. We very rarely get listed on RBLs and have
>>> excellent delivery rates mainly because of compromised account detection
>>> and blocking of outbound mail from the single sender quickly when this is
>>> triggered. Most sane RBLs will allow for a little junk outbound as long as
>>> you stop it quickly because compromised accounts happen.
>>> One of our IPs got listed in Spamhaus SBL for some reason, so now our
>>>> outgoing mails are getting detected as spam if the email body contains our
>>>> local domainname whose IP is listed in SBL(hitting URIBL_SBL rule).
>>>> We have hundreds of domainnames mapped to an single IP.
>>>> Is there a way to exclude local IP from DNSBL checks. For eg: if there
>>>> is a local domainname xyz.org <http://xyz.org> present in the mail
>>>> body, then spamassassin should not mark it as spam even if A or NS record
>>>> for xyz.org <http://xyz.org> is listed in SBL.
>>> Setup a quick meta rule that subtracts the same points that the local IP
>>> on Spamhaus adds until you can find a better way to handle this.
>>> header __RCVD_LOCAL_IP Received =~ /\[xx\.xx\.xx\.xx\]/
>>> meta SPAMHAUS_LOCAL_IP_OFFSET __RCVD_LOCAL_IP && RCVD_IN_XBL
>>> score SPAMHAUS_LOCAL_IP_OFFSET -1.0
>>> You will need to adjust the header rule to match your Received header
>>> format of your particular MTA and also match the actual Spamhaus rule that
>>> is getting hit. I just guessed it was RCVD_IN_XBL.
>> you are aware that your recommendation doesn't apply to a
>> uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2
>> hit ?
> I was in a hurry, sorry. My last paragraph had a disclaimer that 2 things
> would need to be adjusted. Here is 1 of them corrected so the OP will only
> have to make sure the header rule matches his MTA's format:
> header __RCVD_LOCAL_IP Received =~ /\[xx\.xx\.xx\.xx\]/
> meta URIBL_SBL_LOCAL_IP_OFFSET __RCVD_LOCAL_IP && URIBL_SBL
> score URIBL_SBL_LOCAL_IP_OFFSET -1.0
> David Jones