Considering the issue, couldn't you in theory just add "uridnsbl_skip_domain

I mean, according to URIBL_SBL, it would be if the IP itself is on the
blacklist, so wouldn't skipping the "domain" of a specific IP skip

On Fri, Feb 23, 2018 at 4:55 PM, David Jones <> wrote:

> On 02/23/2018 10:46 AM, Axb wrote:
>> On 02/23/2018 04:33 PM, David Jones wrote:
>>> On 02/23/2018 08:26 AM, shridhar shetty wrote:
>>>> Hello,
>>>> In our infra we use spamassassin to scan our **outgoing** mails too.
>>>> This is to prevent spammers using our infra to send mails and get our IP's
>>>> blacklisted. We perform various DNSBL tests on the mail body.
>>> We also scan outbound aggressively to keep our own IPs clean.  I monitor
>>> for our own IPs getting listed in major RBLs every 15 minutes and hourly I
>>> have a script that checks my own IPs in all RBLs listed at
>>>  You need to make sure you have a good
>>> abuse@ contact setup for your IP ranges based on a WHOIS lookup of the
>>> IPs.  You must setup feedback loops with all of the major platforms out
>>> there like Yahoo, AOL, Comcast, etc.
>>> We send out millions of spammy looking emails every week from from
>>> student management systems that don't have an opt-out method to lots of
>>> parents on freemail platforms.  We very rarely get listed on RBLs and have
>>> excellent delivery rates mainly because of compromised account detection
>>> and blocking of outbound mail from the single sender quickly when this is
>>> triggered.  Most sane RBLs will allow for a little junk outbound as long as
>>> you stop it quickly because compromised accounts happen.
>>> One of our IPs got listed in Spamhaus SBL for some reason, so now our
>>>> outgoing mails are getting detected as spam if the email body contains our
>>>> local domainname whose IP is listed in SBL(hitting URIBL_SBL rule).
>>>> We have hundreds of domainnames mapped to an single IP.
>>>> Is there a way to exclude local IP from DNSBL checks. For eg: if there
>>>> is a local domainname <> present in the mail
>>>> body, then spamassassin should not mark it as spam even if A or NS record
>>>> for <> is listed in SBL.
>>> Setup a quick meta rule that subtracts the same points that the local IP
>>> on Spamhaus adds until you can find a better way to handle this.
>>> header __RCVD_LOCAL_IP         Received =~ /\[xx\.xx\.xx\.xx\]/
>>> You will need to adjust the header rule to match your Received header
>>> format of your particular MTA and also match the actual Spamhaus rule that
>>> is getting hit.  I just guessed it was RCVD_IN_XBL.
>> you are aware that your recommendation doesn't apply to a
>> uridnssub  URIBL_SBL       A
>> hit ?
> I was in a hurry, sorry.  My last paragraph had a disclaimer that 2 things
> would need to be adjusted.  Here is 1 of them corrected so the OP will only
> have to make sure the header rule matches his MTA's format:
> header __RCVD_LOCAL_IP         Received =~ /\[xx\.xx\.xx\.xx\]/
> --
> David Jones

 - Markus

Reply via email to