1
Blacklist RBLs - blacklisted IPs getting through
Question asked by Nathalie V - September 21, 2016 at 12:15 PM
Unanswered
Hello

We're running Smartermail 12.3
 
It looks like Smartermail is not identifying spam and I'm trying to get to the bottom of this.
 
For example, here are some details about one spam email:
 
 
email headers show:
 
X-SmarterMail-Spam: SPF_Pass, DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 0
 
 
The delivery logs show:
 
[2016.09.20] 14:57:35 [62443] Spam check results: [BARRACUDA: passed], [CBL - ABUSE SEAT: passed], [SPAMCOP: passed], [SPAMHAUS - CBL: passed], [SPAMHAUS - CSS: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL2: passed], [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: passed], [_SPF: Pass], [_DK: None], [_DKIM: None]
 
 
 
The IP address of the spammer is listed on MULTIPLE blacklists:
 
Checking 109.169.71.104 against 97 known blacklists... 
Listed 9 times with 0 timeouts 
Blacklist    Reason    TTL    ResponseTime    
LISTED    ivmSIP    109.169.71.104 was listed 
LISTED    ivmSIP24    109.169.71.104 was listed
LISTED    NoSolicitado    109.169.71.104 was listed 
LISTED    Protected Sky    109.169.71.104 was listed 
LISTED    RATS NoPtr    109.169.71.104 was listed 
LISTED    SORBS NEW    109.169.71.104 was listed 
LISTED    SORBS SPAM    109.169.71.104 was listed 
LISTED    SPAMCOP    109.169.71.104 was listed
LISTED    Spamhaus ZEN    109.169.71.104 was listed Detail
 
 
 
In Smartermail, we have the following configured:
 
Spamhaus - CBL
Spamhaus - CSS
Spamhaus - PBL
Spamhaus - PBL2
Spamhaus - SBL
Spamhaus - XBL2
 
(each using hostname zen.spamhaus.org, and with a specific 127.0.0.x Required lookup value)
 
 
We also have other RBLs including SpamCop.
 
 
The spammer's IP was listed on Spamhaus Zen and on Spamcop.
 
The weight settings for the domain and email account are such that there should have been a weight of 20 given for each blacklisting yet the spam score was 0.
 
 
I'm looking for some guidance in tracking this down.
 
Why do the delivery logs show "passed" for everything, would it show failed if something was on a blacklist?
 
 
Thank you
 
 
 
 
 
 
 
 
 
 
 
 

Reply to Thread