Add Razor2 to Spam checks?
Question asked by Steve Reid - September 19, 2014 at 5:30 AM
Answered
I run spamassassin and I keep seeing it tag obvious spam with
X-SmarterMail-SpamDetail: 0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
Can I add this check to Smartermail directly?

9 Replies

Reply to Thread
0
Should be able to be added as an RBL.  Searching and making inquires now.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Here's what I have so far:
 
The inquiry for an RBL appears to take place via "razor.server.com"
 
While I cannot fine any information of the POSITIVE RETURN VALUE, I am assuming that it is going to be 127.0.0.2, and have enabled the following test on my SmarterMail server:
 
SmarterMail RAZOR 2 - RBL TEST
SmarterMail RAZOR 2 - RBL TEST
EDIT: 20140919 - 1113 hours CDT - GMT -0600
 
RAZOR 2 filters spam when the ENABLED box is NOT checked. - See LOGS in response below
 
 
 
The delivery logs are showing that this RBL is being included in the antispam tests on all validly received messages.
 
I have not seen any POSITIVE SPAM triggers for the RAZOR 2 RBL test yet in the SMTP logs, but will monitor this over the weekend and, as soon as additional information is available, report back via this thread.
 
 
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
UPDATE with LOGS for SmarterMail RAZOR 2 RBL SPAM CHECK
 
Here is the configuration which is now working to catch spam:
 
SmarterMail RAZOR 2 RBL TEST Configuration
SmarterMail RAZOR 2 RBL TEST Configuration
Here are the logs which show valid results for the above configuration:
 
==============================
[2014.09.19] 11:10:02 [207.244.68.13][13209828] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:10:02 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:10:02 [207.244.68.13][13209828] connected at 9/19/2014 11:10:02 AM
[2014.09.19] 11:10:02 [207.244.68.13][13209828] cmd: HELO mta9.deleflora.com
[2014.09.19] 11:10:02 [207.244.68.13][13209828] rsp: 250 securemail.chicagonettech.com Hello [207.244.68.13]
[2014.09.19] 11:10:02 [207.244.68.13][13209828] cmd: MAIL FROM: <bosley@deleflora.com>
[2014.09.19] 11:10:04 [207.244.68.13][13209828] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:10:04 [207.244.68.13][13209828] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, RAZOR 2
[2014.09.19] 11:10:04 [207.244.68.13][13209828] cmd: QUIT
[2014.09.19] 11:10:04 [207.244.68.13][13209828] rsp: 221 Service closing transmission channel
[2014.09.19] 11:10:04 [207.244.68.13][13209828] disconnected at 9/19/2014 11:10:04 AM
[2014.09.19] 11:10:22 [191.101.251.27][37475392] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:10:22 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:10:22 [191.101.251.27][37475392] connected at 9/19/2014 11:10:22 AM
[2014.09.19] 11:10:23 [191.101.251.27][37475392] cmd: EHLO 001dc055.imilay.eu
[2014.09.19] 11:10:23 [191.101.251.27][37475392] rsp: 250-securemail.chicagonettech.com Hello [191.101.251.27]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:10:23 [191.101.251.27][37475392] cmd: MAIL FROM:<NaturalCureResource@imilay.eu> SIZE=14653
[2014.09.19] 11:10:48 [191.101.251.27][37475392] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:10:48 [191.101.251.27][37475392] Mail rejected due to SMTP Spam Blocking: GBUdb, RAZOR 2
[2014.09.19] 11:10:48 [191.101.251.27][37475392] cmd: QUIT
[2014.09.19] 11:10:48 [191.101.251.27][37475392] rsp: 221 Service closing transmission channel
[2014.09.19] 11:10:48 [191.101.251.27][37475392] disconnected at 9/19/2014 11:10:48 AM
[2014.09.19] 11:11:32 [173.224.121.134][47713173] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:11:32 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:11:32 [173.224.121.134][47713173] connected at 9/19/2014 11:11:32 AM
[2014.09.19] 11:11:32 [173.224.121.134][47713173] cmd: EHLO score-find-3.net
[2014.09.19] 11:11:32 [173.224.121.134][47713173] rsp: 250-securemail.chicagonettech.com Hello [173.224.121.134]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:11:40 [173.224.121.134][47713173] cmd: MAIL FROM:<creditnotification@score-find-3.net> BODY=7BIT
[2014.09.19] 11:11:40 [173.224.121.134][47713173] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:11:40 [173.224.121.134][47713173] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, HostKarma - Blacklist, RAZOR 2
[2014.09.19] 11:11:41 [173.224.121.134][47713173] cmd: QUIT
[2014.09.19] 11:11:41 [173.224.121.134][47713173] rsp: 221 Service closing transmission channel
[2014.09.19] 11:11:41 [173.224.121.134][47713173] disconnected at 9/19/2014 11:11:41 AM
[2014.09.19] 11:12:17 [107.161.187.227][11085478] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:12:17 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:12:17 [107.161.187.227][11085478] connected at 9/19/2014 11:12:17 AM
[2014.09.19] 11:12:17 [107.161.187.227][11085478] cmd: EHLO bho227.hajhg.com
[2014.09.19] 11:12:17 [107.161.187.227][11085478] rsp: 250-securemail.chicagonettech.com Hello [107.161.187.227]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:12:17 [107.161.187.227][11085478] cmd: MAIL FROM:<Kohls_Voucher@hajhg.com> BODY=8BITMIME
[2014.09.19] 11:12:19 [107.161.187.227][11085478] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:12:19 [107.161.187.227][11085478] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, HostKarma - Blacklist, RAZOR 2, Spamhaus - CSS
[2014.09.19] 11:12:19 [107.161.187.227][11085478] cmd: QUIT
[2014.09.19] 11:12:19 [107.161.187.227][11085478] rsp: 221 Service closing transmission channel
[2014.09.19] 11:12:19 [107.161.187.227][11085478] disconnected at 9/19/2014 11:12:19 AM
[2014.09.19] 11:12:35 [183.161.158.175][2800339] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:12:35 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:12:35 [183.161.158.175][2800339] connected at 9/19/2014 11:12:35 AM
[2014.09.19] 11:12:36 [183.161.158.175][2800339] cmd: EHLO xijxn.com
[2014.09.19] 11:12:36 [183.161.158.175][2800339] rsp: 250-securemail.chicagonettech.com Hello [183.161.158.175]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:12:39 [183.161.158.175][2800339] cmd: MAIL FROM:<louisvuitton@xijxn.com> BODY=8BITMIME
[2014.09.19] 11:12:45 [183.161.158.175][2800339] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:12:45 [183.161.158.175][2800339] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, HostKarma - Blacklist, RAZOR 2, Spamhaus - CSS, UCEProtect Level 1
[2014.09.19] 11:12:45 [183.161.158.175][2800339] cmd: QUIT
[2014.09.19] 11:12:45 [183.161.158.175][2800339] rsp: 221 Service closing transmission channel
[2014.09.19] 11:12:45 [183.161.158.175][2800339] disconnected at 9/19/2014 11:12:45 AM
[2014.09.19] 11:13:09 [111.90.150.151][63688822] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:13:09 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:13:09 [111.90.150.151][63688822] connected at 9/19/2014 11:13:09 AM
[2014.09.19] 11:13:09 [111.90.150.151][63688822] cmd: EHLO moa151.dhfjhsdgfjsd.com
[2014.09.19] 11:13:09 [111.90.150.151][63688822] rsp: 250-securemail.chicagonettech.com Hello [111.90.150.151]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:13:09 [111.90.150.151][63688822] cmd: MAIL FROM:<Patriot_Survival_Guide@dhfjhsdgfjsd.com> BODY=8BITMIME
[2014.09.19] 11:13:14 [111.90.150.151][63688822] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:13:14 [111.90.150.151][63688822] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, RAZOR 2, Spamhaus - PBL2
[2014.09.19] 11:13:15 [111.90.150.151][63688822] cmd: QUIT
[2014.09.19] 11:13:15 [111.90.150.151][63688822] rsp: 221 Service closing transmission channel
[2014.09.19] 11:13:15 [111.90.150.151][63688822] disconnected at 9/19/2014 11:13:15 AM
[2014.09.19] 11:13:22 [114.43.14.96][50332077] rsp: 220 fifi.chicagonettech.com  Fri, 19 Sep 2014 16:13:22 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:13:22 [114.43.14.96][50332077] connected at 9/19/2014 11:13:22 AM
[2014.09.19] 11:13:22 [114.43.14.96][50332077] cmd: HELO 173.165.112.146
[2014.09.19] 11:13:22 [114.43.14.96][50332077] rsp: 250 fifi.chicagonettech.com Hello [114.43.14.96]
[2014.09.19] 11:13:22 [114.43.14.96][50332077] cmd: MAIL FROM: <sdf2123@hotmail.com>
[2014.09.19] 11:13:24 [114.43.14.96][50332077] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:13:24 [114.43.14.96][50332077] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, CBL - Abuse Seat - DO NOT USE FOR OUTGOING!, HostKarma - Blacklist, RAZOR 2, SORBS - Dynamic IP, Spamhaus - PBL2, UCEProtect Level 1
[2014.09.19] 11:13:24 [114.43.14.96][50332077] disconnected at 9/19/2014 11:13:24 AM
[2014.09.19] 11:14:32 [74.117.132.146][17608581] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:14:32 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:14:32 [74.117.132.146][17608581] connected at 9/19/2014 11:14:32 AM
[2014.09.19] 11:14:33 [74.117.132.146][17608581] cmd: EHLO from.mirequints.com
[2014.09.19] 11:14:33 [74.117.132.146][17608581] rsp: 250-securemail.chicagonettech.com Hello [74.117.132.146]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:14:33 [74.117.132.146][17608581] cmd: MAIL FROM:<oma@mirequints.com> BODY=8BITMIME
[2014.09.19] 11:14:34 [74.117.132.146][17608581] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:14:34 [74.117.132.146][17608581] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, HostKarma - Blacklist, RAZOR 2, Spamhaus - CSS
[2014.09.19] 11:14:34 [74.117.132.146][17608581] cmd: QUIT
[2014.09.19] 11:14:34 [74.117.132.146][17608581] rsp: 221 Service closing transmission channel
[2014.09.19] 11:14:34 [74.117.132.146][17608581] disconnected at 9/19/2014 11:14:34 AM
[2014.09.19] 11:14:59 [98.138.120.55][49968454] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:14:59 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:14:59 [98.138.120.55][49968454] connected at 9/19/2014 11:14:59 AM
[2014.09.19] 11:14:59 [98.138.120.55][49968454] cmd: EHLO nm48.bullet.mail.ne1.yahoo.com
[2014.09.19] 11:14:59 [98.138.120.55][49968454] rsp: 250-securemail.chicagonettech.com Hello [98.138.120.55]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:14:59 [98.138.120.55][49968454] cmd: STARTTLS
[2014.09.19] 11:14:59 [98.138.120.55][49968454] rsp: 220 Start TLS negotiation
[2014.09.19] 11:14:59 [98.138.120.55][49968454] cmd: EHLO nm48.bullet.mail.ne1.yahoo.com
[2014.09.19] 11:14:59 [98.138.120.55][49968454] rsp: 250-securemail.chicagonettech.com Hello [98.138.120.55]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2014.09.19] 11:14:59 [98.138.120.55][49968454] cmd: MAIL FROM:<fgsklenar38@yahoo.com>
[2014.09.19] 11:15:05 [98.138.120.48][60764184] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:15:05 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:15:05 [98.138.120.48][60764184] connected at 9/19/2014 11:15:05 AM
[2014.09.19] 11:15:05 [98.138.120.48][60764184] cmd: EHLO nm41.bullet.mail.ne1.yahoo.com
[2014.09.19] 11:15:05 [98.138.120.48][60764184] rsp: 250-securemail.chicagonettech.com Hello [98.138.120.48]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:15:05 [98.138.120.48][60764184] cmd: STARTTLS
[2014.09.19] 11:15:05 [98.138.120.48][60764184] rsp: 220 Start TLS negotiation
[2014.09.19] 11:15:06 [98.138.120.48][60764184] cmd: EHLO nm41.bullet.mail.ne1.yahoo.com
[2014.09.19] 11:15:06 [98.138.120.48][60764184] rsp: 250-securemail.chicagonettech.com Hello [98.138.120.48]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2014.09.19] 11:15:06 [98.138.120.48][60764184] cmd: MAIL FROM:<fgsklenar38@yahoo.com>
[2014.09.19] 11:15:12 [98.138.120.55][49968454] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:15:12 [98.138.120.55][49968454] Mail rejected due to SMTP Spam Blocking: HostKarma - Yellowlist, RAZOR 2
[2014.09.19] 11:15:12 [98.138.120.55][49968454] cmd: RSET
[2014.09.19] 11:15:12 [98.138.120.55][49968454] rsp: 250 OK
[2014.09.19] 11:15:12 [98.138.120.55][49968454] disconnected at 9/19/2014 11:15:12 AM
[2014.09.19] 11:15:19 [98.138.120.48][60764184] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:15:19 [98.138.120.48][60764184] Mail rejected due to SMTP Spam Blocking: HostKarma - Yellowlist, RAZOR 2
[2014.09.19] 11:15:19 [98.138.120.48][60764184] cmd: RSET
[2014.09.19] 11:15:19 [98.138.120.48][60764184] rsp: 250 OK
[2014.09.19] 11:15:19 [98.138.120.48][60764184] disconnected at 9/19/2014 11:15:19 AM
[2014.09.19] 11:15:55 [74.117.132.146][35656718] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:15:55 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:15:55 [74.117.132.146][35656718] connected at 9/19/2014 11:15:55 AM
[2014.09.19] 11:15:55 [74.117.132.146][35656718] cmd: EHLO from.mirequints.com
[2014.09.19] 11:15:55 [74.117.132.146][35656718] rsp: 250-securemail.chicagonettech.com Hello [74.117.132.146]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:15:55 [74.117.132.146][35656718] cmd: MAIL FROM:<erf@mirequints.com> BODY=8BITMIME
[2014.09.19] 11:15:55 [74.117.132.146][35656718] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:15:55 [74.117.132.146][35656718] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, HostKarma - Blacklist, RAZOR 2, Spamhaus - CSS
[2014.09.19] 11:15:55 [74.117.132.146][35656718] cmd: QUIT
[2014.09.19] 11:15:55 [74.117.132.146][35656718] rsp: 221 Service closing transmission channel
[2014.09.19] 11:15:55 [74.117.132.146][35656718] disconnected at 9/19/2014 11:15:55 AM
[2014.09.19] 11:16:57 [108.61.26.196][57755017] rsp: 220 securemail.chicagonettech.com  Fri, 19 Sep 2014 16:16:57 +0000 UTC | SmarterMail Enterprise 12.4.5364.28866
[2014.09.19] 11:16:57 [108.61.26.196][57755017] connected at 9/19/2014 11:16:57 AM
[2014.09.19] 11:16:57 [108.61.26.196][57755017] cmd: EHLO obo196.dfdferu.com
[2014.09.19] 11:16:57 [108.61.26.196][57755017] rsp: 250-securemail.chicagonettech.com Hello [108.61.26.196]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.09.19] 11:16:57 [108.61.26.196][57755017] cmd: MAIL FROM:<Kohls_Voucher@dfdferu.com> BODY=8BITMIME
[2014.09.19] 11:16:58 [108.61.26.196][57755017] rsp: 554 Sending address not accepted due to spam filter
[2014.09.19] 11:16:58 [108.61.26.196][57755017] Mail rejected due to SMTP Spam Blocking: Barracuda - BRBL, HostKarma - Blacklist, RAZOR 2, Spamhaus - CSS
[2014.09.19] 11:16:58 [108.61.26.196][57755017] cmd: QUIT
[2014.09.19] 11:16:58 [108.61.26.196][57755017] rsp: 221 Service closing transmission channel
[2014.09.19] 11:16:58 [108.61.26.196][57755017] disconnected at 9/19/2014 11:16:58 AM
==============================
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
All emails are marked failed... Do you see passed in your logs?
0
I'm trying to get answers on this, but advise those who might be uncomfortable with tighter results to disable the RAZOR2 test until we know more.
 
What I am seeing, in the logs I have access to, is that RAZOR2 is catching higher than normal rate of spam, but, when checking those domains, every one of them has something legitimate to cause the positive indication.
 
I did find out that RAZOR2 will list someone for no rDNS, awaiting more answers.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
1
For those experiencing unwarranted false positives, disable RAZOR2 until I can investigate this further and get some additional answers.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Sorry about the delays and confusion about RAZOR2. 
 
Based on initial results, I am suggesting that the RAZOR2 RBL be DISABLED in SmarterMail until I get additional answers.  Here's the information I have so far:
 
"Vipul's Razor is a distributed, collaborative, spam detection and filtering network based on user submissions of spam. 
 
Detection is done with signatures that efficiently spot mutating spam content and user input is validated through reputation assignments.

Note that Razor2 is not available for unlimited free use.  It is currently free for personal use, subject to capacity constraints.  See the Cloudmark SpamNet Service Policy for more details.

 

See http://razor.sourceforge.net/ for more information about Razor."
 
Apparently RAZOR2 is now indelibly part of CLOUDMARK's family of products and, while it can be downloaded and installed on Unix based machines, "subject to capacity," it is deliberately designed not to run as an independent RBL test.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
1
Thanks for checking into it...
 
Clearly it can't be added as an RBL, but I would like a response from Smartertools about adding it directly to Smartermail.
0
This is not an RBL and cannot be added directly to SmarterMail.  There is a plugin for SpamAssassin, and it works like virus scanning with signatures for spam.  RBL's work on IP's and domain names (and occasionally other data), but they absolutely do not handle something like Razor.

I'm not sure where razor.server.com came from.  This is a generic address and certainly not meant for configurations.  The owners of server.com configured it to return 127.0.0.1 for any query.  When Bruce set this up as a test, he tagged every single message because he didn't check the box that required them to return 127.0.0.2, and because server.com wildcarded their domain to 127.0.0.1.

The bottom line here is be more careful about limiting to the proper result codes when setting up RBL's, and also Razor is not an RBL.

Reply to Thread