- Spam filters rejecting mail
Question asked by Robert Pinkerton - October 17, 2014 at 10:37 AM
We work with a number of contractors, many of whom use email accounts. Seemingly sporadically, comcast is rejected by HostKarma - YellowList and SpamCannibal. It seems overly protective to flag the entire domain as Spam. Is there some middle ground? I don't want to open the door to all kinds of additional junk mail but need to communicate with these contractors. I'm using Bruce's excellent settings in Spam Filtering with HostKarma - Yellowlist scoring 10 and SpamCannibal scoring the same. My Filtering is set to delete a message at 15 but I'm not seeing any scoring in the SMTP log. Both RBLs are checked to be used for incoming SMTP blocking.
All insights gratefully accepted.
Log Entries
[22816611] rsp: 554 Sending address not accepted due to spam filter
[22816611] Mail rejected due to SMTP Spam Blocking: HostKarma - Yellowlist, SpamCannibal
[22816611] cmd: RSET
[22816611] rsp: 250 OK
[22816611] disconnected at 10/14/2014 11:51:53 AM

2 Replies

Reply to Thread
If you have completely followed my document, then something on Hostkarma - Yellowlist will be deleted immediately, regardless of score.
Are the senders using the COMCAST.NET domain, or is their domain hosted by Comcast?

If their domain is hosted by Comcast, then the domain may be what's listed in the spam databases.
In testing from my Comcast account, I found no issues with either of the two tests
Here's the logs from a test I just did:
[2014.10.17] 14:14:12 [][55462094] rsp: 220  Fri, 17 Oct 2014 19:14:12 +0000 UTC | SmarterMail Enterprise 12.4
[2014.10.17] 14:14:12 [][55462094] connected at 10/17/2014 2:14:12 PM
[2014.10.17] 14:14:12 [][55462094] cmd: EHLO
[2014.10.17] 14:14:12 [][55462094] rsp: Hello []250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2014.10.17] 14:14:12 [][55462094] cmd: STARTTLS
[2014.10.17] 14:14:12 [][55462094] rsp: 220 Start TLS negotiation
[2014.10.17] 14:14:12 [][55462094] cmd: EHLO
[2014.10.17] 14:14:12 [][55462094] rsp: Hello []250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2014.10.17] 14:14:12 [][55462094] cmd: MAIL FROM:<> SIZE=3472
[2014.10.17] 14:14:14 [][55462094] rsp: 250 OK <> Sender ok
[2014.10.17] 14:14:14 [][55462094] cmd: RCPT TO:<>
[2014.10.17] 14:14:14 [][55462094] rsp: 250 OK <> Recipient ok
[2014.10.17] 14:14:14 [][55462094] cmd: DATA
[2014.10.17] 14:14:14 [][55462094] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2014.10.17] 14:14:14 [][55462094] rsp: 250 OK
[2014.10.17] 14:14:14 [][55462094] Data transfer succeeded, writing mail to 69550204768.eml
[2014.10.17] 14:15:14 [][55462094] cmd: QUIT
[2014.10.17] 14:15:14 [][55462094] rsp: 221 Service closing transmission channel
[2014.10.17] 14:15:14 [][55462094] disconnected at 10/17/2014 2:15:14 PM
[2014.10.17] 14:14:15 [04768] Delivery started for at 2:14:15 PM

[2014.10.17] 14:14:19 [04768] Spam check results: [_SPF: Pass], [BARRACUDA - BRBL: passed], [CBL - ABUSE SEAT - DO NOT USE FOR OUTGOING!: passed], [GBUDB: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [MAILSPIKE BL: passed], [MAILSPIKE Z: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SMTP: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - CBL: passed], [SPAMHAUS - CSS: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [VIRUS RBL - MSRBL: passed], [_REVERSEDNSLOOKUP: passed], [_DK: None], [_DKIM: Pass], [SURBL - ABUSE BUSTER: passed], [SURBL - JWSPAMSPY: passed], [SURBL - MALWARE: passed], [SURBL - PHISHING: passed], [SURBL - SA BLACKLIST: passed], [SURBL - SPAMCOP WEB: passed], [URIBL - BLACK: passed], [URIBL - GREY: passed], [URIBL - MULTI: passed], [URIBL - RED: passed]
[2014.10.17] 14:14:21 [04768] Starting local delivery to
[2014.10.17] 14:14:21 [04768] Delivery for to has completed (Delivered) Filter: None
[2014.10.17] 14:14:21 [04768] End delivery to
[2014.10.17] 14:14:21 [04768] Delivery finished for at 2:14:21 PM [id:69550204768]
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal:
Security Blog:

Web and E-Mail Hosting, E-Mail Security and Consulting
Before I start, you can see the scoring of emails in the Delivery log. However, if something triggers enough checks that have Enable for Incoming SMTP blocking checked so that the score is above the SMTP Blocking threshold, the get rejected right away and never make it to the delivery queue.

Anyway, first take off SMTP blocking for HostKarma Yellow. This is the description of the yellow list:
"If the result is then the host is yellow listed. Yellow listing means that host generates some spam and some nonspam (examples:, What that means is that this host should never be blacklisted and that other IP based blacklists should be bypassed to prevent false positives."
I've marked my score down to 0 for this check.

Regarding SpamCannibal, what an IP Address that is failing this check?

Reply to Thread