Blacklist RBLs - blacklisted IPs getting through
Question asked by Nathalie V - 9/21/2016 at 12:15 PM

We're running Smartermail 12.3
It looks like Smartermail is not identifying spam and I'm trying to get to the bottom of this.
For example, here are some details about one spam email:
email headers show:
X-SmarterMail-Spam: SPF_Pass, DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 0
The delivery logs show:
[2016.09.20] 14:57:35 [62443] Spam check results: [BARRACUDA: passed], [CBL - ABUSE SEAT: passed], [SPAMCOP: passed], [SPAMHAUS - CBL: passed], [SPAMHAUS - CSS: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL2: passed], [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: passed], [_SPF: Pass], [_DK: None], [_DKIM: None]
The IP address of the spammer is listed on MULTIPLE blacklists:
Checking against 97 known blacklists... 
Listed 9 times with 0 timeouts 
Blacklist    Reason    TTL    ResponseTime    
LISTED    ivmSIP was listed 
LISTED    ivmSIP24 was listed
LISTED    NoSolicitado was listed 
LISTED    Protected Sky was listed 
LISTED    RATS NoPtr was listed 
LISTED    SORBS NEW was listed 
LISTED    SORBS SPAM was listed 
LISTED    SPAMCOP was listed
LISTED    Spamhaus ZEN was listed Detail
In Smartermail, we have the following configured:
Spamhaus - CBL
Spamhaus - CSS
Spamhaus - PBL
Spamhaus - PBL2
Spamhaus - SBL
Spamhaus - XBL2
(each using hostname zen.spamhaus.org, and with a specific 127.0.0.x Required lookup value)
We also have other RBLs including SpamCop.
The spammer's IP was listed on Spamhaus Zen and on Spamcop.
The weight settings for the domain and email account are such that there should have been a weight of 20 given for each blacklisting yet the spam score was 0.
I'm looking for some guidance in tracking this down.
Why do the delivery logs show "passed" for everything, would it show failed if something was on a blacklist?
Thank you

Reply to Thread