Incorrect delegation with RBLs - Troubleshooting procedure ?
Problem reported by Steve Gaston - July 6 at 1:10 AM
Submitted
I will do my best to make this as clear as possible.

This issue does not happen all the time, it is sporadic and on a very low volume email server running SM 12.5.5409.

Example
IP: 160.20.111.5 is on the following blacklists (as well as many others...)

recent.spam.dnsbl.sorbs.net
zen.spamhaus.org 

Smartermail is configured to add weights to these RBLs  if found on these blacklists.

For some reason unknown to me the following heading is seen for **some** emails

X-SmarterMail-Spam: SPF_None, DKIM_None

Its as if Smartermail cannot see that the IP address is blacklisted, although if I check from the email server I can see that the email server DOES see that the IP is on the two blacklists.

C:\Windows\system32>nslookup 5.111.20.160.recent.spam.dnsbl.sorbs.net
Server:  ks31884.kimsufi.com
Address:  213.251.133.164

Non-authoritative answer:
Name:    5.111.20.160.recent.spam.dnsbl.sorbs.net
Address:  127.0.0.6
and

C:\Windows\system32>nslookup 5.111.20.160.zen.spamhaus.org
Server:  ks31884.kimsufi.com
Address:  213.251.133.164

Non-authoritative answer:
Name:    5.111.20.160.zen.spamhaus.org
Address:  127.0.0.3
And I know that these blacklist do get triggered in SM

[2019.07.06] 00:01:08 [63593] Spam check results: [GBUDB | +30: passed], [HOSTKARMA-BLACK | +10: passed], [MAILSPIKE-L4 | +10: passed], [MAILSPIKE-L5 | +15: passed], [MCAFEE | +10: passed], [SURRIEL | +10: passed], [ZEN10 | +10: passed], [ZEN11 | +10: passed], [ZEN2 | +10: passed], [ZEN3 | +10: passed], [ZEN4 | +10: passed], [ZEN5 | +10: passed], [ZEN6 | +10: passed], [ZEN7 | +10: passed], [ZEN9 | +10: passed], [_REVERSEDNSLOOKUP: passed], [_SPF: None], [_DK: None], [_DKIM: None], [BACKSCATTER | +4: passed], [BARRACUDA | +10: passed], [BONDEDSENDER | -15: passed], [CBL | +6: passed], [HOSTKARMA-YELLOW | -2: passed], [IADB | -10: passed], [IX | +5: passed], [MAILSPIKE-H1 | -1: passed], [MAILSPIKE-H2 | -2: passed], [MAILSPIKE-H3 | -3: passed], [MAILSPIKE-H4 | -4: passed], [MAILSPIKE-H5 | -5: passed], [MAILSPIKE-L1 | +4: passed], [MAILSPIKE-L2 | +6: passed], [MAILSPIKE-L3 | +8: passed], [MSRBL | +6: passed], [SEM-BL | +7: passed], [SEM-BS | +5: passed], [SENDERSCORE | +5: passed], [SORBS-DUL | +5: passed], [SORBS-NEW | +3: failed], [SORBS-NOMAIL | +10: passed], [SORBS-RECENT | +3: failed], [SPAMCOP | +10: passed], [SPAMRATS | +4: passed], [SURBL128 | +15: passed], [SURBL16 | +15: passed], [SURBL64 | +15: passed], [SURBL8 | +15: passed], [UBL | +4: passed], [UCEPROTECT-1 | +4: passed], [UCEPROTECT-2 | +2: passed], [UCEPROTECT-3 | +2: passed], [URIBL-BLACK | +20: failed], [URIBL-GREY | +5: passed], [URIBL-RED | +5: passed]
and

[2019.07.05] 01:29:01 [63213] Spam check results: [GBUDB | +30: passed], [HOSTKARMA-BLACK | +10: passed], [MAILSPIKE-L4 | +10: passed], [MAILSPIKE-L5 | +15: passed], [MCAFEE | +10: passed], [SURRIEL | +10: passed], [ZEN10 | +10: passed], [ZEN11 | +10: passed], [ZEN2 | +10: passed], [ZEN3 | +10: failed], [ZEN4 | +10: passed], [ZEN5 | +10: passed], [ZEN6 | +10: passed], [ZEN7 | +10: passed], [ZEN9 | +10: passed], [_REVERSEDNSLOOKUP: passed], [_SPF: None], [_DK: None], [_DKIM: None], [BACKSCATTER | +4: passed], [BARRACUDA | +10: passed], [BONDEDSENDER | -15: passed], [CBL | +6: passed], [HOSTKARMA-YELLOW | -2: passed], [IADB | -10: passed], [IX | +5: passed], [MAILSPIKE-H1 | -1: passed], [MAILSPIKE-H2 | -2: passed], [MAILSPIKE-H3 | -3: passed], [MAILSPIKE-H4 | -4: passed], [MAILSPIKE-H5 | -5: passed], [MAILSPIKE-L1 | +4: passed], [MAILSPIKE-L2 | +6: passed], [MAILSPIKE-L3 | +8: passed], [MSRBL | +6: passed], [SEM-BL | +7: passed], [SEM-BS | +5: passed], [SENDERSCORE | +5: passed], [SORBS-DUL | +5: passed], [SORBS-NEW | +3: failed], [SORBS-NOMAIL | +10: passed], [SORBS-RECENT | +3: failed], [SPAMCOP | +10: passed], [SPAMRATS | +4: passed], [SURBL128 | +15: passed], [SURBL16 | +15: passed], [SURBL64 | +15: passed], [SURBL8 | +15: passed], [UBL | +4: passed], [UCEPROTECT-1 | +4: passed], [UCEPROTECT-2 | +2: passed], [UCEPROTECT-3 | +2: passed], [URIBL-BLACK | +20: passed], [URIBL-GREY | +5: passed], [URIBL-RED | +5: passed]

So, what could be the possible reasons for this to occur ? 

I have some answers in my head to the above question, but dont want to 'pollute' the thread with these just incase I end up misguiding someone.

And of course, the means to troubleshoot this (as per my own question), is to understand what the possible causes to this may be.

Hope to hear back from someone ...............

2 Replies

Reply to Thread
0
Jade D Replied
My first suggestion is to upgrade, you're exposing your users to attack and if they are paying you for a service then you're not providing them with what they pay you for
0
Steve Gaston Replied
Hi,

so your only suggestion was for me to upgrade.

Then you go on to chastise me, thanks.

All software's are exposed to various threats on the Internet.

Its not what I asked.

All the best

Reply to Thread