Back to Community Threads
2
Incorrect delegation with RBLs - Troubleshooting procedure ?
Problem reported by Steve Gaston - 7/6/2019 at 1:10 AM
Submitted
I will do my best to make this as clear as possible.

This issue does not happen all the time, it is sporadic and on a very low volume email server running SM 12.5.5409.

Example
IP: 160.20.111.5 is on the following blacklists (as well as many others...)

recent.spam.dnsbl.sorbs.net
zen.spamhaus.org 

Smartermail is configured to add weights to these RBLs  if found on these blacklists.

For some reason unknown to me the following heading is seen for **some** emails

X-SmarterMail-Spam: SPF_None, DKIM_None

Its as if Smartermail cannot see that the IP address is blacklisted, although if I check from the email server I can see that the email server DOES see that the IP is on the two blacklists.

C:\Windows\system32>nslookup 5.111.20.160.recent.spam.dnsbl.sorbs.net
Server:  ks31884.kimsufi.com
Address:  213.251.133.164

Non-authoritative answer:
Name:    5.111.20.160.recent.spam.dnsbl.sorbs.net
Address:  127.0.0.6
and

C:\Windows\system32>nslookup 5.111.20.160.zen.spamhaus.org
Server:  ks31884.kimsufi.com
Address:  213.251.133.164

Non-authoritative answer:
Name:    5.111.20.160.zen.spamhaus.org
Address:  127.0.0.3
And I know that these blacklist do get triggered in SM

[2019.07.06] 00:01:08 [63593] Spam check results: [GBUDB | +30: passed], [HOSTKARMA-BLACK | +10: passed], [MAILSPIKE-L4 | +10: passed], [MAILSPIKE-L5 | +15: passed], [MCAFEE | +10: passed], [SURRIEL | +10: passed], [ZEN10 | +10: passed], [ZEN11 | +10: passed], [ZEN2 | +10: passed], [ZEN3 | +10: passed], [ZEN4 | +10: passed], [ZEN5 | +10: passed], [ZEN6 | +10: passed], [ZEN7 | +10: passed], [ZEN9 | +10: passed], [_REVERSEDNSLOOKUP: passed], [_SPF: None], [_DK: None], [_DKIM: None], [BACKSCATTER | +4: passed], [BARRACUDA | +10: passed], [BONDEDSENDER | -15: passed], [CBL | +6: passed], [HOSTKARMA-YELLOW | -2: passed], [IADB | -10: passed], [IX | +5: passed], [MAILSPIKE-H1 | -1: passed], [MAILSPIKE-H2 | -2: passed], [MAILSPIKE-H3 | -3: passed], [MAILSPIKE-H4 | -4: passed], [MAILSPIKE-H5 | -5: passed], [MAILSPIKE-L1 | +4: passed], [MAILSPIKE-L2 | +6: passed], [MAILSPIKE-L3 | +8: passed], [MSRBL | +6: passed], [SEM-BL | +7: passed], [SEM-BS | +5: passed], [SENDERSCORE | +5: passed], [SORBS-DUL | +5: passed], [SORBS-NEW | +3: failed], [SORBS-NOMAIL | +10: passed], [SORBS-RECENT | +3: failed], [SPAMCOP | +10: passed], [SPAMRATS | +4: passed], [SURBL128 | +15: passed], [SURBL16 | +15: passed], [SURBL64 | +15: passed], [SURBL8 | +15: passed], [UBL | +4: passed], [UCEPROTECT-1 | +4: passed], [UCEPROTECT-2 | +2: passed], [UCEPROTECT-3 | +2: passed], [URIBL-BLACK | +20: failed], [URIBL-GREY | +5: passed], [URIBL-RED | +5: passed]
and

[2019.07.05] 01:29:01 [63213] Spam check results: [GBUDB | +30: passed], [HOSTKARMA-BLACK | +10: passed], [MAILSPIKE-L4 | +10: passed], [MAILSPIKE-L5 | +15: passed], [MCAFEE | +10: passed], [SURRIEL | +10: passed], [ZEN10 | +10: passed], [ZEN11 | +10: passed], [ZEN2 | +10: passed], [ZEN3 | +10: failed], [ZEN4 | +10: passed], [ZEN5 | +10: passed], [ZEN6 | +10: passed], [ZEN7 | +10: passed], [ZEN9 | +10: passed], [_REVERSEDNSLOOKUP: passed], [_SPF: None], [_DK: None], [_DKIM: None], [BACKSCATTER | +4: passed], [BARRACUDA | +10: passed], [BONDEDSENDER | -15: passed], [CBL | +6: passed], [HOSTKARMA-YELLOW | -2: passed], [IADB | -10: passed], [IX | +5: passed], [MAILSPIKE-H1 | -1: passed], [MAILSPIKE-H2 | -2: passed], [MAILSPIKE-H3 | -3: passed], [MAILSPIKE-H4 | -4: passed], [MAILSPIKE-H5 | -5: passed], [MAILSPIKE-L1 | +4: passed], [MAILSPIKE-L2 | +6: passed], [MAILSPIKE-L3 | +8: passed], [MSRBL | +6: passed], [SEM-BL | +7: passed], [SEM-BS | +5: passed], [SENDERSCORE | +5: passed], [SORBS-DUL | +5: passed], [SORBS-NEW | +3: failed], [SORBS-NOMAIL | +10: passed], [SORBS-RECENT | +3: failed], [SPAMCOP | +10: passed], [SPAMRATS | +4: passed], [SURBL128 | +15: passed], [SURBL16 | +15: passed], [SURBL64 | +15: passed], [SURBL8 | +15: passed], [UBL | +4: passed], [UCEPROTECT-1 | +4: passed], [UCEPROTECT-2 | +2: passed], [UCEPROTECT-3 | +2: passed], [URIBL-BLACK | +20: passed], [URIBL-GREY | +5: passed], [URIBL-RED | +5: passed]

So, what could be the possible reasons for this to occur ? 

I have some answers in my head to the above question, but dont want to 'pollute' the thread with these just incase I end up misguiding someone.

And of course, the means to troubleshoot this (as per my own question), is to understand what the possible causes to this may be.

Hope to hear back from someone ...............

2 Replies

Reply to Thread
0
Jade D Replied
7/7/2019 at 11:59 PM
My first suggestion is to upgrade, you're exposing your users to attack and if they are paying you for a service then you're not providing them with what they pay you for
Jade https://absolutehosting.co.za
0
Steve Gaston Replied
7/8/2019 at 9:17 AM
Hi,

so your only suggestion was for me to upgrade.

Then you go on to chastise me, thanks.

All software's are exposed to various threats on the Internet.

Its not what I asked.

All the best
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Cannot Send Email MessagesSmarterMail > Troubleshooting
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Slow 250 response after Mail From command is issued during an SMTP session.SmarterMail > Troubleshooting