On Thu, 23 Jan 2020 at 13:06, Jonathan Gilpin <jonat...@fluent.ltd.uk> wrote:
> Hi, > > It seems that SpamAsassin is giving out a false positive on a Spamhaus SBL > lookup: > > * 0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL > * blocklist > * [URIs: fluent.ltd.uk] > * 2.1 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL > * blocklist > * [URIs: fluent.ltd.uk] > > > fluent.ltd.uk has address 195.78.94.252 > > Name servers: > dns1.fluent.ltd.uk 195.78.94.253 > dns2.fluent.ltd.uk 195.78.94.254 > > > *195.78.94.252 is not listed in the SBL* > > *195.78.94.252 is not listed in the PBL* > > *195.78.94.252 is not listed in the XBL* > *195.78.94.253 is not listed in the SBL* > > *195.78.94.253 is not listed in the PBL* > > *195.78.94.253 is not listed in the XBL* > *195.78.94.254 is not listed in the SBL* > > *195.78.94.254 is not listed in the PBL* > > *195.78.94.254 is not listed in the XBL* > > Has anyone come across this before or can someone give any advise of what > the cause of this might be? most importantly how to fix it? > Assuming you are still seeing the FPs (and they weren't a temporary problem with the SBL now having been updated), what DNS resolver was being used by the system that generated the FPs? Are you confident that it was sending the RBL lookup requests direct to Spamhaus and not forwarding them to another DNS server outside your control?
