Mouss wrote on Thu, 08 Dec 2005 01:35:32 +0100: > my own messages to this list get a RCVD_IN_SORBS on my own SA. my first > reaction is to remove all sorbs tests (because I don't believe in > sorbs), but I still wanna understand why this happens.
You have to make a distinction between an IP being on the SORBS list and the fact that RCVD_IN_SORBS hits a mail. A procedure to check it may be done as follows (please correct or detail if someone feels fit): 1. first check which IP was found to be on this list. In general the SORBS list doesn't have many false positives, but if there is one the location to report or complain is dnsbl.sorbs.net. This is not an SA issue at all, specifically it's not an SA false positive. 2. next check if that IP delivered directly to you (= your mail server) or not. If yes, then this hit is legitimate. It's not your IP and it delivered directly to you. That's exactly the kind of IP you want to check if it is on a blacklist. If no, this means the IP didn't deliver directly to you. It could be another mail server/hub/forwarder in the chain to you or it could be a dialup client delivering to his ISP's server which then delivered to you. It's a bit pesky to check this. You have to read the header lines carefully. Anyway, when this happens it's likely that SA cannot determine which hosts belong to your network and thinks that ISP's server belongs to your network. So, it thinks that dialup client is delivering directly to *you* and that's exactly what we want to check on an RBL, don't we (see above)? The problem is that this assumption is wrong. To correct it you have to tell SA where your network boundary is and that's what the trusted_networks Matt mentions is for. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
