Matt Adair wrote:
Hoping somebody out there can help. After noticing a dramatic increase
in male enhancement spam lately, I started to investigate what was
going on and it would appear that none of the default RBLs are getting
checked. I've done everything that I can think of and I just can't
figure out what is wrong. Any help would be greatly appreciated
I looks like they're getting checked. What makes you think they're not?
Note: it appears your trust path is broken. You should add a
trusted_networks setting manually. The IP your SA box resolves
"cadfx.com" (which is your "by" clause) to should be in this. And if
your SA box can't resolve cadfx.com as an A record, fix that or change
what you put in your "by" clause to something that is resolvable. Having
no internal and no trusted hosts is a bad thing. This *WILL* break all
"dynamic/dialup" type RBLs.
<snip>
[84550] dbg: conf: trusted_networks are not configured; it is
recommended that you configure trusted_networks manually
[84550] dbg: received-header: parsed as [ ip=67.76.178.81
rdns=nj-67-76-178-81.sta.embarqhsd.net
helo=nj-67-76-178-81.sta.embarqhsd.net by=cadfx.com ident=
[EMAIL PROTECTED] intl=0 id=m48FhNO10546 auth= msa=0 ]
[84550] dbg: received-header: do not trust any hosts from here on
[84550] dbg: received-header: relay 67.76.178.81 trusted? no internal?
no msa? no
[84550] dbg: metadata: X-Spam-Relays-Trusted:
[84550] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=67.76.178.81
rdns=nj-67-76-178-81.sta.embarqhsd.net
helo=nj-67-76-178-81.sta.embarqhsd.net by=cadfx.com ident=
[EMAIL PROTECTED] intl=0 id=m48FhNO10546 auth= msa=0 ]
[84550] dbg: metadata: X-Spam-Relays-Internal:
[84550] dbg: metadata: X-Spam-Relays-External: [ ip=67.76.178.81
rdns=nj-67-76-178-81.sta.embarqhsd.net
helo=nj-67-76-178-81.sta.embarqhsd.net by=cadfx.com ident=
[EMAIL PROTECTED] intl=0 id=m48FhNO10546 auth= msa=0 ]
<snip>
Here's SA querying a bunch of RBLs.. spamhaus, dnswl, habeas, dnsbl,
etc, etc. So clearly SA's trying. However, it didn't get any positive
matches back on the IP address 81.178.76.67.
I don't find that IP in any RBLs that SA checks, except sorbs DUL, and
that's broken by your lack of a valid trust path.
[84550] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal
[84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted:
67.76.178.81 originating:
[84550] dbg: dns: only inspecting the following IPs: 67.76.178.81
[84550] dbg: dns: launching DNS A query for
81.178.76.67.zen.spamhaus.org. in background
[84550] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted
[84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted:
67.76.178.81 originating:
[84550] dbg: dns: only inspecting the following IPs: 67.76.178.81
[84550] dbg: dns: launching DNS A query for
81.178.76.67.list.dnswl.org. in background
[84550] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted:
67.76.178.81 originating:
[84550] dbg: dns: only inspecting the following IPs: 67.76.178.81
[84550] dbg: dns: launching DNS A query for
81.178.76.67.sa-accredit.habeas.com. in background
[84550] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted:
67.76.178.81 originating:
[84550] dbg: dns: only inspecting the following IPs: 67.76.178.81
[84550] dbg: dns: launching DNS TXT query for
81.178.76.67.list.dsbl.org. in background
[84550] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[84550] dbg: dns: IPs found: full-external: 67.76.178.81 untrusted:
67.76.178.81 originating:
[84550] dbg: dns: only inspecting the following IPs: 67.76.178.81
[84550] dbg: dns: launching DNS TXT query for
81.178.76.67.sa-trusted.bondedsender.org. in background
