On Wed, 2009-09-16 at 15:38 -0400, Philippe Ratté wrote:
> > If it is anything else, we might be much better able to help you, if
> > we know about the issue -- rather than what you think would be the
> > best solution. ;)
>
> The situation is about Hotmail. Yesterday a customer told me he was having
> problems between his corporative account and Hotmail, the customers of my
> customer were unable to contact him.
>
> I noticed at that time 65.55.111.100 was part of SORBS BL.
> http://www.us.sorbs.net/lookup.shtml?65.55.111.100 indicates :
> Address: 65.55.111.100
> Record Created: Wed Oct 29 19:00:03 2008 GMT
> Record Updated: Mon Sep 14 08:56:51 2009 GMT
> Additional Information: [ Updated via: Report 'o Matic ] Received: from
> blu0-omc2-s25.blu0.hotmail.com (blu0-omc2-s25.blu0.hotmail.com
> [65.55.111.100]) by anaconda.sorbs.net (Postfix) with ESMTP id E0D9B2E05D
> for <[email]>; Mon, 14 Sep 2009 14:31:01 +1000 (EST) Currently active and
> flagged to be published in DNS
Ok, slow down. What rules *exactly* are hitting on these messages?
'grep SORBS 50_scores.cf'. All SORBS listings score below 1. Oddly,
SORBS SPAM is missing there, but that just means it is a default score
of 1 for the hit.
A score of <= 1 cannot be the reason for blocked mail! There's at least
another 4 points to be added by other rule hits. Well, as far as a sane
SA configuration is concerned.
A SORBS listing does NOT explain why your customer doesn't get his mail.
Also, SA merely scores. It doesn't reject, but lets all mail through.
Any action whatsoever is duty of some other tool in your mail processing
chain. Which one is the culprit responsible for "your customer not
getting his mail"? Regardless if that tool ended up rejecting the mail
or delivered it to some kind of dedicated or quarantine folder -- I'd
check back there.
You wouldn't happen to run RBL checks at SMTP stage, prior to SA, that
outright block based on a single BL hit?
Oddly enough, my own checks are inconsistent. :-/ While the sorbs.net
lookup indeed does claim exactly what you posted, my own 'host' check
returns NXDOMAIN. Two additional, independent BL lookup forms don't
agree with each other either.
> Customer asked "can you white-list them temporarly ?"
>
> We have a firewall with a network setup which allow me to bypass RBL +
> SpamAssassin easily. We did this with most of Hotmail's IPs until we started
> receiving spam from valid Hotmail accounts.
>
> I do not want to let Hotmail completely white listed, my idea was to skip
> RBL checks and keep other checks in place.
First of all, you want to skip a single BL. Not all of them. And second,
as mentioned above, there is *much* more to your problem than what you
provided in your post.
Mail is not being delivered, so go check the reason. If it is a high SA
score, you'll find lots more evil than this in the rules triggered.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
