> De : Karsten Bräckelmann [ <mailto:guent...@rudersport.de> mailto:guent...@rudersport.de]
> > On Wed, 2009-09-16 at 15:38 -0400, Philippe Ratté wrote: > > > If it is anything else, we might be much better able to help you, > > > if we know about the issue -- rather than what you think would be > > > the best solution. ;) > > > > The situation is about Hotmail. Yesterday a customer told me he was > having > > problems between his corporative account and Hotmail, the customers > > of > my > > customer were unable to contact him. > > > > I noticed at that time 65.55.111.100 was part of SORBS BL. > > <http://www.us.sorbs.net/lookup.shtml?65.55.111.100> http://www.us.sorbs.net/lookup.shtml?65.55.111.100 indicates : > > Address: 65.55.111.100 > > Record Created: Wed Oct 29 19:00:03 2008 GMT > > Record Updated: Mon Sep 14 08:56:51 2009 GMT > > Additional Information: [ Updated via: Report 'o Matic ] Received: > from > > blu0-omc2-s25.blu0.hotmail.com (blu0-omc2-s25.blu0.hotmail.com > > [65.55.111.100]) by anaconda.sorbs.net (Postfix) with ESMTP id > E0D9B2E05D > > for <[email]>; Mon, 14 Sep 2009 14:31:01 +1000 (EST) Currently > > active > and > > flagged to be published in DNS > > Ok, slow down. What rules *exactly* are hitting on these messages? See below > > 'grep SORBS 50_scores.cf'. All SORBS listings score below 1. Oddly, > SORBS SPAM is missing there, but that just means it is a default score > of 1 for the hit. > > A score of <= 1 cannot be the reason for blocked mail! There's at > least another 4 points to be added by other rule hits. Well, as far as > a sane SA configuration is concerned. > > A SORBS listing does NOT explain why your customer doesn't get his mail. > > Also, SA merely scores. It doesn't reject, but lets all mail through. > Any action whatsoever is duty of some other tool in your mail > processing chain. Which one is the culprit responsible for "your > customer not getting his mail"? Regardless if that tool ended up > rejecting the mail or delivered it to some kind of dedicated or > quarantine folder -- I'd check back there. > > You wouldn't happen to run RBL checks at SMTP stage, prior to SA, that > outright block based on a single BL hit? > This is true, I forgot to mention a very important detail. Mail was getting blocked by another program named rblsmtpd at SMTP stage. I found the way to skip DNSBL checks for a particular IP in rblsmtpd, but not into SpamAssassin. The reason why I wanted to do the same thing into SA was to ensure that it would not be blocked at this stage and tell my customer that Hotmail is white listed. > > Oddly enough, my own checks are inconsistent. :-/ While the sorbs.net > lookup indeed does claim exactly what you posted, my own 'host' check > returns NXDOMAIN. Two additional, independent BL lookup forms don't > agree with each other either. I also see this actually (NXDOMAIN), maybe the web interface of SORBS is not up-to-date. > > > > Customer asked "can you white-list them temporarly ?" > > > > We have a firewall with a network setup which allow me to bypass RBL > > + SpamAssassin easily. We did this with most of Hotmail's IPs until > > we > started > > receiving spam from valid Hotmail accounts. > > > > I do not want to let Hotmail completely white listed, my idea was to > skip > > RBL checks and keep other checks in place. > > First of all, you want to skip a single BL. Not all of them. And > second, as mentioned above, there is *much* more to your problem than > what you provided in your post. > > Mail is not being delivered, so go check the reason. If it is a high > SA score, you'll find lots more evil than this in the rules triggered. Found the reason (rblsmtpd). I did not know how SA handled DNSBL so maybe simply removing it from rblsmtpd would be enough. I like John's idea : meta NO_RBL_HOTMAIL RBL_SORBS && FROM_HOTMAIL score NO_RBL_HOTMAIL -2 Can you help me writing these ? Thanks and have a nice day > > > -- > char > *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4 > "; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ > i%8? > c<<=1: > (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ > putchar(t[s]);h=m;s=0; }}} >
