Le mercredi 18 août 2010 à 10:53 -0400, Kris Deugau a écrit : > Alexandre Chapellon wrote: > > When other well known DNSBL (I have always heard spamhaus sbl and xbl > > are trust worthy) list less at most 50 entries , barrcuda lists almost > > 8000!!!! > > That's not a problem all by itself, but when combined with this:
No indeed... It's just not very clean, and makes me think the list is not very reliable. > > > Finally there is a special feature that barrcuda folks call "deep > > scanning" which makes the appliance scans the 'Received' headers and > > reject the mails if an IP found in that headers, is listed in the > > DNSBL... a feature that should obviously be called: 'even increase my > > false positive rate' > > ... it makes life difficult. (In fact, if you provide Internet access > for residential customers, a big chunk of your IP address space *should* > be listed on Spamhaus' PBL - these IPs should be using your SMTP relay, > or submitting mail via SMTP AUTH to another relay, not contacting > recipient MXes directly.) > This is what all my residential customers do as port 25 is blocked at the bound of our network. > I've had far too many incidents in the last ~6 months of having tech > support ask me to dig into why a certain customer of ours is suddenly > getting postmaster rejections on their mail to certain recipients - > usually "important business contacts". > All of them have proven to be recipients behind a Barracuda filter > appliance that's deep-scanning headers and rejecting the message based > on our customer's connection IP on our network - an IP behind our > standard block for SMTP to anywhere but our own SMTP relay... and the > rejected message was properly relayed through that system. Or worse, an > IP on some other provider's network, where our mail customer is using > SMTP AUTH on port 587 to relay through our server. > This is exactly what happens here: deep scanning put a mess (I conclude it's deep scanning involved as I noticed rejection happened after the end of data command and complained about ip address). Do people (dumbly) using barracuda just don't care of rejecting legitimate email??????? > I usually tell tech support to tell the customer that they'll have to > contact the recipient by eg phone to let them know they're missing > legitimate mail. > > -kgd
