SPAM Filter RBLs Giving False Readings

[trinitysrv]

I have two different servers running this application.
Both use the same RBLs, settings, etc.

Sending from domain1 to domain2 goes through without error (SPF Checks, etc.)

Sending from domain2 to domain1 gets caught by most of the spam RBLs. I've determined this is an error with the application itself as none of my domains or IPs are listed in these Blacklists. Appears to be a major bug in the app!!!!

Support please!!!

[Code Crafters]

RBLs block based on the IP the mail is sent from. Check the SMTP logs for the exact error given to confirm exactly what is blocking the mail then I can more accurately advise on how to deal with this.

[trinitysrv]

Thu, 17 Jul 2008 11:00:09 -> 2.2.2.2 -> Success: Action=[Accept Connection], Details=[Port 25]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[Received Hello], Details=[Host=host.server1.org]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[Received Sender], Details=[1234@server1.org]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[SPAM Detection Triggered], Details=[SPAM detected by RBL 'dnsbl-1.uceprotect.net'.]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[SPAM Detection Triggered], Details=[SPAM detected by RBL 'dnsbl-2.uceprotect.net'.]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[SPAM Detection Triggered], Details=[SPAM detected by RBL 'dnsbl-3.uceprotect.net'.]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[SPAM Detection Triggered], Details=[SPAM detected by RBL 'AHBL'.]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[SPAM Detection Triggered], Details=[SPAM detected by RBL 'zen.spamhaus.org'.]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[SPF Check], Details=[Domain=server1.org, Result=PASS]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[Received Recipient], Details=[1234@server2.com]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[Start Mail Transaction]
Thu, 17 Jul 2008 11:00:10 -> 2.2.2.2 -> Success: Action=[Complete Mail Transaction], Details=[From Host=host.server.org, Size=1 KB, From=1234@server1.org, To=1234@server2.com]
Thu, 17 Jul 2008 11:00:11 -> 72.52.252.241 -> Success: Action=[Close Connection]

[trinitysrv]

Blacklist check:

0spam.fusionzero.com OK
bl.spamcop.net OK
bl.csma.biz OK
bl.spambag.org OK
bl.spamcannibal.org OK
blackholes.five-ten-sg.com OK
cbl.abuseat.org OK
combined.njabl.org OK
db.wpbl.info OK
dnsbl.ahbl.org OK
dnsbl.sorbs.net OK
dnsbl-1.uceprotect.net OK
dnsbl-2.uceprotect.net OK
dnsbl-3.uceprotect.net OK
dyna.spamrats.com OK
ips.backscatterer.org OK
ix.dnsbl.manitu.net OK
l2.apews.org OK
list.dsbl.org OK
no-more-funn.moensted.dk OK
noptr.spamrats.com OK
psbl.surriel.com OK
rbl.efnet.org OK
spam.spamrats.com OK
t1.dnsbl.net.au OK
ubl.unsubscore.com OK
zen.spamhaus.org OK

[Code Crafters]

If your IP is not listed and you are getting false positives from the RBLs this is usually caused by your DNS server failing the lookup or similar. In outgoing mail settings press the Test DNS button to check for any obvious problems with your outgoing DNS server. If possible set this to manually use your ISPs DNS servers that you are assigned. You can open a command prompt (Run: cmd) and type "ipconfig/all" from any computer connected directly to your router / modem to get your DNS server listings.

[trinitysrv]

You hit the nail on the head...It appears to be the DNS.

Regardless of what server I use under the Outgoing Mail service, the DNS test always fails unless the domain is local.

[trinitysrv]

NM. The working mail server does the same thing...

The outgoing mail tests go through without error. (MX Lookup)

The "Test DNS" button almost always fails.

[Code Crafters]

If the Test DNS button in outgoing mail settings fails then your DNS server is definitely the problem. If you enter the ISP DNS servers as I suggested these should always succeed as these are what your comptuer uses to get domain lookups for websites etc.

[trinitysrv]

Where would I enter them?

[trinitysrv]

I have verified that all DNS settings are correct. The tools are just not very clear on their usage.

I've been able to, under the tools panel, lookup MX Records, mail servers, smtp servers, etc. successfully.

This does not appear to be a DNS problem. I have another server with the exact same settings that is not having this problem.

[Code Crafters]

Under Services -> Outgoing Mails (not tools) there are Test DNS and Test Outgoing Route buttons. Use the Test DNS one. Make sure you aren't using a local DNS server but instead are using your ISPs DNS servers which are much more reliable and complete.

[trinitysrv]

I did verify that. It's good to go.

[bkiser]

I am having a similiar problem. As soon as I enable RBLs all my incoming mail starts getting blocked. Below is an example of the messages I get in my logs:

Wed, 23 Jul 2008 20:25:17 -> 65.54.246.224 -> Success: Action=[Accept Connection], Details=[Port 25]
Wed, 23 Jul 2008 20:25:17 -> 65.54.246.224 -> Success: Action=[Received Hello], Details=[Host=bay0-omc3-s24.bay0.hotmail.com]
Wed, 23 Jul 2008 20:25:17 -> 65.54.246.224 -> Success: Action=[Received Sender], Details=[rnrheaven@hotmail.com]
Wed, 23 Jul 2008 20:25:18 -> 65.54.246.224 -> Success: Action=[SPAM Detection Triggered], Details=[SPAM detected by RBL 'Spamhaus (SBL)'.]
Wed, 23 Jul 2008 20:25:18 -> 65.54.246.224 -> Failed: Action=[Received Recipient], Details=[bkiser@rnrheaven.com: SPAM detected by RBL 'Spamhaus (SBL)'.]
Wed, 23 Jul 2008 20:25:18 -> 65.54.246.224 -> Success: Action=[Close Connection]

But if I check that IP on Spamhaus it shows it's not listed. I did the Test DNS button under Services/Outgoing Mails and it passes just fine. Now if I go to Tools and try the Test DNS it fails. MX Lookup works fine though. Something is definately wrong.

[Code Crafters]

If only a few RBLs are misbehaving, I'd recommend you just disable those. However, if all are triggering that generally means that the DNS lookup failed rather than the RBL list showed the IP to be a SPAM source. You can raise the number of triggers needed to take action to allow for more error but I'd definitely recommend that if you don't disable all RBLs that you only set the SPAM flag and use the SPAM Identifier preset content filter rule until this can be resolved.

Check for any local DNS servers running on your network that might be being used instead of your ISPs DNS servers and as I said try to change the DNS server list in the outgoing mail settings although RBLs can potentially a slightly different DNS system to that but will use this more accurately in a future update.

Please also note that grey listing and Baeysian filtering are by far the most effective SPAM filters and you can achieve almost as good filtering without RBLs if these continue to be problematic.