>X-Assp-Received-RWL: whitelisted from (wl.mcf.com->127.0.4.3; > ) - high trust is 2-[medium] - client-ip=174.77.239.34
The highest trust value is 2, which is one too less to whitelist the mail. If you expect that your local rwl works the same way like list.dnswl.org (the trust would be 3 for 127.0.4.3) , you need to register your local rwl (wl.mcf.com) in $dnswlorg or you need to rename your local rwl to something like: list.dnswl.org.wl.mcf.com check your RWL settings increase RWLLog and watch assp log Read the manual for RWL providers again and have a look in to the code (near line 650) ####################################################### # DNSWL.ORG special settings for local instances # ####################################################### # # >I tried adding IPs to an onRBL file, and they still got blocked. If an IP is in noRBL it can be blocked by any feature but not by RBL! If a mail is whitelisted or rwlok or both, the RBL check is skipped! You need to enable RWLwhitelisting to process high trust RWL-listed mails as whitelisted. The 'rwlok' flag is less "white" than the 'whitelisted' flag. For the 'rwlok' to be set, the highest trust or RWLminhits must be reached. Thomas Von: "Farokh - Best Tech Service, LLC" <far...@besttechsvc.com> An: "For Users of ASSP" <assp-user@lists.sourceforge.net> Datum: 16.11.2021 13:01 Betreff: Re: [Assp-user] Still confused about whitelisting ip addresses. I tried adding IPs to an onRBL file, and they still got blocked. Now I'm trying to add IPs to the noProcessingIPs list. I don't see why it should be so difficult :( Farokh ---------------------------------------------------------------------------- Best Tech Service, LLC - When only the Best Tech will do... For all your technology needs including hosting solutions. Office: 845-735-0210 Cell: 914-262-1594 Like us on Facebook: https://www.facebook.com/besttechsvc On 11/6/21 10:49, K Post wrote: Hey, if that methodology works for you, have at it. How about adding the exception IP to a noRBL file so that this specific IP isn't checked against the DNS BL Enter IP addresses that you don't want to be DNSBL validated, separated by pipes (|). For example: 127.0.0.1|172.16. If you're only scoring for ValidateRBL (which is what controls after a DNSBL hit - I'm not interested in DoBlackDomain here), then the score plus other scoring must have pushed the hit beyond the threshold. Take a look at your log and analyze. Hope this helps. Ken On Sat, Nov 6, 2021 at 8:02 AM Farokh - Best Tech Service, LLC < far...@besttechsvc.com> wrote: I use my own DNS based blacklist and whitelist, along with a couple of public ones (such as spamcop, etc). The reason I use my own is so I can add entries as I see fit. I'm only running email for a few people, so I can block ranges that normally would have to be open. I've been doing this for something like 10+ years, so I've built up a large database of IP addresses that are blacklisted, along with ones that are whitelisted. I actually duplicate the whitelisted IPs. Not only do I have a DNS WL, but I also have them all listed in the whiteListedIPs file. I don't want to have to break up /8s into smaller subnets. It would become a logistical nightmare to try and keep track of it all, and from what I can tell most of the time, the whitelist works, it's just sometimes that it fails, and I can't seem to track down why. I'm using score for DoBlackDomain, but I'm not 100% sure that answers your comment about blocking DNS BL matches. Thanks. Farokh ---------------------------------------------------------------------------- Best Tech Service, LLC - When only the Best Tech will do... For all your technology needs including hosting solutions. Office: 845-735-0210 Cell: 914-262-1594 Like us on Facebook: https://www.facebook.com/besttechsvc On 11/3/21 11:45, K Post wrote: You've got a bunch going on here. First, take a look at the noRBL entry. You could exclude the single IP from having DNSBL used. You could also list the Ip in whiteListedIPs, which is just a list, not something through DNS. If there's a reason you have to use DNSBL, you'll need to be able to exclude the single IP one way or another. I'm not sure what DNS BL topology you're using, but instead of having the entire 170.0.0.0/8 subnet, you could break that up into smaller subnets that exclude the single IP that you don't want in there. Starting point: 170.0.0.0/10 (gets you 170.0.0.0. through 170.63.255.255) 170.64.0.0/13 (170.64.0.0-170.71.255.255) 170.72.0.0./14 (170.72.0.0-170.75.255.255) keep going for the full range, just don't include 174.77.239.34, so you'll have to have a couple of /32 in there. You also need to look at if you're outright blocking DNS BL matches or just scoring. If it's blocking, no matter what happens next (including a specific Ip being in TWL, the message will be rejected. Why do you have you DNS BL set up with such a huge range? You want to outright reject any message from 1/255th of the internet (the entire class A starting with 170.)? Why are you hosting your own DNSBL? Have you looked at using public dnsbl services (Free) to block (or score) known bad senders? On Wed, Nov 3, 2021 at 9:36 AM Farokh - Best Tech Service, LLC < far...@besttechsvc.com> wrote: I'm still getting messages rejected when they are coming from IP addresses that are within a blacklisted range, as well as being whitelisted. In my BL DNS I have an entry for 174.0.0.0 I also have a WL DNS entry for 174.77.239.34 Here are the ASSP headers for an email that was rejected: Received: from assp.xmsi.net (ns1.xmsi.net [165.254.4.23]) by linuxmail.xmsi.net (Postfix) with ESMTP id 9413E2486F16 for <s...@besttechsvc.com>; Tue, 2 Nov 2021 13:54:34 -0400 (EDT) X-Assp-Version: 2.6.5(21218) on assp.xmsi.net X-Assp-ID: assp.xmsi.net m1-75672-02918 X-Assp-Session: 7FAFD12372D0 (mail 1) X-Assp-Intended-For-IP: 165.254.4.49 X-Assp-Client-TLS: yes X-Assp-Server-TLS: yes X-Assp-Received-RWL: whitelisted from (wl.mcf.com->127.0.4.3; ) - high trust is 2-[medium] - client-ip=174.77.239.34 X-Original-Authentication-Results: assp.xmsi.net; dkim=invalid X-Assp-Message-Score: 15 (DKIM invalid) X-Assp-IP-Score: 15 (DKIM invalid) X-Assp-Message-Score: 60 (DNSBL: failed, 174.77.239.34 listed in bl.mcf.com) X-Assp-IP-Score: 60 (DNSBL: failed, 174.77.239.34 listed in bl.mcf.com) X-Assp-DNSBL: failed, 174.77.239.34 listed in (bl.mcf.com<-127.0.0.8) X-Assp-Message-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net') X-Assp-IP-Score: 15 (PTR invalid 'wsip-174-77-239-34.ga.at.cox.net') X-Assp-Tag: MessageLimit X-Assp-Spam: YES X-Spam-Status:yes X-Assp-Spam-Reason: MessageScore 90, limit 50 X-Assp-Message-Totalscore: 90 X-Assp-Spam-Level: ******************* What do I need to do to ensure that whitelisted IPs always get the OK? Thanks. -- Farokh ---------------------------------------------------------------------------- Best Tech Service, LLC - When only the Best Tech will do... For all your technology needs including hosting solutions. Office: 845-735-0210 Cell: 914-262-1594 Like us on Facebook: https://www.facebook.com/besttechsvc _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user