Doug,
IP's should not be in CBL unless they were found sending E-mail to a
spam trap, and seemed to be residential in nature or lacked reverse DNS
entries. So the primary issue that I see is that your IP was found to
have sent E-mail to a spam trap. CBL allows for removal without
confirmation, so if this problem is no longer there, removal should fix it.
SmarterMail does not presently allow a method for Declude to verify what
has successfully authenticated. This is probably the biggest
shortcoming of a SmarterMail/Declude setup at this time. SmarterMail
has indicated that they will likely provide a method for Declude to
verify AUTH in their 3.0 release due in Q4. If your user's IP's aren't
exclusive to your company, and aren't in a fixed range, then there is
little that can be done about whitelisting authenticated users for the
time being. CBL was correct in saying that you don't want to be looking
up authenticated E-mail on such lists, but it is a common enough
practice, and that fact alone didn't create the condition where your IP
became listed.
To work around this in the mean time, you might want drop the scores of
tests that are fed from spamtraps like CBL and SpamCop. While CBL is
very accurate, you don't want a such tests to be trapping your own users
on legitimate E-mail, so being a little more conservative might help.
Adding Sniffer would be a great way to allow you to drop scores of such
tests, and the net result of this would be trapping more spam with fewer
false positives if you weight things optimally.
Matt
Douglas Cohn wrote:
My desktop IP was erroneously listed on CBL. It seems that declude is
checking autheticated users sending mail for CBL and according to CBL this
is wrong. SEE below
Here is the header showing what went on with the actual Ips removed to
proect the innocent (ME). But it sure seems that my desktop machine is the
one being checked and shown as on CBL. Had 10 points been enough I would
not have been able to send mail. The ONLY address within the below HEADER
that was actually listed in the CBL is the HOST machine sending the email.
NOT the MAIL servers but MY DESKTOP of which I am an authenticated sender.
Why would declude check an authenticated sender on the CBL list?
This all started because Smartermails SPAM does NOT check the authenticated
senders and this is what confused me intially. IE I thought Smartermails
SPAM was not working properly on another server where I do NOT have declude
ANTISPAM installed. BUT as you see according to CBL it should NOT detect
CBL on an autheticated senders IP.
According to CBL this is not how the list is designed.
Return-Path: <[EMAIL PROTECTED]> Sun Jun 12 18:35:56 2005
Received: from forwardeddestinationmailserver [123.123.123.123] by
forwardeddestinationmailserver with SMTP;
Sun, 12 Jun 2005 18:35:56 -0400
Received: from decludesmtpserver [456.456.456.456] by destinationmailserver
with SMTP;
Sun, 12 Jun 2005 18:35:20 -0400
Received: from UnknownHost [IP-in-CBL=MY DESKTOP] by decludesmtpserver with
SMTP;
Sun, 12 Jun 2005 18:34:59 -0400
From: "douglas cohn" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Subject: Test cbl
Date: Sun, 12 Jun 2005 18:34:52 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcVvnvNNt9F+fMW3RTWO2wS4w3LH6A==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Declude-Sender: [EMAIL PROTECTED] [IPinCBL=MY DESKTOP]
X-Declude-Spoolname: 37296653.EML
X-Declude-Scan: Score [10] at 18:35:09 on 12 Jun 2005
X-Declude-Fail: CBL, WEIGHT10
X-Country-Chain: UNITED STATES->destination
X-SmarterMail-Spam: SPF_None
X-Rcpt-To: <[EMAIL PROTECTED]>
http://cbl.abuseat.org/
We're getting a lot of reports of spurious blocking caused by sites using
the CBL to block authenticated access to smarthosts / outgoing mail servers.
THE CBL is only designed to be used on INCOMING mail, i.e. on the hosts that
your MX records point to.
If you use the same hosts for incoming mail and smarthosting, then you
should always ensure that you exempt authenticated clients from CBL checks,
just as you would for dynamic/dialup blocklists.
Another way of putting this is: "Do not use the CBL to block your own
users".
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
