Considering the issue, couldn't you in theory just add "uridnsbl_skip_domain ip.on.blk.lst"?
I mean, according to URIBL_SBL, it would be if the IP itself is on the blacklist, so wouldn't skipping the "domain" of a specific IP skip detection? On Fri, Feb 23, 2018 at 4:55 PM, David Jones <djo...@ena.com> wrote: > On 02/23/2018 10:46 AM, Axb wrote: > >> On 02/23/2018 04:33 PM, David Jones wrote: >> >>> On 02/23/2018 08:26 AM, shridhar shetty wrote: >>> >>>> Hello, >>>> >>>> In our infra we use spamassassin to scan our **outgoing** mails too. >>>> This is to prevent spammers using our infra to send mails and get our IP's >>>> blacklisted. We perform various DNSBL tests on the mail body. >>>> >>>> >>> We also scan outbound aggressively to keep our own IPs clean. I monitor >>> for our own IPs getting listed in major RBLs every 15 minutes and hourly I >>> have a script that checks my own IPs in all RBLs listed at >>> http://multirbl.valli.org/. You need to make sure you have a good >>> abuse@ contact setup for your IP ranges based on a WHOIS lookup of the >>> IPs. You must setup feedback loops with all of the major platforms out >>> there like Yahoo, AOL, Comcast, etc. >>> >>> We send out millions of spammy looking emails every week from from >>> student management systems that don't have an opt-out method to lots of >>> parents on freemail platforms. We very rarely get listed on RBLs and have >>> excellent delivery rates mainly because of compromised account detection >>> and blocking of outbound mail from the single sender quickly when this is >>> triggered. Most sane RBLs will allow for a little junk outbound as long as >>> you stop it quickly because compromised accounts happen. >>> >>> >>> One of our IPs got listed in Spamhaus SBL for some reason, so now our >>>> outgoing mails are getting detected as spam if the email body contains our >>>> local domainname whose IP is listed in SBL(hitting URIBL_SBL rule). >>>> We have hundreds of domainnames mapped to an single IP. >>>> >>>> Is there a way to exclude local IP from DNSBL checks. For eg: if there >>>> is a local domainname xyz.org <http://xyz.org> present in the mail >>>> body, then spamassassin should not mark it as spam even if A or NS record >>>> for xyz.org <http://xyz.org> is listed in SBL. >>>> >>>> >>> Setup a quick meta rule that subtracts the same points that the local IP >>> on Spamhaus adds until you can find a better way to handle this. >>> >>> header __RCVD_LOCAL_IP Received =~ /\[xx\.xx\.xx\.xx\]/ >>> meta SPAMHAUS_LOCAL_IP_OFFSET __RCVD_LOCAL_IP && RCVD_IN_XBL >>> score SPAMHAUS_LOCAL_IP_OFFSET -1.0 >>> >>> You will need to adjust the header rule to match your Received header >>> format of your particular MTA and also match the actual Spamhaus rule that >>> is getting hit. I just guessed it was RCVD_IN_XBL. >>> >>> >> you are aware that your recommendation doesn't apply to a >> uridnssub URIBL_SBL zen.spamhaus.org. A 127.0.0.2 >> hit ? >> >> >> >> > I was in a hurry, sorry. My last paragraph had a disclaimer that 2 things > would need to be adjusted. Here is 1 of them corrected so the OP will only > have to make sure the header rule matches his MTA's format: > > header __RCVD_LOCAL_IP Received =~ /\[xx\.xx\.xx\.xx\]/ > meta URIBL_SBL_LOCAL_IP_OFFSET __RCVD_LOCAL_IP && URIBL_SBL > score URIBL_SBL_LOCAL_IP_OFFSET -1.0 > > -- > David Jones > -- - Markus
