Kenneth Porter wrote:
(Nothing wrong with SA. Just an FYI about a popular service that abuses
the Internet and SA catches it.)
I noticed one of my notifications from Facebook today got tagged by SA.
Here's the two that put it over:
3.9 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2)
1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[66.220.155.138 listed in dnsbl.sorbs.net]
Here's the offending header:
Received: from 66-220-155-138.mail-mail.facebook.com
(66-220-155-138.mail-mail.facebook.com [66.220.155.138])
So who do I bitch at? I've never found any good way to complain to
Facebook.
I long ago sighed and globally whitelisted as many generic Facebook
sending channels as I could find because of lunacy like this.
whitelist_from_rcvd *@facebookmail.com .tfbnw.com
whitelist_from_rcvd *@facebookmail.com .facebook.com
whitelist_from_rcvd *@facebookappmail.com .tfbnw.com
whitelist_from_rcvd *@facebookappmail.com .facebook.com
whitelist_from_dkim *@facebookmail.com
whitelist_from_dkim *@mail.instagram.com
So tempting to let my inner BOFH out and just convert those to
blacklist_from entries instead though...
Of course, having whitelisted them we now have a couple of customers who
routinely report various Facebook email notices as spam.
-kgd
