http://www.spamhaus.org/zen/ Sais! Due to this I have LOST millions of mail incomming to "Legal" mail accounts and also lost many customers due to mail never reaching the destination, In My country We do not have any fixed IP numbers 90% is Dynamic and therefore all my valid mail end up in /dev/null I am SCREEMING mad about this as I did not chose to have this included as it only started to become a problem during the last 2 updates of ISPC2. I guess I have to make some amends to my ISPC3 server also! Please alow Us to chose the RBL defaults!
Sorry for this Posting Above, Frustration and anger boiled up to high. I realise ISPC is not at fault, but rather spammers, and my own knowledge of how it works and how the spamassassin changed over time This is the correct version of the issue Some countries have 90% dynamic IP's and only a handful fixed IP's that is used for DNS servers and large Corporate! Smaller organisations have to use dynamic IP's and DDNS technology to get the work done. Spamhaus and other list all dynamic MX servers as unwanted by default and does not include specific IP 's in the databases, If I then accept legal Mail to such an MX then my own server dump the incomming legal non-spam mail into /dev/null and is lost Outgoing mail is always as in the past forwarded to relayhost on an fixed IP and therefore it is ok. I will have to include into my /etc/postfix/main.cf some URBI/RBL's etc but I need a good list that exclude those blocking Dynamic IP's So again Accept my appologies for the rude post - Thanx you
You might want to take a look at the nixspam URIBL: http://www.heise.de/ix/NiX-Spam-DNSBL-and-blacklist-for-download-499637.html Just a general note: In germany, almost all end user internet access accounts have dynamic IP addresses but this does not matter for blacklists on mailservers, as every end user and company with own local mailserver normally relays trough the mail server of its ISP which has a fixed IP address. Emails sent trough a dynamic IP address are about 99.x% spam and you will not be able to send to a hotmail, gmail, yahoo, ... account from a dynamic IP anyway. So are you really sure that the dynamic IP URIBL is the source of your problem? Almost all mail servers worldwide have a dynamic IP address filter enabled and thats why it is the default of spamassassin too. If your server has delted some non spam mails, you should check if the spam score is not set too low for these accounts. It might be that the spamassassin scores are more accurate, means higher, in latest spamassassin versions. A safe score should be about 4 - 5.
Millions of mails, from dynamic ip's? I'd rather not have those .. only a few might have been valid, but the other 999.990 probably are all spam .. And i don't think it's your problem, but more or less the problem of the system admin that runs the small companies network. He should be aware of the drawbacks of running mailservers on a dynamic ip, and rather should've used google's MX servers (to just name an example) to send out mail .. Only one to blame here is the small companies that don't spend enough time in the technology they're using. And ehm, sorry to say sir, but that would be you .. It sucks i know soooo .. i'd suggest you start using google's MX servers, or your ISP's mx servers for your mail.
I think !!! I will explain by means of the Spamassasin report The RCVD_IN_PBL is the problem because my customers come in via routers with port forward and the outside address is dynamic. This cause the mail from those addresses - even from people authenticating to send from server 1 to another server 2 inside the same network. The routers differ in that some routers do not route internal addresses properly and those that does cause the issue. How it is is that some routers dont route your outside ip through the nat proper for example. If you have ip block 192.168.10.0/24 inside and dynamic outside and from the inside do an dns lookup and you get the outside IP, the router will not NAT you proper from the routers LAN ports through the natted inside, however some routers does that properly. If its done correct all internal mail will be stamped with the outside dynamic IP and therefore be seen as SPAM as per spamhaus.org/PBL. Code: Spam detection software, running on the system "hera.domain.tld", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see [email protected] for details. Content preview: From: Person 1 [mailto:[email protected]] Sent: 23 August 2010 12:25 To: 'Person 2' Subject: FW: Urgent - Email Addresses Importance: High From: Original Person [mailto:[email protected]] Sent: 23 August 2010 12:24 To: 'Person 2' Cc: [email protected] Subject: FW: Urgent - Email Addresses Importance: High [...] Content analysis details: (7.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [DynamicIP Numerals here listed in dnsbl.sorbs.net] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [DynamicIP Numerals here listed in bl.score.senderscore.com] [B][COLOR="Red"]3.6 RCVD_IN_PBL[/COLOR][/B] RBL: Received via a relay in Spamhaus PBL [DynamicIP Numerals here listed in zen.spamhaus.org] 0.4 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 1.8 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. Maybe i'm wrong - I happen to change my routers from d-link that DONT route proper to edimax that does!
The problem is not sending, that is why it took me so long to debug this, I do use upstream smtp it is the mail incomming from my own internal servers which have dynamic IP's and spamassasin does an lookup - ask spamhouse then fail it. What I have done is changed spamassasin in /home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin/local.cf and added Code: skip_rbl_checks 1 I will dig deeper and maybe have to modify the spamassasin lookup - Just a lot of modifications each time I upgrade ISPC! My modifications done to ISPC includes already clamdscan vs clamscan. If Till can make clamdscan an option along with allow changes to the URIBL such as include and exclude providers it will be awesome.
just create a diff patch as soon as you're done with one server, so you can easily replicate your modifications on a future one.
