(OT) Mail got blocked because of SORBS/DYNABLOCK

Gerry Doris gdoris at rogers.com
Wed Mar 31 21:01:25 UTC 2004 

>
> Hi all,
> Sorry if this is a little bit OT, but I know some people is knowledgeable
> about this.
>
> I have a user who's trying to send email and found out the email got
> blocked
> by spamassasin (I think), with the following test:
> tests=RCVD_IN_DYNABLOCK,RCVD_IN_SORBS ver=2.63
>
> That user use my SMTP server, with authentication, to relay the mail.
> After
> googling a bit, I figured out that the first test is just and
> implementation
> of RBL, and the second probably check it with the SORBS database.
>
> I know my SMTP server is clean, and not listed in RBL or SORBS database (I
> checked that).
> But when I check the originating IP of this user (he uses his own ISP)
> here:
>
> http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?js&IP=
>
> I found entry in the "Dynamic IP Space " section. Looks like his ISP, or
> even
> his IP block is in the list of SORBS.
> And this
> http://mail-abuse.org/cgi-bin/lookup
>
> shows his originating IP in the DUL list (whatever that is).
>
> But the funny thing is, this user has another email account using another
> SMTP
> server, and when he send mail from that account it does not trigger the
> RCVD_IN_DYNABLOCK rule. So I don't quite understand it.
>
> So my question basically, does changing SMTP server for his account (using
> his
> ISP SMTP server for example) help fixing this problem? If yes, why? if the
> rule looks at the originating IP instead of the SMTP, any SMTP server that
> he
> uses will still trigger the rule, won't it ? And why does his other
> account
> (with different SMTP) does not trigger that some DYNABLOCK rule?
>
> Any help on this will be greatly appreciated.
>
> RDB

I believe you will find that the DYNABLOCK rule will trigger if his
originating IP is in a block assigned using dhcp by his ISP.  He can get
around this by using his ISP's mail server to relay his mail.  This rule
carries a large score.

SORBS is useless as far as I'm concerned.  They seem to have everyone
listed.  The saving grace is that it only counts for 0.10 if I remember
correctly.  I just ignore it.

DUL is Dialup User List.  They have ip blocks of ISP's that are used for
dialup users.  I can't remember the score assigned for those in DUL.

In other words, these RBL's are based on the assumption that people in
these categories can't be trusted to run their own mail servers. 
Experience has shown that they often misconfigure their servers causing
others grief.  The belief is that they should be using their ISP's server
instead.  This will avoid the spamassassin scores.

It is also likely that your friend is violating his ISP's user agreement. 
These agreements often don't allow servers.  If his ISP does allow servers
he might be able to get his ip removed from the RBL's but it will still be
difficult.


Gerry

More information about the redhat-list mailing list