Client host blocked using reject_rhsbl_sender

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
jerryboi
Advanced member
Advanced member
Posts: 122
Joined: Fri Sep 12, 2014 10:09 pm

Client host blocked using reject_rhsbl_sender

Postby jerryboi » Tue Oct 11, 2016 11:07 am

I have a number of blacklists defined and I often see "NOQUE: reject:" messages in maillog.

Code: Select all

$ grep '554.5' /var/log/maillog
Oct 11 09:32:20 mx postfix/smtpd[12419]: NOQUEUE: reject: RCPT from unknown[139.198.1.197]: 554 5.7.1 Service unavailable; Client host [139.198.1.197] blocked using psbl.surriel.com; Listed in PSBL, see http://psbl.org/listing?ip=139.198.1.197; from=<htlywkemvmx@mail2emergency.com> to=<a.user@domain.com> proto=SMTP helo=<78.46.112.235>
Oct 11 10:49:55 mx postfix/smtpd[6257]: NOQUEUE: reject: RCPT from ww1.sndr.com[88.99.238.130]: 554 5.7.1 Service unavailable; Unverified Client host [ww1.sndr.com] blocked using reject_rhsbl_sender; from=<anjuh@sndr.com> to=<user@domain.com> proto=ESMTP helo=<mail.sndr.com.>
$
$ zmprov gacf | grep zimbraMtaRestriction
zimbraMtaRestriction: reject_non_fqdn_sender
zimbraMtaRestriction: reject_unknown_sender_domain
zimbraMtaRestriction: reject_rbl_client zen.spamhaus.org
zimbraMtaRestriction: reject_rbl_client psbl.surriel.com
zimbraMtaRestriction: reject_rbl_client bl.spamcop.net
zimbraMtaRestriction: reject_rbl_client
zimbraMtaRestriction: reject_rhsbl_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_client multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_reverse_client dbl.spamhaus.org
zimbraMtaRestriction: reject_rhsbl_reverse_client
zimbraMtaRestriction: reject_rhsbl_sender multi.surbl.org
zimbraMtaRestriction: reject_rhsbl_sender rhsbl.sorbs.net
zimbraMtaRestriction: reject_rhsbl_sender dbl.spamhaus.org
zimbraMtaRestriction: rbl_override lmdb:/opt/zimbra/conf/rbl_override


As you can see, sometimes the blacklist (surriel) is referenced in the message and sometimes it is just a generic Unverified Client host [ww1.sndr.com] blocked using reject_rhsbl_sender. In the second case how do I investigate the actual reason of the rejection?


phoenix
Ambassador
Ambassador
Posts: 26330
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Client host blocked using reject_rhsbl_sender

Postby phoenix » Tue Oct 11, 2016 11:23 am

It tells you why it was rejected in the output you've posted: "Listed in PSBL". You can check on their website if it's a valid rejection or try one of the many multi-rbl checkers on the internet. If it's a false positive (that's a problem with a lot of this type of RBLs) then don't use it, it's up to you to keep an eye on what your RBLs are doing and this isn't a Zimbra question or problem.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
jerryboi
Advanced member
Advanced member
Posts: 122
Joined: Fri Sep 12, 2014 10:09 pm

Re: Client host blocked using reject_rhsbl_sender

Postby jerryboi » Tue Oct 11, 2016 11:51 am

Hi Phoenix,

thanks for looking at this so promptly. You are right it say Listed in PSBL in the first log entry. My question concerns the second log entry where it only says "blocked using reject_rhsbl_sender". Any idea how to investigate that one? I checked the domain (the actual one, not the sanitized 'sndr.com') against all 4 blacklists and it wasn't on them.
phoenix
Ambassador
Ambassador
Posts: 26330
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Client host blocked using reject_rhsbl_sender

Postby phoenix » Tue Oct 11, 2016 12:21 pm

For the second entry the reason would be exactly what it says in the log "Unverified Client host", the 'sender' www1.sndr.com' actually has no IP address associated with it and the IP address that's shown as the sender does not resolve to that name address, hence it's rejected because they can't verify that either one of those items belongs to the other. As I mentioned earlier, if you think the RBL is too aggressive then don't use it as they can be more trouble than they're worth. It's only worth using the minimum number of restrictions and RBLs that satisfy your requirements and no more.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168

Return to “Administrators”

Who is online

Users browsing this forum: MSN [Bot] and 4 guests