How to override IP Reputation blocked IP
Posted: 20 Jan 2021, 18:05
I have a client that suddenly could no longer send mail via SMTP through our server. I traced this to their IP being in the LF_SMTPAUTH.txt blocklist (in the CXS IP Reputation feature), which we have enabled.
I confirmed that the user had never had an SMTP failure with our server (further confirmed by trying to remove the IP via the cxs --Rremove command, which failed because our server was not the server that added the IP to the list).
So, the user must be failing authentication via SMTP via some other server that participates in the CXS IP Reputation system. Since there is no way to find out any further information on that, the client will need to check every machine to look for login failures.
Meanwhile, I need to allow the client to start sending mail via SMTP through our server. The client has a static IP address from their ISP, so I added their IP to the CSF Ignore list, then restarted CSF + LFD, but this did not work. Out of desperation, I had to disable our use of the LF_SMTPAUTH blocklist.
So, the question is: How can we allow a customer to override the IP Reputation system, and continue to access our server, despite being on one of the IP Reputation System lists? (other than not using the blocklist, which seems like a bad solution)
- Scott
I confirmed that the user had never had an SMTP failure with our server (further confirmed by trying to remove the IP via the cxs --Rremove command, which failed because our server was not the server that added the IP to the list).
So, the user must be failing authentication via SMTP via some other server that participates in the CXS IP Reputation system. Since there is no way to find out any further information on that, the client will need to check every machine to look for login failures.
Meanwhile, I need to allow the client to start sending mail via SMTP through our server. The client has a static IP address from their ISP, so I added their IP to the CSF Ignore list, then restarted CSF + LFD, but this did not work. Out of desperation, I had to disable our use of the LF_SMTPAUTH blocklist.
So, the question is: How can we allow a customer to override the IP Reputation system, and continue to access our server, despite being on one of the IP Reputation System lists? (other than not using the blocklist, which seems like a bad solution)
- Scott