False RBL Blocks
Posted: 01 Feb 2021, 19:21
Just started this morning, getting a ton of false positive RBL rejects.
For example, one entry:
2021-02-01 13:11:58 H=shvf21.jpmchase.com [159.53.49.230]:53368 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<no-reply@alertsp.chase.com> rejected RCPT <REDACTED>: "JunkMail rejected - shvf21.jpmchase.com [159.53.49.230]:53368 is in an RBL: "
In my mailscanner.conf I only have "SBL+XBL spamcop.net" as the only RBL's in the text box. But, none of these IP's are in any RBL I can see. Other big ones are gmail and outlook.com IP's coming up as RBL matches. I found some in SORBS but not in the RBL's I'm using, either way I went ahead and commented out the SORBS-SPAM from spam.lists.conf so in case that file is being pulled, it shouldn't be using that list.
We've been using this mail server for about 5 years now with no significant changes so a bit stumped on why this would start all of a sudden. Causing huge problems for our users since so many emails come from gmail, outlook, and other reputable senders who are now being blocked.
Anyone have any ideas on how to even start to troubleshoot this?
For example, one entry:
2021-02-01 13:11:58 H=shvf21.jpmchase.com [159.53.49.230]:53368 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<no-reply@alertsp.chase.com> rejected RCPT <REDACTED>: "JunkMail rejected - shvf21.jpmchase.com [159.53.49.230]:53368 is in an RBL: "
In my mailscanner.conf I only have "SBL+XBL spamcop.net" as the only RBL's in the text box. But, none of these IP's are in any RBL I can see. Other big ones are gmail and outlook.com IP's coming up as RBL matches. I found some in SORBS but not in the RBL's I'm using, either way I went ahead and commented out the SORBS-SPAM from spam.lists.conf so in case that file is being pulled, it shouldn't be using that list.
We've been using this mail server for about 5 years now with no significant changes so a bit stumped on why this would start all of a sudden. Causing huge problems for our users since so many emails come from gmail, outlook, and other reputable senders who are now being blocked.
Anyone have any ideas on how to even start to troubleshoot this?