Page 1 of 1

csf seems to be getting false positives for IP checks in RBLs

Posted: 14 Nov 2022, 06:25
by dywilson
Just in the last 5 days or so i started to see our server IP addresses showing as listed in RBLs (Notably spamhaus.org lists)
This was weird because it was showing IPs that we are not actually using (sitting idle) as listed also
So i manually tested all the IPs at spamhaus.org and they are all clean.

I also started to get customers telling me that email to them has been rejected and returned with an error sayin that the sender was on an RBL.
I tested the senders IP and domain also and they were clean also.

Im not really sure how to look into this
The config seens to not list the RBLs actually being used although offers the option to exclude an RBL.

I dont know if this is my server query being rejected due to excessive use? not sure how to tell if this is the case.
Are there logs that relate to this part of the functionality?

Any advice? Please

Re: csf seems to be getting false positives for IP checks in RBLs

Posted: 15 Nov 2022, 18:11
by overscore
Are you using AWS?
The issue is related to you using an open resolver ( https://www.spamresource.com/2022/10/sp ... m-aws.html )
This is recent and I'm experiencing the same issue

You need to sign up for Spamhaus DQL ( https://www.spamhaus.com/resource-cente ... y-service/) and then you'll get a HOSTNAME.spamhaus.net for the lookup.

I'm struggling to get this to work as I've updated the rbl list in Mailscanner but it doesn't seem to be working