|
|
|
date: Tue, 18 Sep 2007 17:02:23 -0400,
group: microsoft.public.exchange2000.admin
back
Re: Connection Filtering rejecting all emails
Peter Jones <p.jones+usenet@mindspring.com> wrote:
<snip>
>>>>> saying that the originator is on the Blacklist.
>>>>> Both machine are SBS servers and I have gone over them to make
>>>>> sure they are not set up differently than the ones I have setup
>>>>> and are working.
>>>>>
>>>>> Here is what I have set up:
>>>>>
>>>>> Display name: Spamhaus
>>>>> DNS Suffix of Provider: zen.spamhaus.org
>>>>
>>>> I like them....
>>>>
>>>>> Customer Error Message to Return: The IP address %0 was rejected
>>>>> by the Realtime Block List provider %2.
>>>>
>>>> I also like to set up a custom message to return ...saying what
>>>> yours does, but appending "....if you believe this is in error,
>>>> please call our office at (main phone number)."
>>>>>
>>>>> I have rules aslso set up for list.dsbl.org, bl.spamcop.net, and
>>>>> dnsbl.njabl.org.
>>>>
>>>> I wouldn't use those, myself. I use zen.spamhaus.org alone.
>>>>
>>>>>
<snip>
>>>>> I also made sure that the IP
>>>>> addresses of both my and the problem machines are not on the any
>>>>> of the blacklists (tested via dnsgoodies.com.)
>>>>
>>>> Maybe that's not the best place to look? Always check on the
>>>> blocklist provider's website.
>>>
>>> It yields the same results.
>>>
>>>>>
>>>>> Here is the message I get back in the bouce (with some some small
>>>>> edits):
>>>>>
>>>>> Your message did not reach some or all of the intended recipients.
>>>>>
>>>>> Subject: Test for Bounces
>>>>> Sent: 9/15/2007 11:34 AM
>>>>>
>>>>> The following recipient(s) could not be reached:
>>>>>
>>>>> administrator@nopenadanoway on 9/15/2007 11:34 AM
>>>>> You do not have permission to send to this recipient.
>>>>> For assistance, contact your system administrator.
>>>>> <mail.nopenada.com #5.7.1 smtp;550 5.7.1 $$.$$.85.2 has
>>>>> been blocked by list.dsbl.org>
>>>>
>>>> The message seems pretty clear to me - did you check dsbl.org ?
>>>> http://dsbl.org/main
>>>> http://dsbl.org/listing
>>>
>>> It shows no listing for the IP reported in the email.
>>
>> Hmmm. Well, I still can't see how this would be a problem with your
>> Exchange server. I would stop using these RBLs, and just stick with
>> spamhaus,myself. There's not going to be any useful logging in here,
>> as far as I know (one of the main reasons I much prefer Vamsoft/ORF)
>
> It doesn't matter which one I have active. They all reject (including
> Spamhaus.)
So if you remove *all* except the connection filter for zen.spamhaus.org you
have the same results?
>
<snip>
Also, what's your domain name?
date: Tue, 18 Sep 2007 17:02:23 -0400
author: Lanwench [MVP - Exchange]
Re: Connection Filtering rejecting all emails
On Tue, 18 Sep 2007 17:02:23 -0400, "Lanwench [MVP - Exchange]"
wrote:
>Peter Jones <p.jones+usenet@mindspring.com> wrote:
>
><snip>
>
>>>>>> saying that the originator is on the Blacklist.
>>>>>> Both machine are SBS servers and I have gone over them to make
>>>>>> sure they are not set up differently than the ones I have setup
>>>>>> and are working.
>>>>>>
>>>>>> Here is what I have set up:
>>>>>>
>>>>>> Display name: Spamhaus
>>>>>> DNS Suffix of Provider: zen.spamhaus.org
>>>>>
>>>>> I like them....
>>>>>
>>>>>> Customer Error Message to Return: The IP address %0 was rejected
>>>>>> by the Realtime Block List provider %2.
>>>>>
>>>>> I also like to set up a custom message to return ...saying what
>>>>> yours does, but appending "....if you believe this is in error,
>>>>> please call our office at (main phone number)."
>>>>>>
>>>>>> I have rules aslso set up for list.dsbl.org, bl.spamcop.net, and
>>>>>> dnsbl.njabl.org.
>>>>>
>>>>> I wouldn't use those, myself. I use zen.spamhaus.org alone.
>>>>>
>>>>>>
><snip>
>
>>>>>> I also made sure that the IP
>>>>>> addresses of both my and the problem machines are not on the any
>>>>>> of the blacklists (tested via dnsgoodies.com.)
>>>>>
>>>>> Maybe that's not the best place to look? Always check on the
>>>>> blocklist provider's website.
>>>>
>>>> It yields the same results.
>>>>
>>>>>>
>>>>>> Here is the message I get back in the bouce (with some some small
>>>>>> edits):
>>>>>>
>>>>>> Your message did not reach some or all of the intended recipients.
>>>>>>
>>>>>> Subject: Test for Bounces
>>>>>> Sent: 9/15/2007 11:34 AM
>>>>>>
>>>>>> The following recipient(s) could not be reached:
>>>>>>
>>>>>> administrator@nopenadanoway on 9/15/2007 11:34 AM
>>>>>> You do not have permission to send to this recipient.
>>>>>> For assistance, contact your system administrator.
>>>>>> <mail.nopenada.com #5.7.1 smtp;550 5.7.1 $$.$$.85.2 has
>>>>>> been blocked by list.dsbl.org>
>>>>>
>>>>> The message seems pretty clear to me - did you check dsbl.org ?
>>>>> http://dsbl.org/main
>>>>> http://dsbl.org/listing
>>>>
>>>> It shows no listing for the IP reported in the email.
>>>
>>> Hmmm. Well, I still can't see how this would be a problem with your
>>> Exchange server. I would stop using these RBLs, and just stick with
>>> spamhaus,myself. There's not going to be any useful logging in here,
>>> as far as I know (one of the main reasons I much prefer Vamsoft/ORF)
>>
>> It doesn't matter which one I have active. They all reject (including
>> Spamhaus.)
>
>So if you remove *all* except the connection filter for zen.spamhaus.org you
>have the same results?
>>
><snip>
>
>Also, what's your domain name?
I know you monitor microsoft.public.exchange2000.admin but for those
who dont...... it comes down to the way DNS resolves the rquests of
the lists.
Posted to microsoft.public.exchange2000.admin
Alright, I got it fixed.
On Thu, 20 Sep 2007 20:53:38 -0400, "Rich Matheisen [MVP]"
wrote:
>p.jones+usenet@mindspring.com (Peter Jones) wrote:
>
> [ snip ]
>
>>It would return a 127.0.0.x if it were on the list. Neither of the IP
>>addresses tested are. Here is one that isn't on the list either. It
>>looks just like the two I tested.
>>
>>> 72.23.95.12.list.dsbl.org
>>Server: ns3.mindspring.com
>>Address: 207.69.188.187
>>
>>Non-authoritative answer:
>>Name: 72.23.95.12.list.dsbl.org
>>Addresses: 209.86.66.92, 209.86.66.93, 209.86.66.94, 209.86.66.95
>> 209.86.66.90, 209.86.66.91
>
>
>That DNS is broken. Try using another.
Not necessarily broken, just not returning the expected answer.
>
> [ snip ]
>
>>I'll keep the IP's to myself.
>
>Suit yourself.
>
>>I have other machines configured the
>>same way that don't reject the mail when Connection Filtering is
>>configured and turned on. I'd like to know what would cause this
>>server to be different.
>
>Nothing. It's the DNS you're using that's different.
Earthlink has their DNS set up to resolve unknown requests to a
Earthlink (unknown requst)/search page. What the problem is, IP's that
resolve get filtered and ones that don't resolve go through. Since the
requests all returned requests, all of the mail was rejected.
For example:
A known IP on the block list:
> 10.221.212.88.zen.spamhaus.org
Server: ns3.mindspring.com
Address: 207.69.188.187
Non-authoritative answer:
Name: 10.221.212.88.zen.spamhaus.org
Address: 127.0.0.2
An IP that isn't on the list should come up like the following:
> 2.85.xxx.xx.sbl.spamhaus.org
Server: vnsc-bak.sys.gtei.net
Address: 4.2.2.2
*** vnsc-bak.sys.gtei.net can't find 2.85.xxx.xx.sbl.spamhaus.org:
Non-existent
domain
With the Earthlink servers, they resolve to their requests of unknown
names to their own info/search page:
> 2.85.xxx.xx.zen.spamhaus.org
Server: ns3.mindspring.com
Address: 207.69.188.187
Non-authoritative answer:
Name: 2.85.xxx.xx.zen.spamhaus.org
Addresses: 209.86.66.92, 209.86.66.93, 209.86.66.94, 209.86.66.95
209.86.66.90, 209.86.66.91
The DNS servers I had specified on the server having the issue
followed a similar pattern. Once I changed them to ones that resolved
requests as expected, email flowed and was blocked appropiately.
>
date: Fri, 21 Sep 2007 23:03:34 GMT
author: p.jones+ (Peter Jones)
|
|
