RCVD_IN_XBL_SPAMHAUS_ORG

Posted at 11:51:41 PM in Recovery (46) | Read count: 2813

Spamhaus black lists have gone bonkers. I'm seeing tons of false positives coming across with grades in RCVD_IN_XBL_SPAMHAUS_ORG at 3.0 and 3.3 in RCVD_IN_PBL,

These false positives appear to be coming form one chain in the mail relay servers. Or so I thought. When gmail and yahoo IP addresses are listed in the black lists above, then that creates a real problem. Both providers have extensive rules that prevent outbound mail abuse. So when gmail and yahoo show up in these blacklists, I think that should flag that there is a problem with the blacklist.

I prefer not to use black listed relays when they are in a chain. I also don't care if the sender's IP address is in a blacklist. I do care if the first server in the relay is blacklisted.

I am only a student of the internet and email and spam lists. It appears the first "Received: from" line identifies the originating device and the relay server it connected too. 

Therefore when the line continues: [192.168.101.1] ([172.16.30.212]), the first address is the local device,  in my case a laptop. And the second would be the relaying server. I noted when the device has a reverse lookup pointer it will show the name and the IP address in the square brackets.

I made up the IP addresses. i was researching where these block was coming from and found it difficult when there is no reverse lookup on the IP address. After some search, I used itools.com/tool/arin-whois-domain-search to find who the block belonged to. In this case, it was a mobile phone company. I have noticed that most mobile phones will provide automatic setup for big name providers like gmail. If this was used, the relaying server should have been google.com which isn't listed on the blacklist at the moment, but the mobile IP is.

I took out the relay checking when this first occurred and after a week I was able to put it back on. However, on this investigation (6/7/2014), I left the relay checking in place. There is not much I can do when devices are not setup properly.

Written by Leonard Rogers on Thursday, March 27, 2014 | Comments (0)


    Name
    URL
    Email
    Email address is not published
    Remember Me
    Comments

    CAPTCHA Reload
    Write the characters in the image above