I've got massive SPAM false-pozitives rejections on my ZCS server, saying in zimbra.log the sending server is BLOCKED using one of configured blacklists:
- psbl.surriel.com
- dbl.spamhaus.org
- bl.spameatingmonkey.net
- multi.surbl.org
...and others.
***EDIT***
Here's how it looks in zimbra.log:
Code: Select all
Nov 2 09 19 RCPT from mail-eopbgr60076.outbound.protection.outlook.com[40.107.6.76] 554 5.7.1 Service unavailable; Client host [40.107.6.76] blocked using psbl.surriel.com; from=<outside.sender@domain1.com> to=<inside.recipient@domain2.com> proto=ESMTP helo=<EUR04-DB3-obe.outbound.protection.outlook.com>
Nov 2 09 48 RCPT from mail-eopbgr20065.outbound.protection.outlook.com[40.107.2.65] 554 5.7.1 Service unavailable; Client host [mail-eopbgr20065.outbound.protection.outlook.com] blocked using dbl.spamhaus.org; from=<outside.sender@domain1.com> to=<inside.recipient@domain2.com> proto=ESMTP helo=<EUR02-VE1-obe.outbound.protection.outlook.com>
Nov 2 09 49 RCPT from mail-eopbgr20067.outbound.protection.outlook.com[40.107.2.67] 554 5.7.1 Service unavailable; Client host [40.107.2.67] blocked using bl.spameatingmonkey.net; from=<outside.sender@domain1.com> to=<inside.recipient@domain2.com> proto=ESMTP helo=<EUR02-VE1-obe.outbound.protection.outlook.com>
Nov 2 09 57 RCPT from mail-eopbgr20043.outbound.protection.outlook.com[40.107.2.43] 554 5.7.1 Service unavailable; Client host [40.107.2.43] blocked using psbl.surriel.com; from=<outside.sender@domain1.com> to=<inside.recipient@domain2.com> proto=ESMTP helo=<EUR02-VE1-obe.outbound.protection.outlook.com>
Nov 2 09 59 RCPT from mail-eopbgr20049.outbound.protection.outlook.com[40.107.2.49] 554 5.7.1 Service unavailable; Client host [40.107.2.49] blocked using bl.spameatingmonkey.net; from=<outside.sender@domain1.com> to=<inside.recipient@domain2.com> proto=ESMTP helo=<EUR02-VE1-obe.outbound.protection.outlook.com>
Nov 2 10 06 RCPT from mail-eopbgr30080.outbound.protection.outlook.com[40.107.3.80] 554 5.7.1 Service unavailable; Client host [40.107.3.80] blocked using bl.spameatingmonkey.net; from=<outside.sender@domain1.com> to=<inside.recipient@domain2.com> proto=ESMTP helo=<EUR03-AM5-obe.outbound.protection.outlook.com>
Nov 2 10 07 RCPT from mail-eopbgr40047.outbound.protection.outlook.com[40.107.4.47] 554 5.7.1 Service unavailable; Sender address [outside.sender@domain1.com] blocked using multi.surbl.org; from=<outside.sender@domain1.com> to=<inside.recipient@domain2.com> proto=ESMTP helo=<EUR03-DB5-obe.outbound.protection.outlook.com>
Where is the fail?
Obviously something wrong on my ZCS server or DNS or...
***EDIT***
I also tested ZCS's local nad firewall's DNS resolver to query some of listed blacklists, but they all resolve THE SAME either locally or using Google or CloudFlare DNS.
But MAYBE, just maybe there is a problem (long lasting?!) in ZCS's list of blocklists?
Just MAYBE I've had them all wrong for long time?
Here's what I had now:
List of client RBLs:
- psbl.surriel.com
- bl.spameatingmonkey.net
- b.barracudacentral.org
- dbl.spamhaus.org --> THIS ONE might be wrong, as this is DOMAIN lookup, not IP lookup! Today I've changed it to ZEN
List of Client RHSBLs:
- sbl.spamhaus.org
- multi.surbl.org
- rhsbl.sorbs.net
List of Reverse Client RHSBLs:
- dbl.spamhaus.org --> Is this one OK? Does ZCS query for DOMAIN or IP against this bl? It should query DOMAIN, not IP.
List of Sender RHSBLs: --> Which SENDER is checked? My ZCS users or outside users or both?
- multi.surbl.org
- rhsbl.sorbs.net
- zen.spamhaus.org
- multi.uribl.com
ideas?