Topic: Overcoming URIBL_BLOCKED

[Michail Pappas]

I've been using the URIBL for some time now, this thing rocks.

Recently however, I've noticed that the anti-spam efficiency degraded significantly. Examining things more closely, it looks as though my SME box has been blocked from making URIBL queries, since the mail headers of incoming messages include this in the spamassassin scoring:

Code: [Select]

URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
*       See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
*      for more information.

My box hosts mail for around 120 users. It's not a small box per se, but I didn't think it would generate that much traffic.

In any case, I'm wondering whether:
(a) I can unblock it to be able to do URIBL queries again and
(b) which techniques I could use to avoid this from happening again in the future.

Any information will be appreciated, thanks in advance.

EDIT: Forgot to include my config:

Code: [Select]

qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DKIMSigning=enabled
    DMARCContactInfo=http://xxxxx/
    DMARCReject=enabled
    DMARCReportEmail=admin@xxxxxx
    DNSBL=enabled
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=bl.spamcop.net,dnsbl-1.uceprotect.net,psbl.surriel.com,zen.spamhaus.org
    RHSBL=disabled
    RelayRequiresAuth=enabled
    SBLList=multi.surbl.org,black.uribl.com,rhsbl.sorbs.net
    TlsBeforeAuth=0
    UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
    URIBL=disabled
    access=public
    qplogsumm=enabled
    status=enabled


[ReetP]

Think this may refer

https://forums.contribs.org/index.php?topic=52002.msg265758#msg265758

https://wiki.contribs.org/Email#Possible_issues_with_RBL

[Michail Pappas]

I was aware of the fair use policies but was under the impression that my 140 mailboxes did not receive that much mail...

In the wiki it is stated that you can let "...the SME Server being the only dns resolver by removing the dns provider/forwarder in the console menu."

I'm a bit confused here, I thought that SME did the resolution by default. OTOH, it's been quite long since I configured this thing. It seems that I do have my provider set as forwarder.

Code: [Select]

dnscache=service
    Forwarder=dns1.ip
    Forwarder2=dns2.ip
    TCPPort=53
    UDPPort=53
    access=private
    status=enabled
dnscache.forwarder=service
    status=enabled

So perhaps the issue here is that DNS servers of my ISP are blacklisted and not my box. If so, can I change the DNS settings to avoid this kind of situation? What will I be losing in doing so? And where do I go to console to set DNS up (I just want to avoid messing the other IP/DNS settings of the system)?




PS: Doing the following:

Code: [Select]

# host -tA 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com has address 127.0.0.14

...shows that I should not be blocked at all, according to the simple test presented in http://uribl.com/about.shtml#abuse

It's a bit confusing for me sorry...

[Michail Pappas]

I figured this out. Problem is that my server is in a non-routable IP block alongside other systems that have both a local as well as a public ip. If I remove the forwarders, then connections to the other systems are made using the public ip addresses; this should be avoided here.

So it seems that I'll just have to remove the URIBL references (Unless I'm able to somehow send these requests without using the SME forwarders...)

[ReetP]

Sorry I'm not smart enough to offer any further advice !

At the limit of my knowledge

[Michail Pappas]

No worries mate, you've helped me a lot here

[ReetP]

I try !