This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sbl-xbl.spamhaus.org possible false positives

Has anyone noticed potential false positives linked to sbl-xbl.spamhaus.org today?

I noticed "Rejected: RBL (sbl-xbl.spamhaus.org)" in the SMTP log for legitimate mail originating from yahoo.com and optonline.net. I sent simple test messages from my yahoo.com mail account to the mail server behind the Astaro SMTP security wall; the first message was nailed by the spamhaus RBL flag, the second message sent 15 minutes later passed.

Legitimate mail received yesterday from optonline.net is getting nailed by the spamhaus RBL flag today.

Date: Oct 28, 2009
Firmware version: 7.500
Pattern version: 10884

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

Yes, IPS can interpret a reply as an attack. When that happens with the FQDN of an RBL, it's just like the RBL doesn't exist, so the email is flagged as spam.

Several SIDs have been reported including 254, 3249, 15935, 15450 and 15486, so you really nee dto look at your IPS log to see which one you need to disable.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 16 years ago

Yes, IPS can interpret a reply as an attack. When that happens with the FQDN of an RBL, it's just like the RBL doesn't exist, so the email is flagged as spam.

Several SIDs have been reported including 254, 3249, 15935, 15450 and 15486, so you really nee dto look at your IPS log to see which one you need to disable.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data