dnsbl in custom.cf for out mail

[leksand]

Configured in custom.cf increase the spam rating of pir emails while in dnsbl and observe the following problem:
There is a rule for blocking outgoing spam - emails get spam because of a high rating, including due to getting into dnsbl lists. At the same time, the ip of both my and the remote mail server is not in dnsbl - I checked both on the services and on the websites of each dnsbl.

I would also like to be able to configure the quarantine of such emails (originating from my mail server) (I tried to turn it on - it does not work).

The log is below, the message was not quarantined.

Jun 22 18:49:22 mail postfix/smtpd[16581]: warning: hostname namemailserver.domain does not resolve to address mymailsrvip
Jun 22 18:49:22 mail postfix/smtpd[16581]: connect from unknown[mymailsrvip]
Jun 22 18:49:22 mail postfix/smtpd[16581]: 6E3E8C2340: client=unknown[mymailsrvip]
Jun 22 18:49:22 mail postfix/cleanup[16330]: 6E3E8C2340: message-id=<redirect-44226450@mydomain>
Jun 22 18:49:22 mail postfix/qmgr[806]: 6E3E8C2340: from=<name@mydomain>, size=14215, nrcpt=1 (queue active)
Jun 22 18:49:22 mail postfix/smtpd[16581]: disconnect from unknown[mymailsrvip] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 22 18:49:22 mail pmg-smtp-filter[16512]: C24B062B33A02790E1: new mail message-id=<redirect-44226450@mydomain>#012
Jun 22 18:49:26 mail pmg-smtp-filter[16512]: C24B062B33A02790E1: SA score=7/5 time=4.138 bayes=undefined autolearn=disabled hits=AWL(-1.801),DKIM_ADSP_CUSTOM_MED(0.001),DNSBL_BACKSCATTERER(2),DNSBL_SORBS(3),DNSBL_SPAMHAUS(3),FREEMAIL_FORGED_FROMDOMAIN(0.249),FREEMAIL_FROM(0.001),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),MSGID_FROM_MTA_HEADER(0.001),NML_ADSP_CUSTOM_MED(1.2),RCVD_IN_ZEN_BLOCKED_OPENDNS(0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_BLOCKED(0.001),URIBL_DBL_BLOCKED_OPENDNS(0.001),URIBL_ZEN_BLOCKED_OPENDNS(0.001)
Jun 22 18:49:26 mail pmg-smtp-filter[16512]: C24B062B33A02790E1: notify <admin@mydomain> (rule: Block outgoing Spam (Level 6), BEEBAC24D1)
Jun 22 18:49:26 mail pmg-smtp-filter[16512]: C24B062B33A02790E1: notify <name@mydomain> (rule: Block outgoing Spam (Level 6), CE14BC24D2)
Jun 22 18:49:26 mail pmg-smtp-filter[16512]: C24B062B33A02790E1: moved mail for <name@domain> to spam quarantine - C24D462B33A06D65E3 (rule: Block outgoing Spam (Level 6))
Jun 22 18:49:26 mail pmg-smtp-filter[16512]: C24B062B33A02790E1: processing time: 4.414 seconds (4.138, 0.07, 0)
Jun 22 18:49:26 mail postfix/lmtp[16362]: 6E3E8C2340: to=<name@outdomain>, relay=127.0.0.1[127.0.0.1]:10023, delay=4.5, delays=0.03/0/0.01/4.4, dsn=2.5.0, status=sent (250 2.5.0 OK (C24B062B33A02790E1))
Jun 22 18:49:26 mail postfix/qmgr[806]: 6E3E8C2340: removed

 

[leksand]

the problem is still relevant - some useful emails are not sent, and I don't want to turn off checking outgoing emails for spam

 

[Stoiko Ivanov]

emails get spam because of a high rating, including due to getting into dnsbl lists. At the same time, the ip of both my and the remote mail server is not in dnsbl

SpamAssassin also checks the ips/hostname in received headers for listings

URIBL_BLOCKED(0.001),

it seems you're over quota at uribl - consider setting up a dedicated DNS server as linked in the getting started page:
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway

 

[leksand]

SpamAssassin also checks the ips/hostname in received headers for listings

it seems you're over quota at uribl - consider setting up a dedicated DNS server as linked in the getting started page:
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway

we have our own dns servers (the load is minimal).

it is written in the logs that it looks like the ip of our server is in dnsbl, but it is not in dnsbl - I checked on every service that gave an assessment in the logs

 

[Stoiko Ivanov]

it is written in the logs that it looks like the ip of our server is in dnsbl, but it is not in dnsbl

Where is this written?
as said before - spamassassin also checks the Received headers of the mail for IPs/hostnames and sees if they are listed

we have our own dns servers (the load is minimal).

still it seems you have reached the limit of the free tier at URIBL - as this is what:

URIBL_BLOCKED

says

 

[leksand]

Checked ip of my mail server on:
https://www.backscatterer.org/?target=test
http://www.sorbs.net/cgi-bin/db
https://www.spamhaus.org/sbl/

If the quota is exceeded = the dns server response is not received? Then why is there a response as if the ip of my mail server is in dnsbl?

And this is only for outgoing emails!

Studied the topic https://forum.proxmox.com/threads/n...nd-for-local-dns-resolver.111082/#post-479515 .
My requests from PMG go through and receive responses from my dns servers

Example of spam level assessment (incoming email; but the problem with outgoing):
SA score=31/5 time=3.772 bayes=undefined autolearn=disabled hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),DNSBL_SORBS(2),DNSBL_SPAMHAUS(2),DNSBL_SPAMRATS(2),DNSBL_SURRIEL(2),DNSBL_UCEPROTECT1(2),DNSBL_UCEPROTECT2(2),DNSBL_UCEPROTECT3(3),FREEMAIL_FORGED_REPLYTO(2.503),FSL_BULK_SIG(0.001),HTML_IMAGE_RATIO_08(0.001),HTML_MESSAGE(0.001),RAZOR2_CF_RANGE_51_100(2.43),RAZOR2_CHECK(1.729),RCVD_IN_MSPIKE_H2(-0.001),RCVD_IN_PSBL(2.7),RCVD_IN_VALIDITY_RPBL(1.284),RCVD_IN_ZEN_BLOCKED_OPENDNS(0.001),RDNS_NONE(1.274),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_KAM_HTML_FONT_INVALID(0.01),T_SCC_BODY_TEXT_LINE(-0.01),URIBL_ABUSE_SURBL(1.948),URIBL_BLOCKED(0.001),URIBL_DBL_BLOCKED_OPENDNS(0.001),URIBL_DBL_SPAM(2.5),URIBL_ZEN_BLOCKED_OPENDNS(0.001)

 

[Stoiko Ivanov]

Checked on project sites

did you check all ips in the header of the mail?!
if yes then I guess the IP has been delisted after having been listed initially

If the quota is exceeded = the dns server response is not received?

no - check: https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklists
The Questions and Answers section - the part about what URIBL_BLOCKED means....

 

[leksand]

did you check all ips in the header of the mail?!

The tracking center logs only mention my server's ip

if yes then I guess the IP has been delisted after having been listed initially

I checked only the ip of my mail server - emails coming from my domain (mail server) got into the evaluation

Example of spam level assessment outgoing email:
SA score=3/5 time=4.568 bayes=undefined autolearn=disabled hits=AWL(-0.052),DNSBL_SPAMHAUS(2),DNSBL_SPAMRATS(2),KAM_DMARC_STATUS(0.01),RCVD_IN_ZEN_BLOCKED_OPENDNS(0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01)

 

[Stoiko Ivanov]

The tracking center logs only mention my server's ip

yes - but the tracking center is parsing the syslog and has nothing to do with spamassassins internal workings?