Blacklist

HCL Domino Domino Forum
1

I use blacklisting originally. My Domino 8 config is

DNS blacklist filters: Enabled

DNS blacklist sites: safe.dnsbl.sorbs.net zen.spamhaus.org

Desired action: ‘Log and reject’

from 1st august i have disable dns blacklist filters because all incoming email are rejected

Example

SMTP protocol diagnostic: 554 Connection from 212.52.84.103 rejected for policy reasons. Host found in DNS blacklist at safe.dnsbl.sorbs.net.

I try insert in notes.ini

DNSServer=ext ip,int ip but the prloblem is the same.

2

Subject: blacklisted

Its not a configuration problem, your IP ist blacklisted:http://www.de.sorbs.net/cgi-bin/db

3

Subject: my ip is

212.97.32.66 i’m not in a blacklist, but all message are rejected for policy reasons15/08/2008 02.23.47 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) connected

15/08/2008 02.23.49 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) disconnected. 0 message[s] received

15/08/2008 02.24.22 SMTP Server: Remote host 190.172.221.53 (190-172-221-53.speedy.com.ar) found in blacklist at cbl.abuseat.org

15/08/2008 02.24.22 SMTP Server: Message from 190.172.221.53 (190-172-221-53.speedy.com.ar) rejected by DNS blacklist filter

15/08/2008 02.24.22 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) connected

15/08/2008 02.24.25 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) disconnected. 0 message[s] received

15/08/2008 02.26.40 SMTP Server: Remote host 200.181.83.24 (200-181-83-24.bsace705.dsl.brasiltelecom.net.br) found in blacklist at cbl.abuseat.org

15/08/2008 02.26.40 SMTP Server: Message from 200.181.83.24 (200-181-83-24.bsace705.dsl.brasiltelecom.net.br) rejected by DNS blacklist filter

15/08/2008 02.26.40 SMTP Server: 200-181-83-24.bsace705.dsl.brasiltelecom.net.br (200.181.83.24) connected

15/08/2008 02.26.42 SMTP Server: 200-181-83-24.bsace705.dsl.brasiltelecom.net.br (200.181.83.24) disconnected. 0 message[s] received

15/08/2008 02.27.12 SMTP Server: Remote host 190.172.221.53 (190-172-221-53.speedy.com.ar) found in blacklist at cbl.abuseat.org

15/08/2008 02.27.12 SMTP Server: Message from 190.172.221.53 (190-172-221-53.speedy.com.ar) rejected by DNS blacklist filter

15/08/2008 02.27.12 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) connected

15/08/2008 02.27.15 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) disconnected. 0 message[s] received

15/08/2008 02.27.20 SMTP Server: Remote host 75.10.34.166 (adsl-75-10-34-166.dsl.ltrkar.sbcglobal.net) found in blacklist at cbl.abuseat.org

15/08/2008 02.27.20 SMTP Server: Message from 75.10.34.166 (adsl-75-10-34-166.dsl.ltrkar.sbcglobal.net) rejected by DNS blacklist filter

15/08/2008 02.27.20 SMTP Server: adsl-75-10-34-166.dsl.ltrkar.sbcglobal.net (75.10.34.166) connected

15/08/2008 02.27.21 SMTP Server: adsl-75-10-34-166.dsl.ltrkar.sbcglobal.net (75.10.34.166) disconnected. 0 message[s] received

15/08/2008 02.31.41 SMTP Server: Remote host 217.75.202.170 () found in blacklist at cbl.abuseat.org

15/08/2008 02.31.41 SMTP Server: Message from 217.75.202.170 () rejected by DNS blacklist filter

15/08/2008 02.31.41 SMTP Server: 217.75.202.170 connected

15/08/2008 02.31.43 SMTP Server: 217.75.202.170 disconnected. 0 message[s] received

15/08/2008 02.32.41 SMTP Server: Remote host 190.172.221.53 (190-172-221-53.speedy.com.ar) found in blacklist at cbl.abuseat.org

15/08/2008 02.32.41 SMTP Server: Message from 190.172.221.53 (190-172-221-53.speedy.com.ar) rejected by DNS blacklist filter

15/08/2008 02.32.41 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) connected

15/08/2008 02.32.44 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) disconnected. 0 message[s] received

15/08/2008 02.35.01 SMTP Server: Remote host 190.172.221.53 (190-172-221-53.speedy.com.ar) found in blacklist at cbl.abuseat.org

15/08/2008 02.35.01 SMTP Server: Message from 190.172.221.53 (190-172-221-53.speedy.com.ar) rejected by DNS blacklist filter

15/08/2008 02.35.01 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) connected

15/08/2008 02.35.03 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) disconnected. 0 message[s] received

15/08/2008 02.36.55 SMTP Server: Remote host 24.35.110.188 (cmu-24-35-110-188.mivlmd.cablespeed.com) found in blacklist at cbl.abuseat.org

15/08/2008 02.36.55 SMTP Server: Message from 24.35.110.188 (cmu-24-35-110-188.mivlmd.cablespeed.com) rejected by DNS blacklist filter

15/08/2008 02.36.55 SMTP Server: cmu-24-35-110-188.mivlmd.cablespeed.com (24.35.110.188) connected

15/08/2008 02.36.57 SMTP Server: cmu-24-35-110-188.mivlmd.cablespeed.com (24.35.110.188) disconnected. 0 message[s] received

15/08/2008 02.37.32 SMTP Server: Remote host 190.172.221.53 (190-172-221-53.speedy.com.ar) found in blacklist at cbl.abuseat.org

15/08/2008 02.37.32 SMTP Server: Message from 190.172.221.53 (190-172-221-53.speedy.com.ar) rejected by DNS blacklist filter

15/08/2008 02.37.32 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) connected

15/08/2008 02.37.35 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) disconnected. 0 message[s] received

15/08/2008 02.39.10 SMTP Server: Remote host 190.172.221.53 (190-172-221-53.speedy.com.ar) found in blacklist at cbl.abuseat.org

15/08/2008 02.39.10 SMTP Server: Message from 190.172.221.53 (190-172-221-53.speedy.com.ar) rejected by DNS blacklist filter

15/08/2008 02.39.10 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) connected

15/08/2008 02.39.13 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) disconnected. 0 message[s] received

15/08/2008 02.39.39 SMTP Server: Remote host 190.172.221.53 (190-172-221-53.speedy.com.ar) found in blacklist at cbl.abuseat.org

15/08/2008 02.39.39 SMTP Server: Message from 190.172.221.53 (190-172-221-53.speedy.com.ar) rejected by DNS blacklist filter

15/08/2008 02.39.39 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) connected

15/08/2008 02.39.42 SMTP Server: 190-172-221-53.speedy.com.ar (190.172.221.53) disconnected. 0 message[s] received

15/08/2008 02.42.18 SMTP Server: Remote host 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) found in blacklist at cbl.abuseat.org

15/08/2008 02.42.18 SMTP Server: Message from 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) rejected by DNS blacklist filter

15/08/2008 02.42.18 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) connected

15/08/2008 02.42.27 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) disconnected. 0 message[s] received

15/08/2008 02.42.49 SMTP Server: Remote host 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) found in blacklist at cbl.abuseat.org

15/08/2008 02.42.49 SMTP Server: Message from 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) rejected by DNS blacklist filter

15/08/2008 02.42.49 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) connected

15/08/2008 02.43.26 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) disconnected. 0 message[s] received

15/08/2008 02.44.23 SMTP Server: Remote host 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) found in blacklist at cbl.abuseat.org

15/08/2008 02.44.23 SMTP Server: Message from 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) rejected by DNS blacklist filter

15/08/2008 02.44.23 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) connected

15/08/2008 02.44.32 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) disconnected. 0 message[s] received

15/08/2008 02.44.41 SMTP Server: Remote host 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) found in blacklist at cbl.abuseat.org

15/08/2008 02.44.41 SMTP Server: Message from 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) rejected by DNS blacklist filter

15/08/2008 02.44.41 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) connected

15/08/2008 02.44.47 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) disconnected. 0 message[s] received

15/08/2008 02.45.26 SMTP Server: Remote host 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) found in blacklist at cbl.abuseat.org

15/08/2008 02.45.26 SMTP Server: Message from 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) rejected by DNS blacklist filter

15/08/2008 02.45.26 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) connected

15/08/2008 02.45.32 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) disconnected. 0 message[s] received

15/08/2008 02.45.40 SMTP Server: Remote host 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) found in blacklist at cbl.abuseat.org

15/08/2008 02.45.40 SMTP Server: Message from 24.40.172.172 (user-0c2hb5c.cable.mindspring.com) rejected by DNS blacklist filter

15/08/2008 02.45.40 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) connected

15/08/2008 02.45.45 SMTP Server: user-0c2hb5c.cable.mindspring.com (24.40.172.172) disconnected. 0 message[s] received

15/08/2008 03.01.44 SMTP Server: Remote host 209.218.88.46 (mx1.nchresourcecenter.com) found in blacklist at cbl.abuseat.org

15/08/2008 03.01.44 SMTP Server: Message from 209.218.88.46 (mx1.nchresourcecenter.com) rejected by DNS blacklist filter

15/08/2008 03.01.44 SMTP Server: mx1.nchresourcecenter.com (209.218.88.46) connected

15/08/2008 03.01.44 SMTP Server: mx1.nchresourcecenter.com (209.218.88.46) disconnected. 0 message[s] received

15/08/2008 03.03.11 SMTP Server: Remote host 222.123.217.61 () found in blacklist at cbl.abuseat.org

4

Subject: You are not Blacklisted … try to Debug!

Ciao Fabio,

I check your IP here IP-Address 209.237.238.224

And seems you are not blacklisted now.

I suggest you to insert (temporary) these two debug parameters in the notes.ini:

SMTPDEBUGCONTROLS=3

SMTPDEBUGDNSBL=1

these was very useful to solve my problem, opposite to your, NO MAIL WERE BLOCKED BY DNS BLACKLIST!

After, I found in the Log these messages:

20/09/2008 15.35.48 SMTP Server [0250:0008-0B30] Controls Debug: Getting hostname for [93.80.144.208]

20/09/2008 15.35.49 SMTP Server [0250:0008-0B30] Controls Debug: Host: 93-80-144-208.broadband.corbina.ru Address: [93.80.144.208]

20/09/2008 15.35.49 SMTP Server [0250:0008-0B30] Controls Debug: Host: 93-80-144-208.broadband.corbina.ru Allowed to relay. All connections allowed.

20/09/2008 15.35.49 SMTP Server [0250:0008-0B30] DNS Blacklist: Skipping because 93-80-144-208.broadband.corbina.ru (93.80.144.208) is considered local

20/09/2008 15.35.49 SMTP Server [0250:0008-0B30] DNS Blacklist: Skipping because no blacklist sites are defined

So I solved checking the “Perform Anti-Relay enforcement for these connecting hosts” to “External hosts”.

Hope this helps you.

Ciao Ciao, a presto

Gian Paolo

5

Subject: advaced log

I set debug parameters but i dont’see new information 23/09/2008 16.39.57 Router: Message 005085D6 delivered to Antonietta Silipo/Valassis

23/09/2008 16.41.59 SMTP Server: Remote host 88.40.167.72 (host72-167-static.40-88-b.business.telecomitalia.it) found in blacklist at sbl.spamhaus.org

23/09/2008 16.41.59 SMTP Server: host72-167-static.40-88-b.business.telecomitalia.it (88.40.167.72) connected

23/09/2008 16.42.01 SMTP Server: Message 0050C046 (MessageID: OFAB07B38E.80C5E802-ONC12574CD.0048DFDD-C12574CD.005090E3@CENTROCOMPUTER.IT) received

23/09/2008 16.42.01 SMTP Server: host72-167-static.40-88-b.business.telecomitalia.it (88.40.167.72) disconnected. 1 message[s] received

23/09/2008 16.42.02 Router: Message 0050C046, 0048DFDD delivered to Stefano Montagna/Valassis

23/09/2008 16.45.09 SMTP Server: Remote host 88.40.167.72 (host72-167-static.40-88-b.business.telecomitalia.it) found in blacklist at sbl.spamhaus.org

23/09/2008 16.45.09 SMTP Server: host72-167-static.40-88-b.business.telecomitalia.it (88.40.167.72) connected

23/09/2008 16.45.11 SMTP Server: Message 00510AB6 (MessageID: OFAB07B38E.80C5E802-ONC12574CD.0048DFDD-C12574CD.0050DB56@CENTROCOMPUTER.IT) received

23/09/2008 16.45.11 SMTP Server: host72-167-static.40-88-b.business.telecomitalia.it (88.40.167.72) disconnected. 1 message[s] received

23/09/2008 16.45.12 Router: Message 00510AB6, 0048DFDD delivered to Stefano Montagna/Valassis

6

Subject: Look in the MISC Events…

The host …business.telecomitalia.it with IP address 88.40.167.72 looks not to be in the spamhaus list. Check here:

http://openrbl.org/client/#88.40.167.72

Also you have to Look the log in the Miscellaneus Events, not in the Mail Routing Events. The debug parameters works there… :o

See my Log:

20/09/2008 18.55.09 SMTP Server [0B00:000C-05D4] Controls Debug: Getting hostname for [200.106.11.210]

20/09/2008 18.55.09 SMTP Server [0B00:000C-05D4] Controls Debug: Host: client-200.106.11.210.speedy.net.pe Address: [200.106.11.210]

20/09/2008 18.55.09 SMTP Server [0B00:000C-05D4] DNS Blacklist: Looking up host 210.11.106.200.zen.spamhaus.org

20/09/2008 18.55.09 SMTP Server [0B00:000C-05D4] DNS Blacklist: Lookup for 200.106.11.210 in site zen.spamhaus.org returned IP 127.0.0.11

20/09/2008 18.55.18 SMTP Server [0B00:000C-082C] Controls Debug: Getting hostname for [77.29.239.200]

20/09/2008 18.55.19 SMTP Server [0B00:0011-0AE4] Controls Debug: Getting hostname for [78.167.209.58]

20/09/2008 18.55.22 SMTP Server [0B00:0010-0834] DNS Blacklist: DNS lookup for 234.200.254.77.opm.blitzed.org returned status: No address associated with name

20/09/2008 18.55.23 SMTP Server [0B00:000C-082C] Controls Debug: Error getting hostname for [77.29.239.200]: The remote server is not a known TCP/IP host.

20/09/2008 18.55.23 SMTP Server [0B00:000C-082C] Controls Debug: Host: Address: [77.29.239.200]

20/09/2008 18.55.23 SMTP Server [0B00:000C-082C] DNS Blacklist: Looking up host 200.239.29.77.zen.spamhaus.org

20/09/2008 18.55.23 SMTP Server [0B00:000C-082C] DNS Blacklist: Lookup for 77.29.239.200 in site zen.spamhaus.org returned IP 127.0.0.4

20/09/2008 18.55.24 SMTP Server [0B00:0011-0AE4] Controls Debug: Error getting hostname for [78.167.209.58]: The remote server is not a known TCP/IP host.

20/09/2008 18.55.24 SMTP Server [0B00:0011-0AE4] Controls Debug: Host: Address: [78.167.209.58]

20/09/2008 18.55.24 SMTP Server [0B00:0011-0AE4] DNS Blacklist: Looking up host 58.209.167.78.zen.spamhaus.org

20/09/2008 18.55.24 SMTP Server [0B00:0011-0AE4] DNS Blacklist: Lookup for 78.167.209.58 in site zen.spamhaus.org returned IP 127.0.0.4

20/09/2008 18.55.25 SMTP Server [0B00:0011-0834] Controls Debug: Getting hostname for [201.75.184.121]

20/09/2008 18.55.25 SMTP Server [0B00:0011-0834] Controls Debug: Host: 201-75-184-121-nd.cpe.vivax.com.br Address: [201.75.184.121]

20/09/2008 18.55.25 SMTP Server [0B00:0011-0834] DNS Blacklist: Looking up host 121.184.75.201.zen.spamhaus.org

20/09/2008 18.55.25 SMTP Server [0B00:0011-0834] DNS Blacklist: Lookup for 201.75.184.121 in site zen.spamhaus.org returned IP 127.0.0.4

Hope This Helps You.

Bye

GP