[Exim] Puzzling RBL rejections

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MAlan J. Flavell at ->
Delete this message
Reply to this message
Author: Jeff Green
Date:  
To: exim-users
Subject: [Exim] Puzzling RBL rejections
I'm getting some troubling reject log entries that point to RBL rejections
and I'm not sure what's going on. System is Linux 2.4.19 (Debian) and Exim
4.20.

Log entry: (#=@)

2003-07-14 17:50:21 H=wsip-24-234-60-77.lv.lv.cox.net
(twmail.terrawest.com) [24.234.60.77] F=<PWood#TerraWest.com> rejected RCPT
<dpursiano#pursianolaw.com>: (ACL) RBL rejection

Configuration snippets: 

hostlist rbl_hosts = !localhost : \
         !192.168.x.0/24 : \
         !24.234.x.x : \
         *
...
# Check recipient ACL
...
   deny    log_message = (ACL) RBL rejection
           message = Administrative prohibition: if you believe this is in
error please resend to postmaster
           dnslists = relays.ordb.org :\
                      orbs.dorkslayers.com :\
                      relays.osirusoft.org :\
                      sbl.spamhaus.org :\
                      opm.blitzed.org
           hosts = +rbl_hosts


   warn    log_message = (ACL) Dynamic/dialup RBL rejection
           message = X-Spam-Warning: $sender_host_address is listed at
$dnslist_domain
           dnslists = dynablock.easynet.nl :\
                      dialups.visi.com
           hosts = +rbl_hosts


   warn    message = X-Warning: $sender_host_address is listed at
$dnslist_domain
           dnslists = spews.relays.osirusoft.com
           hosts = +rbl_hosts



Pertinent output from 'exim -bh 24.234.60.77':

**** SMTP testing session as if from host 24.234.60.77
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in host_lookup? yes (end of list)
>>> looking up host name for 24.234.60.77
>>> IP address lookup yielded wsip-24-234-60-77.lv.lv.cox.net
...
220-cm2.crockettandmyers.com ESMTP Exim 4.20 #1 Tue, 15 Jul 2003 09:34:20 -0700
ehlo twmail.terrawest.com
...
250-cm2.crockettandmyers.com Hello wsip-24-234-60-77.lv.lv.cox.net
[24.234.60.77]
...
mail from:<PWood@???>
250 OK
rcpt to:<dpursiano@???>
...
>>> check dnslists = relays.ordb.org :orbs.dorkslayers.com
:relays.osirusoft.org :sbl.spamhaus.org :opm.blitzed.org
>>> DNS list check: relays.ordb.org
>>> new DNS lookup for 77.60.234.24.relays.ordb.org
>>> DNS lookup for 77.60.234.24.relays.ordb.org failed
>>> => that means 24.234.60.77 is not listed at relays.ordb.org
>>> DNS list check: orbs.dorkslayers.com
>>> new DNS lookup for 77.60.234.24.orbs.dorkslayers.com
>>> DNS lookup for 77.60.234.24.orbs.dorkslayers.com failed
>>> => that means 24.234.60.77 is not listed at orbs.dorkslayers.com
>>> DNS list check: relays.osirusoft.org
>>> new DNS lookup for 77.60.234.24.relays.osirusoft.org
>>> DNS lookup for 77.60.234.24.relays.osirusoft.org failed
>>> => that means 24.234.60.77 is not listed at relays.osirusoft.org
>>> DNS list check: sbl.spamhaus.org
>>> new DNS lookup for 77.60.234.24.sbl.spamhaus.org
>>> DNS lookup for 77.60.234.24.sbl.spamhaus.org failed
>>> => that means 24.234.60.77 is not listed at sbl.spamhaus.org
>>> DNS list check: opm.blitzed.org
>>> new DNS lookup for 77.60.234.24.opm.blitzed.org
>>> DNS lookup for 77.60.234.24.opm.blitzed.org failed
>>> => that means 24.234.60.77 is not listed at opm.blitzed.org
>>> deny: condition test failed
>>> processing "warn"
>>> check dnslists = dynablock.easynet.nl :dialups.visi.com
>>> DNS list check: dynablock.easynet.nl
>>> new DNS lookup for 77.60.234.24.dynablock.easynet.nl
>>> DNS lookup for 77.60.234.24.dynablock.easynet.nl failed
>>> => that means 24.234.60.77 is not listed at dynablock.easynet.nl
>>> DNS list check: dialups.visi.com
>>> new DNS lookup for 77.60.234.24.dialups.visi.com
>>> DNS lookup for 77.60.234.24.dialups.visi.com failed
>>> => that means 24.234.60.77 is not listed at dialups.visi.com
>>> warn: condition test failed
>>> processing "warn"
>>> check dnslists = spews.relays.osirusoft.com
>>> DNS list check: spews.relays.osirusoft.com
>>> new DNS lookup for 77.60.234.24.spews.relays.osirusoft.com
>>> DNS lookup for 77.60.234.24.spews.relays.osirusoft.com failed
>>> => that means 24.234.60.77 is not listed at spews.relays.osirusoft.com
>>> warn: condition test failed
...
>>> calling lookuphost router
>>> 24.234.60.77 in "127.0.0.0/8 : 10.0.0.0/8 : 172.16.0.0/12 :
192.168.0.0/16"? no (end of list)
>>> routed by lookuphost router
...
250 Accepted

DNSBL testing seems to pass during SMTP testing, yet the log entry from
yesterday is bringing on some head scratching. I have since added more
verbose logging of these rejections using the $dnslist_ variables, but any
hints to what the problem might be would be greatly appreciated. 


Jeffrey B. Green    Personal Computer Consultant - Las Vegas, Nevada
http://jbgreen.com    Networking Las Vegas Since 1986
ARS KC7PK        Linux, Windows and NetWare




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] duplicate forwardsRe: [Exim] Dealiang with broken MTAs->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)