Autor: normallybaffled Datum: To: exim-users Betreff: Re: [exim] Blocking Authenticated Exim user whose ip address is
inan RBL
Dave Evans-20 wrote: >
> On Tue, May 26, 2009 at 12:37:17AM -0700, normallybaffled wrote:
>> Here is what I believe i have a problem with:
>> When one of our users that "relays" mail thru one of our servers,
>> (connecting from a blacklisted ip address -ie in senderbase.org as POOR )
>
> Dave,, thanks for jumping in on this.. we are pretty desperate to find a
> solution.
> see my answers in your text.
>
> (a) When this happens, is the user authenticated (i.e. using SMTP AUTH)?
>
>>>>>>>>>>>>>>>>yes auth'd and.. we know they are our users
>
> If no, then how do you know it's one of your users? Perhaps you've just
> got
> an open relay.
>
> (b) Is the mail being relayed in fact spam?
>>>>>No it is not spam..
>
> (c) If it's spam, is it a flood of spam, as opposed to just a handful of
> messages?
>>>>no.
> If yes to both, maybe rate-limiting would help. e.g. only allow X
> messages per Y
> minutes from each user.
> We do rate limiting and we monitor our stats carefully.. When this happens
> the investigation with the user is comprehensive including them sending us
> the bounce from barracuda, log file examination and copies of the original
> mail. There is nothing we can see that should trigger a block at
> barracuda other than the user's offending ip address... have you heard of
> this happening to anyone else?
>
>> and the recipient is behind a Barracuda, we are finding that we (our mail
>> server addresses) are being blacklisted by Barracuda Central.
>
> which is fair enough, if you answered "yes" to (b) above.
>
> --
> Dave Evans
> http://djce.org.uk/ > http://djce.org.uk/pgpkey >
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ >