Re: [exim] Blocking Authenticated Exim user whose ip address…

Top Page
Delete this message
Reply to this message
Author: normallybaffled
Date:  
To: exim-users
Subject: Re: [exim] Blocking Authenticated Exim user whose ip address is inan RBL



Dave Evans-20 wrote:
>
> On Tue, May 26, 2009 at 12:37:17AM -0700, normallybaffled wrote:
>> Here is what I believe i have a problem with:
>> When one of our users that "relays" mail thru one of our servers,
>> (connecting from a blacklisted ip address -ie in senderbase.org as POOR )
>
> Dave,, thanks for jumping in on this.. we are pretty desperate to find a
> solution.
> see my answers in your text.
>
> (a) When this happens, is the user authenticated (i.e. using SMTP AUTH)?
>
>>>>>>>>>>>>>>>>yes auth'd and.. we know they are our users
>
> If no, then how do you know it's one of your users? Perhaps you've just
> got
> an open relay.
>
> (b) Is the mail being relayed in fact spam?
>>>>>No it is not spam..
>
> (c) If it's spam, is it a flood of spam, as opposed to just a handful of
> messages?
>>>>no.
> If yes to both, maybe rate-limiting would help. e.g. only allow X
> messages per Y
> minutes from each user.
> We do rate limiting and we monitor our stats carefully.. When this happens
> the investigation with the user is comprehensive including them sending us
> the bounce from barracuda, log file examination and copies of the original
> mail. There is nothing we can see that should trigger a block at
> barracuda other than the user's offending ip address... have you heard of
> this happening to anyone else?
>
>> and the recipient is behind a Barracuda, we are finding that we (our mail
>> server addresses) are being blacklisted by Barracuda Central.
>
> which is fair enough, if you answered "yes" to (b) above.
>
> --
> Dave Evans
> http://djce.org.uk/
> http://djce.org.uk/pgpkey
>
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
View this message in context: http://www.nabble.com/Blocking-Authenticated-Exim-user-whose-ip-address-is-in-an-RBL-tp23717484p23718756.html
Sent from the Exim Users mailing list archive at Nabble.com.