Blacklisted URL in message

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Blacklisted URL in message

Terry
Hi one of our customers complained about not receiving some email and it
seems they were blocked due to black listed url but I went and checked
and they are not listed. Unless they recently became unlisted ?


+++ 1WxHw9-000PUG-3y has not completed +++
2014-06-18 15:38:09 1WxHw9-000PUG-3y H=mail50.scotnet.co.uk
(sys30.scotnet.net) [217.16.223.65] F=<[hidden email]> rejected
during MIME ACL checks: Blacklisted URL in message.
(pritchard-edwards.co.uk) in. See http://lookup.uribl.com.

+++ 1Wwpio-000MvZ-TN has not completed +++
2014-06-17 09:30:31 1Wwpio-000MvZ-TN H=smtp.clearstreamgroup.co.uk
(smtp2.clearstreamtechnology.co.uk) [46.17.208.145]
F=<[hidden email]> rejected during MIME ACL checks:
Blacklisted URL in message. (familyarbitrator.com) in. See
http://lookup.uribl.com.

--
------------------------------------
Terry



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Blacklisted URL in message

gldickens3
Administrator
URLs are added and removed all the time from the uribl.com database.  When a spammer's URL shows up alot in their spam traps then they are added.  Then, when the spamming subsides, they are removed.  I have seen very few, if any, false positives at URIBL so I am willing to bet money that URL was accurately in the database at the time of the rejection.  The only other time that I remember this happening is when a company complained about a rejected email sent from an internet marketing company and it turned out that their URL was indeed on the URIBL black list for legitimate reasons.  I can think of few reasons why this would occur, however, the URIBL list is a DNS based blacklist and so I guess that it would be possible to have these types of problems if there was something sporadically wrong with their DNS lookups.

On most installations, the URIBL black list is more active than spamassassin in blocking spam.  For example, on one of my servers yesterday, 98 spam emails were rejected by the URIBL list while spamassassin only rejected 6 spam.  Nevertheless, if the customer doesn't want the URIBL check then you can disable it by removing all references to it from exim.conf.

FYI,

Gordon




On 06/19/2014 07:08 AM, Terry wrote:
Hi one of our customers complained about not receiving some email and it
seems they were blocked due to black listed url but I went and checked
and they are not listed. Unless they recently became unlisted ?


+++ 1WxHw9-000PUG-3y has not completed +++
2014-06-18 15:38:09 1WxHw9-000PUG-3y H=mail50.scotnet.co.uk
(sys30.scotnet.net) [217.16.223.65] F=[hidden email] rejected
during MIME ACL checks: Blacklisted URL in message.
(pritchard-edwards.co.uk) in. See http://lookup.uribl.com.

+++ 1Wwpio-000MvZ-TN has not completed +++
2014-06-17 09:30:31 1Wwpio-000MvZ-TN H=smtp.clearstreamgroup.co.uk
(smtp2.clearstreamtechnology.co.uk) [46.17.208.145]
F=[hidden email] rejected during MIME ACL checks:
Blacklisted URL in message. (familyarbitrator.com) in. See
http://lookup.uribl.com.



_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Blacklisted URL in message

Terry
In reply to this post by Terry
They have had there own email blocked yesterday as well when trying to
email from a home address.
But when I check the logs it seems to be catching legitimate emails as
well as it should.
I didn't want to disable it as it does a good job but may have to.








--
------------------------------------
Terry


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Blacklisted URL in message

gldickens3
Administrator
Exim4U does not do a URIBL check for authenticated mail.  So, assuming
that they use authentication for local mail, something very weird is
going on for their own mail to be blocked.  That should not be
possible.  Otherwise, their exim4u configuration must have somehow
gotten mangled.

It sounds like they may be having a DNS problem with the URIBL lookups.  
Do they use their own caching DNS server or are they using a public DNS
server?  I strongly recommend that they use their own DNS server with
bind/named.  Otherwise, the use of public DNS servers can cause
unpredictable results such as refused queries and false positive
results.  Note that URIBL may refuse queries from any high volume DNS
server.  So, if they are using a public DNS server then I recommend that
they setup their own caching name server with bind/named.

FYI,

Gordon




On 06/20/2014 04:41 AM, Terry wrote:

> They have had there own email blocked yesterday as well when trying to
> email from a home address.
> But when I check the logs it seems to be catching legitimate emails as
> well as it should.
> I didn't want to disable it as it does a good job but may have to.
>
>
>
>
>
>
>
>


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Blacklisted URL in message

Terry
In reply to this post by Terry
Hi by there own address I meant a gmail one so they noticed the block.
They do have there own caching dns server and every thing seems in order.
I have disabled the check for them so things are fine now. But it was a
bit puzzling

--
------------------------------------
Terry


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Blacklisted URL in message

gldickens3
Administrator
Hi Terry,

I thought of another thing to look at.  The uribl lookups are done in a
script that is included in the Exim4U installation here:

/etc/exim/exim.pl/exim_surbl.pl

This script checks three URL blacklists: SURBL, URIBL and DBL. The exim
log entries that you sent in your first email were all only URIBL
lookups.  So, you may consider re-enabling the lookups in
/etc/exim/exim.conf and disabling only the URIBL blacklist directly in
/etc/exim/exim.pl/exim_surbl.pl to determine if the problem is only with
the URIBL blacklist or with all three blacklists.

Look at lines 61 through 65 in exim_surbl.pl:

     # The following ariables enable or disable the SURBL, URIBL and DBL
     # lookups.  Set to 1 to enable and 0 to disable.
     my $surbl_enable = 1;
     my $uribl_enable = 1;
     my $dbl_enable = 1;

Here, you can disable/enable each blacklist individually.  If, for some
reason, you find that the problem only exists with the URIBL blacklist
then you can keep the script running and benefit from the other two
blacklists.

This script was written by Erik Mugele and you can read more about it here:

http://www.teuton.org/~ejm/exim_surbl/

If you find that all three lists generate false positives, then I would
suggest that the problem probably is directly related to this
installation's DNS lookups.  Whereas, if the problem only occurs with
the URIBL then I'm not sure what to say.  In any event, Erik Mugele's
script is well known and popular within the exim community and this is
the first time that I have ever heard of this type of problem that was
not caused by the use of a public or large ISP's DNS servers.  So, if
you make any progress diagnosing this problem please let me know what
you find.

Thanks,

Gordon



On 06/24/2014 09:12 AM, Terry wrote:
> Hi by there own address I meant a gmail one so they noticed the block.
> They do have there own caching dns server and every thing seems in order.
> I have disabled the check for them so things are fine now. But it was
> a bit puzzling
>


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users