Exception on IP Address not Working on RBL False Positives

  • 7020827
  • 09-Jun-2016
  • 07-Aug-2017

Environment


GWAVA 6.x

Situation

We are seeing a lot of false positives for RBL. The IP address that they are firing on is the same for several different domains. Adding an exception for the IP on RBL is not allowing them through.

Resolution


If you have verified that an IP address exception was entered properly for RBL, and it's not working, then most likely this IP was found and scanned by a DNS lookup on a hostname in the mime header. The GWAVA log will show something like this (the hostname and IP address have been changed):

DNS->RBL lookup: jsd12345.mail.fld4.yahoo.com->107.180.21.58

Since the IP in this example doesn't show up in the MIME file, an exception on the IP address will not work. To allow these through you can do either of these two options:

1) Add the sender's address to the source address exceptions list. This is your only option, if you are using a GWIA scanner. This may not be ideal, if this IP is for a blacklisted ISP, causing several valid senders to get blocked, since you would have to add each one in the exceptions list.

a) Go to Server/Interface Management | Interface name | Exceptions | Source address (from:)

b) Type in the sender's email address and click 'Add'.

c) Open the folder for the new address and check the box for 'RBL'.

d) Hit 'save changes'

2) If you are using a SMTP scanner, you have another option. But, keep in mind if you are required to quarantine RBL blocks you won't be able to with this option. But, this is the recommended way to handle this. It will reduce false positives for RBL since it will only scan the IP address for the actual sender (not other IP's in the mime header). This second option is to disable the 'message header scan' for RBL, and make sure 'Connection drop' for RBL is on.

a) Go to Server/Interface Management | Interface name | Scanning configuration | Antispam | RBL

b) Under Scan configuration uncheck 'Enable message header scan'

c) Make sure 'Enable connection drop' is checked

d) Hit 'save changes'

After doing either one of these options, these messages should not get blocked for RBL anymore.

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 2810.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.