Warning to those running SpamAssassin/Postfix

K

Kasyx

Expert Member
Joined
Jun 6, 2006
Messages
2,565
Reaction score
1
Location
127.0.0.1
We have just had a huge issue here at work with our clients who are running SpamAssassin/Mailscanner and Postfix. This is if you are using custom RBL checking, rather than ISP rbls

The RBL list relay.ORDB.net has died, thus rejecting all mail and causing everything to be marked as spam by Spam Assassin and Postfix (provided they use the RBL list). The way to fix this is by removing the ORDB domain in your MailScanner.conf (you may also need to check your mailscanner.cf), as well as the postfix main.cf (usually /etc/postfix/main.cf), this will stop the RBL from being used and thus solving the problem.

I hope this helps anyone who makes use of this software, if you need more info give me a shout.
 
Dang dude, ORDB has been down for ages.

"reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client list.dsbl.org, reject_rbl_client no-more-funn.moensted.dk"

Those are the ones I use.

Here's an article referring to ORDB going down: http://it.slashdot.org/article.pl?sid=06/12/18/154259&from=rss

Dated 18 December 2006! I'm surprised you only picked up issues now.
 
Last edited:
Look something like this?

Mar 26 10:14:38 mail exim[6460]: 2008-03-26 10:14:38 DNS list lookup defer (probably timeout) for 92.1.4.160.relays.ordb.org: assumed not in list
Mar 26 10:14:38 mail exim[6460]: 2008-03-26 10:14:38 H=(Notebook) [160.x.x.xx]:1315 I=[160.x.x.xx]:25 F=<[email protected]> rejected RCPT <[email protected]>: authentication required
Mar 26 10:14:38 mail exim[6460]: 2008-03-26 10:14:38 H=(Notebook) [160.xx.x]:1315 I=[160.x.x.x]:25 F=<[email protected]> rejected RCPT <[email protected]>: authentication required
Mar 26 10:14:38 mail exim[6460]: 2008-03-26 10:14:38 DNS list lookup defer (probably timeout) for 92.1.4.160.relays.ordb.org: assumed not in list
Mar 26 10:14:38 mail exim[6460]: 2008-03-26 10:14:38 H=(Notebook) [160.x.x.x]:1315 I=[160.x.x.xx]:25 F=<[email protected]> rejected RCPT <[email protected]>: authentication required
Click to expand...
 
thisgeek said:
Dang dude, ORDB has been down for ages.

"reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client list.dsbl.org, reject_rbl_client no-more-funn.moensted.dk"

Those are the ones I use.

Here's an article referring to ORDB going down: http://it.slashdot.org/article.pl?sid=06/12/18/154259&from=rss

Dated 18 December 2006! I'm surprised you only picked up issues now.
Click to expand...

I am aware that ORDB has been down, however I think the ORDB.net domain has expired or something (not quite sure, I was also pretty confused as to why it would cause issues as I know it has been down for quite some time), causing any spamassassin/postfix queries to be rejected, thus completely freaking them out.
 
Hmm.. well, I knew it was down, sometime in Jan 2007 methinks, when all of a sudden a lot of mail was getting rejected as spam, because they had set the server to respond positively for all requests. Yikes. Surprised you weren't affected by that.
 
thisgeek said:
Hmm.. well, I knew it was down, sometime in Jan 2007 methinks, when all of a sudden a lot of mail was getting rejected as spam, because they had set the server to respond positively for all requests. Yikes. Surprised you weren't affected by that.
Click to expand...

Yeah, all of our clients just got hit by it this morning, kind of like the medical equivalent to a 20-car pileup on the freeway :(
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X