Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » subscribing to spam blacklists
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
howdy

apologies if this is something that has been dealt with before.... but couldn't find anything when i did a search

i have subscribed to a number of blacklists incl combined.njabl.org (which i have recently unsubsribed from)

now the problem is... one of our clients are trying to send us email.... and it doesn't even appear to be hitting our server

the message that they are getting is:



"The recipient could not be processed because it would violate the security policy in force

<mail.domain.com #5.7.0 smtp;550 5.7.0 Your server IP address is in the combined.njabl.org database, bye>"



any ideas why this would be?

do these blacklists in anyway intercept/ filter the mail prior to it reaching our server.... and if so... what can i do to recify the issue... if not... why is the mail not getting thru to us

also

we seem to be having issues gettiing mail thru to some verizon.net accounts... anyone have similar experiences and knows how to solve

thanks

yukioMishima
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
further to the above

found that the email was being quietly rejected by one of the blacklist filters... even though there were whitelest entries

i unsubscribed from the blacklist and the mail is now coming thru

i thought a whitelist entry over-rode the blacklist settings..... why did the email get stopped then?

also

on the verizon issue.... i am getting the following error:

[05/Mar/2007 18:11:35] Sent: Queue-ID: 45ec6a41-0002d75c, Recipient: <USERNAME<.a.t.>verizon.net>, Result: failed, Status: 4.1.8 450 Requested mail action not taken-Try later:sv4pub.verizon.net

does this help anyone with trying to resolve the issue we are having in getting email thru to verizon.ner users?

thanks again for all

yukioMishima
  •  
Anonymous
Karma:
Try disabling the Spam Repellent in KMS. This feature often causes problems when sending mail to Verizon users.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
I thought Spam repellent only has an influence on INCOMING mail. It delays the SMTP greeting so spam bots with no proper SMTP implementation will be locked out.

On the error number 4.1.8 450, KMS should retry several times and not give up immediately.


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
Kerio_dkorman

HUGE thanks.... that did indeed solve the issue...... email now going straight-thru to verizon.net accounts

will hav ing spam repellent switched off increase our likelihood of more spam getting thru?

if so..... is there a way of re-enabling the spam repellent but still have the verizon.net stuff get thru (would changing the time in there make a difference..., at the moment i have it set for 30 sec... should i lower that)

thanks again all

yukioMishima
  •  
campodoro74

Messages: 119
Karma: 0
Send a private message to this user
Try something like 11 seconds, I found that very effect full.
  •  
Anonymous
Karma:
freakinvibe wrote on Wed, 07 March 2007 00:25

I thought Spam repellent only has an influence on INCOMING mail. It delays the SMTP greeting so spam bots with no proper SMTP implementation will be locked out.

On the error number 4.1.8 450, KMS should retry several times and not give up immediately.




You are correct the Spam Repellent feature is only applicable to incoming SMTP connections. The reason it affects mail sent to Verizon users is because Verizon uses an anti spam technique called Sender Callout Verification. Sender Callout Verification and how it works:

* If you send email to a Verizon address, their servers will hold your incoming SMTP connection open,
* Meanwhile, their system will connect to your systems and then ask your server if it will accept an email for your email address.
* If your server says “yes” they then accept the the waiting inbound email to their server.
* If your server does not verify the above within 30 seconds, the inbound email to their customer will be rejected.

So if you have the Spam Repellent feature enabled and the Verizon mail server attempts to connect to your Kerio mail server the delayed greeting will prevent interfere with the verification.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Ahh, now I understand. So it would be a remedy to set Spam Repellent to 20 seconds.

As a side-note, I find this Sender Callout Verification from Verizon a bad idea, because:

a) Causes more traffic and load on mail servers

b) Automated notifications won't work (for example sender noreply<.a.t.>ebay.com doesn't exist, but the mail might be important)

c) Many mail gateways will accept any user on their domain, only when the gateway passes the mail on to the real mail server, it will find out if the user exists and sends a mail back. So Verizon will report that the users exists, although in reality it doesn't.


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
freakinvibe wrote on Wed, 07 March 2007 17:55

Ahh, now I understand. So it would be a remedy to set Spam Repellent to 20 seconds.

As a side-note, I find this Sender Callout Verification from Verizon a bad idea, because:

a) Causes more traffic and load on mail servers

b) Automated notifications won't work (for example sender noreply<.a.t.>ebay.com doesn't exist, but the mail might be important)

c) Many mail gateways will accept any user on their domain, only when the gateway passes the mail on to the real mail server, it will find out if the user exists and sends a mail back. So Verizon will report that the users exists, although in reality it doesn't.




d) It is a violation of RFC 2821.
e) It can easily create an endless loop if your server will do the same check against Verizon.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Kerio_pdobry wrote on Wed, 07 March 2007 12:05

freakinvibe wrote on Wed, 07 March 2007 17:55

Ahh, now I understand. So it would be a remedy to set Spam Repellent to 20 seconds.

As a side-note, I find this Sender Callout Verification from Verizon a bad idea, because:

a) Causes more traffic and load on mail servers

b) Automated notifications won't work (for example sender noreply<.a.t.>ebay.com doesn't exist, but the mail might be important)

c) Many mail gateways will accept any user on their domain, only when the gateway passes the mail on to the real mail server, it will find out if the user exists and sends a mail back. So Verizon will report that the users exists, although in reality it doesn't.




d) It is a violation of RFC 2821.
e) It can easily create an endless loop if your server will do the same check against Verizon.

e) Some servers don't acknowledge a good/bad user until the end of the SMTP transaction to prevent harvesting
f) If the receiving server gets blacklisted, the one doing the callout verification, their checks will fail and they can't even receive mail (I've seen this happen with mail going out of our server)

Scott
  •  
yukiomishima

Messages: 185
Karma: -2
Send a private message to this user
wow

thanks guys for all the great info

so.......... what is the best plan of attack
- leave spam repellent OFF
- turn it back on but change the time to something like 10 - 15 seconds

thanks again for all

yukioMishima
Previous Topic: iCal works only once
Next Topic: Vista compatible Kerio Outlook Connector ?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 17 20:21:35 CET 2017

Total time taken to generate the page: 0.00514 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.