Spam getting through despite being listed on an RBL?
Our spam filter (Vamsoft ORF) is configured to look at zen.spamhaus.org among a few others. This morning, I had a mailbox full of spam. As part of my normal procedure, I opened the email, read the headers, got the remote IP (199.116.118.190), and put it into MX Toolbox for a blacklist check. It showed that this particular IP was listed on zen.spamhaus.org.
So, I went to our Exchange box, and did:
dig 190.118.116.199.zen.spamhaus.org +short
Nothing.
So, I also tried:
dig @8.8.8.8 190.118.116.199.zen.spamhaus.org +short
Still nothing.
Something is broken somewhere. My inbox is (unusually) full of spam, and every one of them shows up when I query using MXToolbox.com's blacklist lookup, yet I am getting nothing on my side when I do the lookup (which is why my spam filter is letting them through).
Where else can I look?
Update: Another example: Just got some email in from this IP address, and I am definately checking both the barracuda list and zen.spamhaus.org. This is listed twice, it still got through... 2
Оказывается, DNS Google просто не сообщал правильные записи. Я (ошибочно) предположил, что они будут правильными, но как только я переключил DNS-серверы на OpenDNS (208.67.222.222), все снова заработало.
Я бы не стал использовать OpenDNS с Vamsoft. Если они что-то не изменили, они не всегда возвращают правильную информацию, когда нет записей MX. Есть причины, по которым вы не используете корневые серверы? Это то, что я нахожу лучшим в комбинации Exchange/Vamsoft.