DNS blacklist not working RSS Back to forum
@gavpop111:
Hello gavpop111,
Please send us the ORF logs (i.e. orfee-2019-05-23.log) and the ORF configuration file (orfent.ini) from the day of the incident and we will investigate the issue. The requested files can be found in the ORF program directory by default (\Program Files (x86)\ORF Fusion).
Thank you.
@Daniel Novak (Vamsoft):
Just a quick update for anyone who encounters the same problem:
The SORBS Combined (DNS) Blacklist (i.e. the "dnsbl.sorbs.net" aggregate zone), which was queried by ORF in this case, does not include the "spam.dnsbl.sorbs.net" zone/database which contains the IP address 64.57.241.30.
The "spam.dnsbl.sorbs.net" zone (and any other zone that is not part of the "dnsbl.sorbs.net" aggregate zone) can be added to ORF as an individual DNSBL if necessary. Note, however, that some of these databases are known to include the IP address of legitimate senders, so they should be tested before using in production.
The available SORBS zones are listed on the SORBS website at http://www.sorbs.net/general/using.shtml
I'm using DNS blacklists with "before arrival" and "on arrival".
I have "SORBS Combined List" enabled as one of the options.
I received a load of SPAM yesterday from 64.57.241.30 which has been listed on SORBS since Aug 2017.
How did these emails manage to get through? Surely they should have been blocked?