This is my RBL filter:
When I initially configured it, I did not include connecting IP addresses and wondered why the RBL filter wasn't working. I was told it was a best practice to include connecting IP addresses and, once I did, I began getting filter hits.
The RBL filter is doing its job and working as designed but this is the issue I am now facing: Valid email originating from domains with which we communicate on a regular basis (as well as others) is being blocked!
Further investigation shows that a series of emails from a given domain, at a given location, may all be delivered to SMG from different IP addresses originating from diverse geographic locations. Typically there are a half dozen SMTP servers through which the email passes from the time it leaves the sender until it is delivered to the SMG appliance and it is one of the intermediate IP addresses that is on a blacklist.
This situation is becoming much more prevalent and, when a recipient contacts me to say a sender is telling them that we are rejecting their email, guess who has to deal with it?
I expect that exceptions require manual intervention but recurring events need to minimise manual involvement.
There are two things we should do:
- Notify the sender so s/he can get the issue resolved.
- Create an RBL exception so recipients can receive their email.
Notify the sender
This is the response a sender receives: Error: 550 5.0.350 Remote server returned an error -> 500 Message denied access due to content filters in effect. It doesn't even provide a clue as to why the email was rejected.
We need to provide header information, of course, and it would be very helpful if we were to include the IP addresses we found to be blacklisted. Current scan policy services cannot test nor have access to filter results. If the notification originates from a service in the Policy Scan Configuration, we must be able to specify conditions. For example, we may want to limit notifications to specific senders or domains or based on the results of specific filters.
It would seem the best we can do is return a copy of the received email to the sender but I definitely don't want to do that for every email the fails an RBL test. We could do it based on an exception whitelist once one was created.
Create an RBL exception
The assumption is that the sender and recipient have a business relationship and the exception is to deal with a situation over which neither have direct control. In such situations it is not uncommon that there may be several senders and recipients that could be impacted. Ideally we would like to whitelist the sender's domain but I don't know that this can be automated. Specific sender/recipient pairs can be whitelisted from the quarantine but this is not an acceptable solution especially when we know in advance that all sender/recipient combinations will be impacted at some point.
Given the above limitations, how are you dealing with this issue? Have you found an automated solution?
__________
Kevin Boyle, Knowledge Partner
Calgary, Alberta, Canada