Reject on Spamhaus DBL

This section contains scripts that hMailServer has contributed with. hMailServer 5 is needed to use these.
Post Reply
palinka
Senior user
Senior user
Posts: 1107
Joined: 2017-09-12 17:57

Reject on Spamhaus DBL

Post by palinka » 2019-07-27 12:40

I've been playing around with Spamhaus and found they do domain testing also. I thought I'd give it a whack.

The first test is on the highest level domain found in the helo. I haven't implemented that yet. Still testing. I haven't seen any false positives, but this could be dangerous so I'm going to watch it a while before actually rejecting anything based on this. Regex seems to work ok: https://regex101.com/r/FqiHHX/3

The second test is on the from address of the message. If it contains a spammy domain, then reject. I'm confident enough in this to reject without issue.

This is all recycled code from SorenR and RvdH.

Requirements: RvdH's OnHELO custom build and also his dns resolver component. Both found here: http://hmailserver.com/forum/viewtopic.php?f=10&t=30193

Code: Select all

Function Lookup(strRegEx, strMatch) : Lookup = False
   With CreateObject("VBScript.RegExp")
      .Pattern = strRegEx
      .Global = False
      .MultiLine = True
      .IgnoreCase = True
      If .Test(strMatch) Then Lookup = True
   End With
End Function

Function oLookup(strRegEx, strMatch, bGlobal)
   If strRegEx = "" Then strRegEx = StrReverse(strMatch)
   With CreateObject("VBScript.RegExp")
      .Pattern = strRegEx
      .Global = bGlobal
      .MultiLine = True
      .IgnoreCase = True
      Set oLookup = .Execute(strMatch)
   End With
End Function

Function IsInSpamHausDBL(strDomain) : IsInSpamHausDBL = False
	Dim strLookup
	With CreateObject("DNSLibrary.DNSResolver")
		strLookup = .DNSLookup(strDomain & ".dbl.spamhaus.org")
	End With
	Dim strRegEx : strRegEx = "(127\.0\.1\.(2|4|5|6))"
	IsInSpamHausDBL = Lookup(strRegEx, strLookup)

	Dim strRegEx2 : strRegEx2 = "127\.255\.255\.25(2|4|5)"
	Set Matches = oLookup(strRegEx2, strLookup, False)
	For Each Match In Matches
		If Match.Value = "127.255.255.252" Then 
			EventLog.Write("Spamhaus DBL Error: Typing error in DNSBL name: " & strDomain)
		ElseIf Match.Value = "127.255.255.254" Then 
			EventLog.Write("Spamhaus DBL Error: Anonymous query through public resolver: " & strDomain)
		ElseIf Match.Value = "127.255.255.255" Then 
			EventLog.Write("Spamhaus DBL Error: Excessive number of queries")
		ElseIf Match.Value = "" Then 

		Else 
			EventLog.Write("Spamhaus DBL Error: Unknown Error: " & Match.Value)
		End If
	Next

End Function

Sub OnHELO(oClient)

	'	Exclude local LAN & Backup from test
	If (Left(oClient.IPAddress, 8) = "192.168.") Then Exit Sub
	If (Left(oClient.IPAddress, 9) = "127.0.0.1") Then Exit Sub
	If (Left(oClient.IPAddress, 12) = "184.105.182.") Then Exit Sub

	'	Test Spamhaus Domain Block List on HELO
	Dim a, shDomain
	Dim Match, Matches
	
	Dim strRegex : strRegex = "([a-zA-Z0-9-]{1,63}\.)(((net|co|com)\.){0,1})[a-zA-Z]{2,63}$"
	Set Matches = oLookup(strRegEx, oClient.HELO, False)
	For Each Match In Matches
		shDomain = Match.Value
	Next

	If IsInSpamHausDBL(shDomain) Then
		Result.Value = 2
		Result.Message = ". 15 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
		Exit Sub
	End If 
	
End Sub

Sub OnAcceptMessage(oClient, oMessage)

	'	Exclude authenticated users test
	If (oClient.Username <> "") Then Exit Sub

	'	Test Spamhaus Domain Block List on From Address
	Dim shDBLdomain
	a = Split( oMessage.Recipients(0).OriginalAddress, "@" )
	shDBLdomain = Trim( CStr( a(1) ) )
	If IsInSpamHausDBL(shDBLdomain) Then
		Result.Value = 2
		Result.Message = ". 15 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
		Exit Sub
	End If 

End Sub

User avatar
SorenR
Senior user
Senior user
Posts: 3190
Joined: 2006-08-21 15:38
Location: Denmark

Re: Reject on Spamhaus DBL

Post by SorenR » 2019-07-28 15:59

Well, I have apparently been using it for a long time ;-) It is listed as one of my URIBL servers :mrgreen:

The big challenge is that you need to convert to 2LD (Second-level) domain for dbl.spamhaus.org to check.

Usually a 2LD is like "example.com" but it can also be like "example.rj.gov.br" or "example.fukuchi.fukuoka.jp" (this is real!). Regex will NOT solve this problem :mrgreen:

Here is a somewhat authoritative list of TLD's and ccTLD's.
https://publicsuffix.org/list/public_suffix_list.dat

Here's some inspiration: https://dzone.com/articles/extract-second-and-top-level
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

palinka
Senior user
Senior user
Posts: 1107
Joined: 2017-09-12 17:57

Re: Reject on Spamhaus DBL

Post by palinka » 2019-07-28 20:53

SorenR wrote:
2019-07-28 15:59
Well, I have apparently been using it for a long time ;-) It is listed as one of my URIBL servers :mrgreen:
Yes, but that's for scoring not reject connection. :wink:

The big challenge is that you need to convert to 2LD (Second-level) domain for dbl.spamhaus.org to check.

Usually a 2LD is like "example.com" but it can also be like "example.rj.gov.br" or "example.fukuchi.fukuoka.jp" (this is real!). Regex will NOT solve this problem :mrgreen:
"example.rj.gov.br" and "example.fukuchi.fukuoka.jp" are 3rd and 4th level domains, respectively. The regex I'm using would pick up rj.gov.br (if i added gov to the list of intermediary TLDs - right now i have co|com|net - I'l add gov today :D ) and fukuoka.jp. I'm not really sure if SH DBL looks at 3rd level domains. I could add that to the list of tests. Maybe i should, because I've only had 4 hits in 36 hours of testing on HELO. Maybe adding 3rd level will draw in more hits. I don't really know.

Have a look at this: https://regex101.com/r/FqiHHX/3

Here is a somewhat authoritative list of TLD's and ccTLD's.
https://publicsuffix.org/list/public_suffix_list.dat

Here's some inspiration: https://dzone.com/articles/extract-second-and-top-level
Cool. I looked at the public suffix link while making this. In the end, of course, i decided on regex, which should hit 99% of 2LD. Adding gov to the list will make it 99.001%. :mrgreen:

I'l check out the other link too. Thanks.

User avatar
SorenR
Senior user
Senior user
Posts: 3190
Joined: 2006-08-21 15:38
Location: Denmark

Re: Reject on Spamhaus DBL

Post by SorenR » 2019-07-28 21:48

palinka wrote:
2019-07-28 20:53
"example.rj.gov.br" and "example.fukuchi.fukuoka.jp" are 3rd and 4th level domains
According to the list https://publicsuffix.org/list/ both "rj.gov.br" and "fukuchi.fukuoka.jp" are TLD's.
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

palinka
Senior user
Senior user
Posts: 1107
Joined: 2017-09-12 17:57

Re: Reject on Spamhaus DBL

Post by palinka » 2019-07-28 21:55

SorenR wrote:
2019-07-28 21:48
palinka wrote:
2019-07-28 20:53
"example.rj.gov.br" and "example.fukuchi.fukuoka.jp" are 3rd and 4th level domains
According to the list https://publicsuffix.org/list/ both "rj.gov.br" and "fukuchi.fukuoka.jp" are TLD's.
erotica.hu
erotika.hu

Also TLDs. :mrgreen:

Looks like I'l have to take a second run at it. :mrgreen:

User avatar
SorenR
Senior user
Senior user
Posts: 3190
Joined: 2006-08-21 15:38
Location: Denmark

Re: Reject on Spamhaus DBL

Post by SorenR » 2019-07-28 22:19

I had a read here: https://docs.spamhaustech.com/70-access ... ery-format

it seems that ...
It must be emphasized that both dbl and zrd are wildcarded zones that do not consider the hostname part of fully qualified domain names. Therefore, fully qualified domain names can be inserted as they are in the DNS queries, without having to strip away the domain part.
So ... waste of time to manipulate URL's :mrgreen:
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

palinka
Senior user
Senior user
Posts: 1107
Joined: 2017-09-12 17:57

Re: Reject on Spamhaus DBL

Post by palinka » 2019-07-29 12:04

Good catch and way easier to fix!

Code: Select all

Sub OnHELO(oClient)

	'	Exclude local LAN & Backup from test
	If (Left(oClient.IPAddress, 8) = "192.168.") Then Exit Sub
	If (Left(oClient.IPAddress, 9) = "127.0.0.1") Then Exit Sub
	If (Left(oClient.IPAddress, 12) = "184.105.182.") Then Exit Sub

	'	Test Spamhaus Domain Block List on HELO
	If IsInSpamHausDBL(oClient.HELO) Then
		Result.Value = 2
		Result.Message = ". 15 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
		Exit Sub
	End If 
	
End Sub
simple! :mrgreen:

User avatar
SorenR
Senior user
Senior user
Posts: 3190
Joined: 2006-08-21 15:38
Location: Denmark

Re: Reject on Spamhaus DBL

Post by SorenR » 2019-07-29 13:35

I got 4 (!) hits in 92 lookups over the past 14 hours ... :roll:

I check PTR (if any) in OnClientConnect() and oClient.HELO in OnHELO() and log the result. All 4 are found using PTR's and they are all 127.0.1.2's.

Code: Select all

Function Spamhaus(strDomain)
    Dim strLookup
    With CreateObject("DNSLibrary.DNSResolver")
        strLookup = .DNSLookup(strDomain & ".dbl.spamhaus.org")
    End With
    Select Case strLookup
        Case "127.0.1.2"
             Spamhaus = "spam domain"
        Case "127.0.1.4"
             Spamhaus = "phish domain"
        Case "127.0.1.5"
             Spamhaus = "malware domain"
        Case "127.0.1.6"
             Spamhaus = "botnet C&C domain"
        Case "127.0.1.102"
             Spamhaus = "abused legit spam"
        Case "127.0.1.103"
             Spamhaus = "abused spammed redirector domain"
        Case "127.0.1.104"
             Spamhaus = "abused legit phish"
        Case "127.0.1.105"
             Spamhaus = "abused legit malware"
        Case "127.0.1.106"
             Spamhaus = "abused legit botnet C&C"
        Case "127.0.1.255"
             Spamhaus = "IP queries prohibited!"
        Case "127.255.255.252"
             Spamhaus = "Typing error in DNSBL name"
        Case "127.255.255.254"
             Spamhaus = "Anonymous query through public resolver"
        Case "127.255.255.255"
             Spamhaus = "Excessive number of queries"
        Case Else
             Spamhaus = strLookup
    End Select
End Function

Code: Select all

Thread
ID       Date/time                  Action            IP Address        Port  IP/SPAM Info      PTR/HELO/Service
------   -------------------------  ----------------  ----------------  ---   ----------------  ---------------------------
780      "2019-07-29 00:47:38.038"  "--- Connect ---  107.170.240.68    465   - Level 3         zg-0403-22.stretchoid.com"
780      "2019-07-29 00:47:38.226"  "Spamhaus DBL     107.170.240.68          spam domain       zg-0403-22.stretchoid.com"
780      "2019-07-29 00:47:38.413"  "GEOBlock         107.170.240.68                            SMTPS"
780      "2019-07-29 00:47:39.896"  "DISCONNECT       107.170.240.68"

3928     "2019-07-29 03:40:11.454"  "--- Connect ---  162.243.145.33    993   - Level 3         zg-0326a-22.stretchoid.com"
3928     "2019-07-29 03:40:11.718"  "Spamhaus DBL     162.243.145.33          spam domain       zg-0326a-22.stretchoid.com"
3928     "2019-07-29 03:40:11.718"  "GEOBlock         162.243.145.33                            IMAPS"
3928     "2019-07-29 03:40:13.204"  "DISCONNECT       162.243.145.33"

780      "2019-07-29 05:00:06.943"  "--- Connect ---  162.243.143.89    465   - Level 3         zg-0326a-15.stretchoid.com"
780      "2019-07-29 05:00:07.099"  "Spamhaus DBL     162.243.143.89          spam domain       zg-0326a-15.stretchoid.com"
780      "2019-07-29 05:00:07.240"  "GEOBlock         162.243.143.89                            SMTPS"
780      "2019-07-29 05:00:08.724"  "DISCONNECT       162.243.143.89"

3184     "2019-07-29 08:05:03.804"  "--- Connect ---  159.89.52.68      25    - Level 5         nowsmart.info"
3184     "2019-07-29 08:05:03.898"  "Spamhaus DBL     159.89.52.68            spam domain       nowsmart.info"
3184     "2019-07-29 08:05:03.898"  "IDS Add          159.89.52.68"
3184     "2019-07-29 08:05:04.007"  "SnowShoe         159.89.52.68"
3184     "2019-07-29 08:05:05.492"  "DISCONNECT       159.89.52.68"
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

palinka
Senior user
Senior user
Posts: 1107
Joined: 2017-09-12 17:57

Re: Reject on Spamhaus DBL

Post by palinka » 2019-07-29 15:41

37 hits since I started watching. Since I was submitting only the "2LD" parsed via regex, potentially I could have had one or two more hits if I submitted the entire hostname.

All but one of them was picked up by spamhaus zen. That's good! Any variation means that it could be useful for connection rejection. Certainly ANY email address containing a match is worthy of message rejection. I think I'll put it into use today. (I already implemented message rejection). I would put this last in line of OnHELO filters.

Below is my test scoring (only hits on SH DBL). I DO reject on spamhaus zen and UCEProtect, but the others are just to see how they stack up.

Code: Select all

7/29/2019 8:40:32 AM - 192.236.192.244 - Netherlands
7/29/2019 8:40:32 AM - 192.236.192.244 - prep.sleepycool.pro
7/29/2019 8:40:32 AM - 192.236.192.244 - Spamhaus: DBL
7/29/2019 8:40:32 AM - 192.236.192.244 - SpamDonkey: Level 5
7/29/2019 8:40:31 AM - 192.236.192.244 - HostKarma: BlackListed
7/29/2019 8:40:31 AM - 192.236.192.244 - Spamhaus: SBL

7/29/2019 7:05:30 AM - 170.0.125.163 - Brazil
7/29/2019 7:05:30 AM - 170.0.125.163 - 163-125-0-170.castelecom.com.br
7/29/2019 7:05:30 AM - 170.0.125.163 - Spamhaus: DBL
7/29/2019 7:05:30 AM - 170.0.125.163 - SpamDonkey: Level 5
7/29/2019 7:05:29 AM - 170.0.125.163 - UCEProtect-Network: Reject
7/29/2019 7:05:29 AM - 170.0.125.163 - SpamCop: Reject
7/29/2019 7:05:29 AM - 170.0.125.163 - HostKarma: YellowListed
7/29/2019 7:05:29 AM - 170.0.125.163 - Spamhaus: XBL

7/29/2019 6:16:04 AM - 142.11.233.26 - United States
7/29/2019 6:16:04 AM - 142.11.233.26 - armoured.dietgodbalance.us
7/29/2019 6:16:04 AM - 142.11.233.26 - Spamhaus DBL: 
7/29/2019 6:16:03 AM - 142.11.233.26 - SpamDonkey: Level 5
7/29/2019 6:16:03 AM - 142.11.233.26 - HostKarma: BlackListed
7/29/2019 6:16:03 AM - 142.11.233.26 - Spamhaus: SBL

7/29/2019 6:11:24 AM - 170.0.125.67 - Brazil
7/29/2019 6:11:24 AM - 170.0.125.67 - 67-125-0-170.castelecom.com.br
7/29/2019 6:11:24 AM - 170.0.125.67 - Spamhaus DBL: castelecom.com.br
7/29/2019 6:11:23 AM - 170.0.125.67 - SpamDonkey: Level 5
7/29/2019 6:11:23 AM - 170.0.125.67 - UCEProtect-Network: Reject
7/29/2019 6:11:23 AM - 170.0.125.67 - SpamCop: Reject
7/29/2019 6:11:22 AM - 170.0.125.67 - HostKarma: YellowListed
7/29/2019 6:11:22 AM - 170.0.125.67 - Spamhaus: XBL

7/29/2019 5:31:24 AM - 142.11.218.182 - United States
7/29/2019 5:31:24 AM - 142.11.218.182 - axe.gltusunlock.xyz
7/29/2019 5:31:24 AM - 142.11.218.182 - Spamhaus DBL: gltusunlock.xyz
7/29/2019 5:31:18 AM - 142.11.218.182 - HostKarma: BlackListed
7/29/2019 5:31:18 AM - 142.11.218.182 - Spamhaus: SBL

7/29/2019 5:27:34 AM - 170.0.126.42 - Brazil
7/29/2019 5:27:34 AM - 170.0.126.42 - 42-126-0-170.castelecom.com.br
7/29/2019 5:27:33 AM - 170.0.126.42 - Spamhaus DBL: castelecom.com.br
7/29/2019 5:27:27 AM - 170.0.126.42 - UCEProtect-Network: Reject
7/29/2019 5:27:27 AM - 170.0.126.42 - SpamCop: Reject
7/29/2019 5:27:26 AM - 170.0.126.42 - HostKarma: YellowListed
7/29/2019 5:27:26 AM - 170.0.126.42 - Spamhaus: SBL

7/28/2019 7:50:58 PM - 23.237.22.120 - United States
7/28/2019 7:50:58 PM - 23.237.22.120 - mail.novaemporio.com
7/28/2019 7:50:58 PM - 23.237.22.120 - Spamhaus DBL: novaemporio.com
7/28/2019 7:50:57 PM - 23.237.22.120 - SpamDonkey: Level 5
7/28/2019 7:50:56 PM - 23.237.22.120 - Spamhaus: SBL

7/28/2019 7:35:03 PM - 89.144.49.194 - Germany
7/28/2019 7:35:03 PM - 89.144.49.194 - ada37.com
7/28/2019 7:35:03 PM - 89.144.49.194 - Spamhaus DBL: ada37.com
7/28/2019 7:35:02 PM - 89.144.49.194 - SpamDonkey: Level 5
7/28/2019 7:35:02 PM - 89.144.49.194 - Spamhaus: SBL

7/28/2019 7:01:55 PM - 23.237.22.128 - United States
7/28/2019 7:01:55 PM - 23.237.22.128 - mail.nsglimitedgroup.com
7/28/2019 7:01:54 PM - 23.237.22.128 - Spamhaus DBL: nsglimitedgroup.com
7/28/2019 7:01:54 PM - 23.237.22.128 - SpamDonkey: Level 5
7/28/2019 7:01:53 PM - 23.237.22.128 - Spamhaus: SBL

7/28/2019 6:39:40 PM - 177.73.188.80 - Brazil
7/28/2019 6:39:40 PM - 177.73.188.80 - 80.188.73.177.ivtelecom.net.br
7/28/2019 6:39:40 PM - 177.73.188.80 - Spamhaus DBL: ivtelecom.net.br
7/28/2019 6:39:39 PM - 177.73.188.80 - SpamDonkey: Level 5
7/28/2019 6:39:38 PM - 177.73.188.80 - UCEProtect-Network: Reject
7/28/2019 6:39:38 PM - 177.73.188.80 - SpamCop: Reject
7/28/2019 6:39:38 PM - 177.73.188.80 - HostKarma: BlackListed
7/28/2019 6:39:38 PM - 177.73.188.80 - Spamhaus: SBL

7/28/2019 6:19:39 PM - 63.80.190.58 - United States
7/28/2019 6:19:39 PM - 63.80.190.58 - allspinsgo.com
7/28/2019 6:19:39 PM - 63.80.190.58 - Spamhaus DBL: allspinsgo.com
7/28/2019 6:19:39 PM - 63.80.190.58 - SpamDonkey: Level 2
7/28/2019 6:19:37 PM - 63.80.190.58 - Spamhaus: SBL

7/28/2019 6:13:40 PM - 23.237.22.129 - United States
7/28/2019 6:13:40 PM - 23.237.22.129 - mail.nuenomics.com
7/28/2019 6:13:40 PM - 23.237.22.129 - Spamhaus DBL: nuenomics.com
7/28/2019 6:13:39 PM - 23.237.22.129 - SpamDonkey: Level 5
7/28/2019 6:13:39 PM - 23.237.22.129 - Spamhaus: SBL

7/28/2019 6:09:14 PM - 63.80.190.56 - United States
7/28/2019 6:09:14 PM - 63.80.190.56 - 1tacfl.com
7/28/2019 6:09:13 PM - 63.80.190.56 - Spamhaus DBL: 1tacfl.com
7/28/2019 6:09:13 PM - 63.80.190.56 - SpamDonkey: Level 2
7/28/2019 6:09:11 PM - 63.80.190.56 - SpamCop: Reject
7/28/2019 6:09:11 PM - 63.80.190.56 - Spamhaus: SBL

7/28/2019 5:52:59 PM - 185.55.243.141 - Germany
7/28/2019 5:52:59 PM - 185.55.243.141 - 52lbsin30days.com
7/28/2019 5:52:59 PM - 185.55.243.141 - Spamhaus DBL: 52lbsin30days.com
7/28/2019 5:52:59 PM - 185.55.243.141 - SpamDonkey: Level 5
7/28/2019 5:52:58 PM - 185.55.243.141 - Spamhaus: SBL

7/28/2019 5:41:41 PM - 167.89.24.178 - United States
7/28/2019 5:41:41 PM - 167.89.24.178 - o45.email.Careersearcher.org
7/28/2019 5:41:41 PM - 167.89.24.178 - Spamhaus DBL: Careersearcher.org
7/28/2019 5:41:41 PM - 167.89.24.178 - SpamDonkey: Level 1
7/28/2019 5:41:32 PM - 167.89.24.178 - Spamhaus: SBL

7/28/2019 5:36:04 PM - 23.237.22.126 - United States
7/28/2019 5:36:04 PM - 23.237.22.126 - mail.nrgdrive.com
7/28/2019 5:36:04 PM - 23.237.22.126 - Spamhaus DBL: nrgdrive.com
7/28/2019 5:36:03 PM - 23.237.22.126 - SpamDonkey: Level 5
7/28/2019 5:36:03 PM - 23.237.22.126 - Spamhaus: SBL

7/28/2019 5:23:41 PM - 89.144.63.167 - Germany
7/28/2019 5:23:41 PM - 89.144.63.167 - achrisknows.com
7/28/2019 5:23:41 PM - 89.144.63.167 - Spamhaus DBL: achrisknows.com
7/28/2019 5:23:41 PM - 89.144.63.167 - SpamDonkey: Level 5
7/28/2019 5:23:40 PM - 89.144.63.167 - Spamhaus: SBL

7/28/2019 5:10:50 PM - 69.94.156.234 - United States
7/28/2019 5:10:50 PM - 69.94.156.234 - ada40.com
7/28/2019 5:10:50 PM - 69.94.156.234 - Spamhaus DBL: ada40.com
7/28/2019 5:10:49 PM - 69.94.156.234 - SpamDonkey: Level 2
7/28/2019 5:10:49 PM - 69.94.156.234 - Spamhaus: SBL

7/28/2019 4:52:33 PM - 89.144.49.192 - Germany
7/28/2019 4:52:33 PM - 89.144.49.192 - 0costreading.com
7/28/2019 4:52:33 PM - 89.144.49.192 - Spamhaus DBL: 0costreading.com
7/28/2019 4:52:33 PM - 89.144.49.192 - SpamDonkey: Level 5
7/28/2019 4:52:32 PM - 89.144.49.192 - Spamhaus: SBL


7/28/2019 4:44:24 PM - 63.80.185.218 - United States
7/28/2019 4:44:24 PM - 63.80.185.218 - 1compreading.com
7/28/2019 4:44:24 PM - 63.80.185.218 - Spamhaus DBL: 1compreading.com
7/28/2019 4:44:24 PM - 63.80.185.218 - SpamDonkey: Level 2
7/28/2019 4:44:22 PM - 63.80.185.218 - SpamCop: Reject
7/28/2019 4:44:22 PM - 63.80.185.218 - Spamhaus: SBL

7/28/2019 4:35:32 PM - 23.237.22.136 - United States
7/28/2019 4:35:32 PM - 23.237.22.136 - mail.openyourawareness.com
7/28/2019 4:35:32 PM - 23.237.22.136 - Spamhaus DBL: openyourawareness.com
7/28/2019 4:35:32 PM - 23.237.22.136 - SpamDonkey: Level 5
7/28/2019 4:35:31 PM - 23.237.22.136 - Spamhaus: SBL

7/28/2019 4:31:10 PM - 69.94.156.232 - United States
7/28/2019 4:31:09 PM - 69.94.156.232 - 10daysleep.com
7/28/2019 4:31:09 PM - 69.94.156.232 - Spamhaus DBL: 10daysleep.com
7/28/2019 4:31:09 PM - 69.94.156.232 - SpamDonkey: Level 3
7/28/2019 4:31:07 PM - 69.94.156.232 - SpamCop: Reject
7/28/2019 4:31:07 PM - 69.94.156.232 - Spamhaus: SBL

7/28/2019 4:09:51 PM - 104.218.63.102 - Pakistan
7/28/2019 4:09:51 PM - 104.218.63.102 - todaynews.host
7/28/2019 4:09:50 PM - 104.218.63.102 - Spamhaus DBL: todaynews.host
7/28/2019 4:09:50 PM - 104.218.63.102 - SpamDonkey: Level 5
7/28/2019 4:09:45 PM - 104.218.63.102 - UCEProtect-Network: Reject
7/28/2019 4:09:45 PM - 104.218.63.102 - SpamCop: Reject
7/28/2019 4:09:45 PM - 104.218.63.102 - HostKarma: BlackListed
7/28/2019 4:09:45 PM - 104.218.63.102 - Spamhaus: XBL

7/28/2019 3:01:03 PM - 89.144.63.165 - Germany
7/28/2019 3:01:03 PM - 89.144.63.165 - 0costchris.com
7/28/2019 3:01:03 PM - 89.144.63.165 - Spamhaus DBL: 0costchris.com
7/28/2019 3:01:03 PM - 89.144.63.165 - SpamDonkey: Level 5
7/28/2019 3:01:02 PM - 89.144.63.165 - Spamhaus: SBL

7/28/2019 2:37:40 PM - 69.94.156.234 - United States
7/28/2019 2:37:40 PM - 69.94.156.234 - ada40.com
7/28/2019 2:37:40 PM - 69.94.156.234 - Spamhaus DBL: ada40.com
7/28/2019 2:37:40 PM - 69.94.156.234 - SpamDonkey: Level 2

7/28/2019 1:39:36 PM - 185.55.243.139 - Germany
7/28/2019 1:39:36 PM - 185.55.243.139 - 0722july.com
7/28/2019 1:39:36 PM - 185.55.243.139 - Spamhaus DBL: 0722july.com
7/28/2019 1:39:35 PM - 185.55.243.139 - SpamDonkey: Level 5
7/28/2019 1:39:34 PM - 185.55.243.139 - Spamhaus: SBL

7/28/2019 1:39:21 PM - 89.207.169.93 - Poland
7/28/2019 1:39:21 PM - 89.207.169.93 - 023cd68f.carwarranty.racing
7/28/2019 1:39:21 PM - 89.207.169.93 - Spamhaus DBL: carwarranty.racing
7/28/2019 1:39:21 PM - 89.207.169.93 - SpamDonkey: Level 5
7/28/2019 1:39:20 PM - 89.207.169.93 - Spamhaus: SBL

7/28/2019 9:51:47 AM - 175.29.179.106 - Bangladesh
7/28/2019 9:51:47 AM - 175.29.179.106 - lipplus.it
7/28/2019 9:51:47 AM - 175.29.179.106 - Spamhaus DBL: lipplus.it
7/28/2019 9:51:46 AM - 175.29.179.106 - SpamDonkey: Level 5
7/28/2019 9:51:46 AM - 175.29.179.106 - UCEProtect-Network: Reject
7/28/2019 9:51:46 AM - 175.29.179.106 - SpamCop: Reject
7/28/2019 9:51:45 AM - 175.29.179.106 - HostKarma: BlackListed
7/28/2019 9:51:45 AM - 175.29.179.106 - Spamhaus: SBL

7/28/2019 9:50:50 AM - 170.0.126.202 - Brazil
7/28/2019 9:50:50 AM - 170.0.126.202 - 202-126-0-170.castelecom.com.br
7/28/2019 9:50:50 AM - 170.0.126.202 - Spamhaus DBL: castelecom.com.br
7/28/2019 9:50:49 AM - 170.0.126.202 - SpamDonkey: Level 5
7/28/2019 9:50:49 AM - 170.0.126.202 - UCEProtect-Network: Reject
7/28/2019 9:50:49 AM - 170.0.126.202 - SpamCop: Reject
7/28/2019 9:50:49 AM - 170.0.126.202 - HostKarma: YellowListed
7/28/2019 9:50:48 AM - 170.0.126.202 - Spamhaus: XBL

7/28/2019 9:26:16 AM - 170.0.125.140 - Brazil
7/28/2019 9:26:16 AM - 170.0.125.140 - 140-125-0-170.castelecom.com.br
7/28/2019 9:26:16 AM - 170.0.125.140 - Spamhaus DBL: castelecom.com.br
7/28/2019 9:26:15 AM - 170.0.125.140 - SpamDonkey: Level 5
7/28/2019 9:26:15 AM - 170.0.125.140 - UCEProtect-Network: Reject
7/28/2019 9:26:15 AM - 170.0.125.140 - SpamCop: Reject
7/28/2019 9:26:14 AM - 170.0.125.140 - Spamhaus: SBL

7/28/2019 8:16:36 AM - 192.236.192.21 - Netherlands
7/28/2019 8:16:36 AM - 192.236.192.21 - 0590148d.sleptwid.bid
7/28/2019 8:16:36 AM - 192.236.192.21 - Spamhaus DBL: sleptwid.bid
7/28/2019 8:16:36 AM - 192.236.192.21 - SpamDonkey: Level 5
7/28/2019 8:16:35 AM - 192.236.192.21 - Spamhaus: SBL

7/28/2019 6:28:30 AM - 192.236.192.14 - Netherlands
7/28/2019 6:28:30 AM - 192.236.192.14 - 05901489.plnefly.bid
7/28/2019 6:28:30 AM - 192.236.192.14 - Spamhaus DBL: plnefly.bid
7/28/2019 6:28:30 AM - 192.236.192.14 - SpamDonkey: Level 5
7/28/2019 6:28:29 AM - 192.236.192.14 - Spamhaus: SBL

7/28/2019 3:25:37 AM - 170.0.126.53 - Brazil
7/28/2019 3:25:37 AM - 170.0.126.53 - 53-126-0-170.castelecom.com.br
7/28/2019 3:25:37 AM - 170.0.126.53 - Spamhaus DBL: castelecom.com.br
7/28/2019 3:25:37 AM - 170.0.126.53 - SpamDonkey: Level 5
7/28/2019 3:25:36 AM - 170.0.126.53 - UCEProtect-Network: Reject
7/28/2019 3:25:36 AM - 170.0.126.53 - SpamCop: Reject
7/28/2019 3:25:36 AM - 170.0.126.53 - HostKarma: YellowListed
7/28/2019 3:25:36 AM - 170.0.126.53 - Spamhaus: SBL

7/27/2019 6:29:51 PM - 170.0.125.123 - Brazil
7/27/2019 6:29:51 PM - 170.0.125.123 - 123-125-0-170.castelecom.com.br
7/27/2019 6:29:50 PM - 170.0.125.123 - Spamhaus DBL: castelecom.com.br
7/27/2019 6:29:50 PM - 170.0.125.123 - SpamDonkey: Level 5
7/27/2019 6:29:49 PM - 170.0.125.123 - UCEProtect-Network: Reject
7/27/2019 6:29:49 PM - 170.0.125.123 - SpamCop: Reject
7/27/2019 6:29:49 PM - 170.0.125.123 - Spamhaus: XBL

7/27/2019 12:16:14 PM - 142.11.211.51 - United States
7/27/2019 12:16:14 PM - 142.11.211.51 - 023cd67d.neverpainagain.bid
7/27/2019 12:16:14 PM - 142.11.211.51 - Spamhaus DBL: neverpainagain.bid
7/27/2019 12:16:13 PM - 142.11.211.51 - SpamDonkey: Level 5
7/27/2019 12:16:13 PM - 142.11.211.51 - Spamhaus: SBL

7/27/2019 10:41:59 AM - 197.254.108.110 - Kenya
7/27/2019 10:41:59 AM - 197.254.108.110 - 197.254.108.110.acesskenya.net
7/27/2019 10:41:59 AM - 197.254.108.110.acesskenya.net - Spamhaus DBL: acesskenya.net
7/27/2019 10:41:54 AM - 197.254.108.110 - SpamDonkey: Level 5
7/27/2019 10:41:54 AM - 197.254.108.110 - UCEProtect-Network: Reject
7/27/2019 10:41:53 AM - 197.254.108.110 - SpamCop: Reject
7/27/2019 10:41:53 AM - 197.254.108.110 - HostKarma: BlackListed
7/27/2019 10:41:53 AM - 197.254.108.110 - Spamhaus: SBL

7/27/2019 10:39:07 AM - 195.201.133.156 - Germany
7/27/2019 10:39:07 AM - 195.201.133.156 - user0.jugar.xyz
7/27/2019 10:39:07 AM - user0.jugar.xyz - Spamhaus DBL: jugar.xyz
7/27/2019 10:39:07 AM - 195.201.133.156 - SpamDonkey: Level 5
7/27/2019 10:39:06 AM - 195.201.133.156 - Spamhaus: SBL


palinka
Senior user
Senior user
Posts: 1107
Joined: 2017-09-12 17:57

Re: Reject on Spamhaus DBL

Post by palinka » 2019-07-31 16:02

Uce-protect hit on a few Amazon ses IPs, which then were rejected. I later found out Amazon ses is perennially blacklisted by uce protect. The are plenty of spammers on Amazon ses, but plenty of non spammers too. Unfortunately i can't know if these were spam or ham since i did not receive the message.

Looks like only spamhaus is good for rejection. I've been monitoring that a long time and never to my knowledge have had a false positive.

Post Reply