SORBS false positives. Kill sorbs or spam blocker?

netstepinc

Verified User
Joined
Jul 2, 2006
Messages
75
Location
Seattle, WA Area
I've been getting a lot of false positives with SORBS.
Every week a user calls me up in a fit saying they are not getting all the mail they are supposed to get.

> How do I disable the use of SORBS?

If that is not possible, how can I disable SpamBlocker?
 
Its possible that the IP from the sender is listed on a RBL, so then you wont get the email.
If the IP of the server is listed (where the mail needs to go) then it could be that its rejected before sending.

You can disable SORBS by changing the exim.conf
# deny using sorbs name based list
deny message = Email blocked by SORBS - to unblock see http://www.example.com/
domains =+use_rbl_domains
# rhsbl list is name based
dnslists = rhsbl.sorbs.net/$sender_address_domain
Replace by
# deny using sorbs name based list
# deny message = Email blocked by SORBS - to unblock see http://www.example.com/
# domains =+use_rbl_domains
# # rhsbl list is name based
# dnslists = rhsbl.sorbs.net/$sender_address_domain

FYI: We have many servers and hosting alot of websites and using SORBS without any problems. I guess its a problem not from your side.
 
I've been getting a lot of false positives with SORBS.
Every week a user calls me up in a fit saying they are not getting all the mail they are supposed to get.

> How do I disable the use of SORBS?

If that is not possible, how can I disable SpamBlocker?

Unless something has changed spamblocker is not enabled by default for all domains hosted. You have to manually set up spamblocker for it to work. Therefore if you set it up then certainly you would know how to disable it.
 
THANK YOU for your help.

A server maintenance provider set it up.
We no longer use their services.

The incoming users are in SORBS, but the people being black-listed are not spammers.
I've had multiple customers complaining their customers cannot send them mail or they cannot send mail to their own company from an external address.

The problem is that many people don't read the rejection message and don't click the link to the page that explains what do to about it. I had one guy going back and forth with me complaining for a couple days via email. I checked his IP and since it was the first time he'd been listed he was eligible for self-removal. If he had stopped to read the large print on my spam page, he would have been all set in 5 minutes. I wanted to beat him.

At least one of my customers understands what they are up against.
"I have godaddy putting a request into SORBS to remove their mail server IP address from their list. This is happening to them a lot lately, so they can get it removed within 24 hours. The problem is, we are using a shared mail server with all godaddy customers, so our IP isn't constant and godaddy's servers will randomly get put on these spam lists when their other customers send spam. We are innocent bystanders that get banned because of other godaddy customers."
 
Last edited:
You could ask them also to use their own ISP mailserver. Why should you remove the SORBS list if it blocks alot of spam only just for a few customers?

I guess there is something else wrong, since we are using it too without any problems. In most cases when a customer asked "I can't send/receive email" we are asking for IP-addresses, mail headers etc.

Then we see their own IP-address is blocked, abused.
 
The incoming users are in SORBS, but the people being black-listed are not spammers.
I've had multiple customers complaining their customers cannot send them mail or they cannot send mail to their own company from an external address
Probably SORBS blocking the whole ISP /32 sub-net, like they do many times! <sigh>
 
You could ask them also to use their own ISP mailserver. Why should you remove the SORBS list if it blocks alot of spam only just for a few customers?

Many ISPs in the US do not allow that any more to avoid being used for spam. Mail is then also rejected if the receiving system does a reverse PTR lookup.
...been there done that.
 
I've had problems with both Verizon and Comcast.
Maybe it's no longer an issue, but there is still reverse lookup issues.
If it works for you, great.

I use Verizon all the time. And I have customers who use all the major isp's. And all the major isp's have their PTR records set properly.

If there was a problem for you then you probably did not find the real problem and made some assumptions.

Some isp's will put a limit on how many emails can be sent. Maybe that was the problem you were experiencing.

You made a broad statement without any evidence. Unless you can provide evidence of such a problem then its not point in discussing it any more.

Anyway back to the topic: Whether you remove sorbs or not is your personal decision. You know how to do it now.
 
Last edited:
@netstepinc:

The latest SpamBlocker configuration files do not use any Sorbs blocklists at all, but we don't recommend installing the latest release candidate as there are significant changes coming in the next one.

User daveyw posted above (post #2) how to find and remove the sorbs section in older versions of SpamBlocker exim.conf file. If your file uses a combined ACL stanza; something like this (yours will be different):
Code:
  # Deny using various RBLs
  # EDIT AS REQUIRED TO FIT YOUR ENVIRONMENT
  # EDIT edit message to fit your needs.
  deny message = Email blocked by $dnslist_domain
       hosts    = !+relay_hosts
       domains = +use_rbl_domains
       domains = !+skip_rbl_domains
       !authenticated = *
       dnslists = \
       zen.spamhaus.org : \
       dnsbl.njabl.org : \
       bl.spamcop.net : \
       dnsbl.ahbl.org : \
       cbl.abuseat.org : \
       combined.rbl.msrbl.net
then simply remove the line(s) with sorbs in it. Note if a sorbs line is the last line of that section you should also remove the : \ as the last line in the set doesn't have that.

You can completely shut off SpamBlocker for all your domains by deleting /etc/virtual/use_rbl_domains, and creating a new empty file by the same name, with the same permissions as /etc/virtual/domains.

After any changes of exim.conf you must restart exim.

Jeff
 
I dont use Sorbs anymore either : they are far to hard and quick to Black List.

And man : they block the complete IP ! With a hosting server that has tens of websites ... how can you not get black listed by Sorbs ?
 
And man : they block the complete IP ! With a hosting server that has tens of websites ... how can you not get black listed by Sorbs ?
What did you think, you can't block an IP half, its blocked or not.

How you cannot: Dont spam with the server :)
 
How you cannot: Dont spam with the server
Well of course ... its hard to survey all clients all the time.
When you give people access to newsletter, or just even PHP ... you have to expect some are going to do stupid things like spam. BUT : if that server IP get black listed : all clients on that server get black listed. Not very fair seams to me no?

From there on i consider i cant trust SORBS when its say : thats a spammer.
 
THANK YOU for your help.

A server maintenance provider set it up.
We no longer use their services
 
Back
Top