Gmail is blocked because Dictionary Attacks
Some people experience message rejections from their gmail accounts with this message:
550 "JunkMail rejected - mail-xx-xx.google.com [209.85.221.64]:48137 is in an RBL: Automated dictionary attacks"
I have dictionary attack protection disabled:
Exim -> Editor -> ACL Options : Dictionary attack protection OFF
Also I have inside /etc/greylist_common_mail_providers
google.com
*.google.com
gmail.com
*.gmail.com
although still these rejections arise.
It doesn't happen with all the gmail senders, only with some. Although this is very problematic because the amount of people using gmail.
Are there more things to check inside Exim configuration to solve this problem?
Please, some help to fix this issue. Thanks!
-
there is this option: "Ratelimit suspicious SMTP servers" which is ON it seems it can return that message: "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack" Description of that option shows: "Ratelimit incoming SMTP connections that do not send QUIT (violates RFCs), have recently matched an RBL, or have attacked the server." I wonder if, in example, a recent message from Gmail was catched like spam, and the following Gmail messages could be rejected because the new imposed ratelimits. It could be the case?. Please, I pray some help with this issue because this is affecting legitimate Gmail senders-. Thanks 0 -
Hey there! What RBLs do you have enabled on the system? I'm not finding other users with similar problems when I search on my end. 0 -
I have solved the issue 3 days ago. I'm using RBL Barracuda, Spamhaus and other proved RBL. The log message "is in an RBL: Automated dictionary attacks" is generic, without any RBL associated. I believe it was in the last segment in the Exim config templates for the RBL checking. Setting the option "Dictionary attack protection " in OFF didn't solved the problem. I have included *.google.com inside /etc/skiprbldomains and now it seems it solved. Maybe the relation between that WHM option and Exim config doesn't work in all the extent. I don't know. I wonder when one RBL detects some spam activity from one Gmail address with a legit Google IP, the following Gmail messages from that same IP can be blocked. I'm not sure. Allowing google.com to bypass all the RBL checking is risky, although it is the only way that I have found to end the problem. If you know a better solution please leave here. thx 0
Please sign in to leave a comment.
Comments
3 comments