Skip to main content

Gmail is blocked because Dictionary Attacks

Comments

3 comments

  • Mise
    there is this option: "Ratelimit suspicious SMTP servers" which is ON it seems it can return that message: "Increment Connection Ratelimit - $sender_fullhost because of Dictionary Attack" Description of that option shows: "Ratelimit incoming SMTP connections that do not send QUIT (violates RFCs), have recently matched an RBL, or have attacked the server." I wonder if, in example, a recent message from Gmail was catched like spam, and the following Gmail messages could be rejected because the new imposed ratelimits. It could be the case?. Please, I pray some help with this issue because this is affecting legitimate Gmail senders-. Thanks
    0
  • cPRex Jurassic Moderator
    Hey there! What RBLs do you have enabled on the system? I'm not finding other users with similar problems when I search on my end.
    0
  • Mise
    I have solved the issue 3 days ago. I'm using RBL Barracuda, Spamhaus and other proved RBL. The log message "is in an RBL: Automated dictionary attacks" is generic, without any RBL associated. I believe it was in the last segment in the Exim config templates for the RBL checking. Setting the option "Dictionary attack protection " in OFF didn't solved the problem. I have included *.google.com inside /etc/skiprbldomains and now it seems it solved. Maybe the relation between that WHM option and Exim config doesn't work in all the extent. I don't know. I wonder when one RBL detects some spam activity from one Gmail address with a legit Google IP, the following Gmail messages from that same IP can be blocked. I'm not sure. Allowing google.com to bypass all the RBL checking is risky, although it is the only way that I have found to end the problem. If you know a better solution please leave here. thx
    0

Please sign in to leave a comment.