@Customer: The "hfflp.com" domain is indeed listed now in the UB-BLACK SURBL (you can verify this at https://admin.uribl.com/), but does not appear to be listed in other SURBLs.
"How do I go about determining why these emails are being blocked and how do I fix this?"
The emails are blacklisted because they contain a link to hfflp.com and this domain is listed in the uribl.com URL blacklist. As to how to fix this, you can either request a removal on the above website and/or add this domain to the URL Domain Blacklist exception list in the ORF Admin Tool.
"Also, is there a chance that UB-BLACK SURBL is giving other false positives?"
There is always a chance for false positives in spam filtering. If you have lost your trust in uribl.com, simply disable the blacklist in ORF. We have noticed a few false positives with this blacklist in the past, but so did we even with the most reliable blacklists.
"How do I go about determining why these emails are being blocked and how do I fix this?"
The emails are blacklisted because they contain a link to hfflp.com and this domain is listed in the uribl.com URL blacklist. As to how to fix this, you can either request a removal on the above website and/or add this domain to the URL Domain Blacklist exception list in the ORF Admin Tool.
"Also, is there a chance that UB-BLACK SURBL is giving other false positives?"
There is always a chance for false positives in spam filtering. If you have lost your trust in uribl.com, simply disable the blacklist in ORF. We have noticed a few false positives with this blacklist in the past, but so did we even with the most reliable blacklists.
Peter Karsai (ORF Team)
(March 11, 2011)
in response to this post
in response to this post
@Peter Karsai (ORF Team): domains that are not blacklisted are showing up as being blacklisted via ORF.
Blacklisted by the UB-BLACK SURBL (domain: "axis.com", DNS lookup result: 127.0.0.255). this is just a sample domain.
i disabled DNS blacklist lookup why are these emails still being blacklisted.
Blacklisted by the UB-BLACK SURBL (domain: "axis.com", DNS lookup result: 127.0.0.255). this is just a sample domain.
i disabled DNS blacklist lookup why are these emails still being blacklisted.
chana atar
(November 3, 2011)
in response to this post
in response to this post
@chana atar: You are receiving 127.0.0.255 codes, which means your DNS server (or the upstream DNS server) has been banned from querying the public uribl.com mirrors (see http://www.uribl.com/about.shtml regarding this).
The fair use policy of uribl.com says that you must not exceed 300,000 lookups a day. Depending on your ORF settings, this might be reached from 100,000 emails a day in extreme cases, but thanks to repeated domains and DNS caching, you typically need an ISP-level traffic to trigger this banning.
I suspect the issue is caused by the upstream DNS server, which accumulates DNS traffic from many different DNS servers and thus triggers the ban. Please make sure all of the DNS servers specified for ORF follow the recommendations below. This should fix the problem.
* The DNS server must support recursion (enabled by default in Microsoft® DNS)
* The server should be on the local network or on the ORF computer. Using ISP DNS servers and third-party DNS resolution services (such as OpenDNS or Google Public DNS) is discouraged.
* The server should not use forwarders (e.g. ISP DNS servers)
* The server should not be the same DNS server that supports your Active Directory.
You can configure your ORF DNS server list under Configuration / System / DNS and Lookups.
Please let me know if this has helped.
The fair use policy of uribl.com says that you must not exceed 300,000 lookups a day. Depending on your ORF settings, this might be reached from 100,000 emails a day in extreme cases, but thanks to repeated domains and DNS caching, you typically need an ISP-level traffic to trigger this banning.
I suspect the issue is caused by the upstream DNS server, which accumulates DNS traffic from many different DNS servers and thus triggers the ban. Please make sure all of the DNS servers specified for ORF follow the recommendations below. This should fix the problem.
* The DNS server must support recursion (enabled by default in Microsoft® DNS)
* The server should be on the local network or on the ORF computer. Using ISP DNS servers and third-party DNS resolution services (such as OpenDNS or Google Public DNS) is discouraged.
* The server should not use forwarders (e.g. ISP DNS servers)
* The server should not be the same DNS server that supports your Active Directory.
You can configure your ORF DNS server list under Configuration / System / DNS and Lookups.
Please let me know if this has helped.
Peter Karsai (ORF Team)
(November 4, 2011)
in response to this post
in response to this post
@Peter Karsai (ORF Team): I started receiving 127.0.0.255 on November 3rd. I disabled this test. I've been using it fine for over a year before this.
Graham
(November 4, 2011)
in response to this post
in response to this post
I checked the address and it does not seem to be listed in a blacklist on Spamhaus. How do I go about determining why these emails are being blocked and how do I fix this? Also, is there a chance that UB-BLACK SURBL is giving other false positives?