SORBS Bites Me Back

Last weekend I finally got around to putting my latest major hardware purchase into production. I got one of these SolidLogic GS-L02 Fanless Mini-ITX Systems. I called in my order to have it customized with the same hardware they used in one of their earlier firewalls with two nics and m0n0wall. I ordered mine without m0n0wall installed and added a 300GB hard drive instead of their flash disk. If I would have done more research, I would have found that only a i586 kernel could be installed with this vio processor. Hence no 2.6.x kernel. Not a problem as I was planning to install SmoothWall Express 2.0 which uses a 2.4.x kernel. It's a sweet system using low power and the only sound is the hard drive motor and disk writes. One advantage of this system is it's lack of tempting buttons to push by kids. That came with a problem however. Doing a 'halt', 'shutdown' or 'reboot' would power it down for good. Applying the power does not bring it back up. I had to open it up and short a couple pins to get it back on. After forgetting this a few times I went out and got a very tiny push button switch from RadioShack and mounted it under the AC jack. So I digress.

The move to a new firewall means a different nic/mac address to my ISP therefore I get a different dynamic IP address. My personal domain is hosted by another ISP but I have full control of setting it up for email and web services. I use it as my default SMTP but have to use a different port than the normal SMTP 25 as my ISP filters them to keep people from abusing and being abused by spammers.

My current email server runs Postfix, SpamAssassin, and MailScanner with ClamAV. (I'm lazy, forgive me for not linking all those.) I have tuned my MailScanner setting to check for spammers against SORBS-DNSBL, SBL+XBL, and ORDB-RBL lists. Lately I have tightened the grip by calling email spam if the sender is listed on even one of these lists. Low graded spam is forwarded to me and high spam gets dumped into another account I use for Bayesian filter training in Thunderbird. Missed spam can also get tagged and a cron-job picks it back up later in the day to train SpamAssassin's Bayesian filter.

I installed the firewall last weekend and all is running well and smooth. Then on Monday my wife emails several people and I get a copy assuming I was one of the recipients not thinking much of it. Then on Thursday she emails directly to someone and I notice it tagged as Spam. My first thought is that I caused this by over training with some of the latest 'pump-n-dump' spam designed to poison Bayes filters. So I quickly retrain SpamAssassin and have her try again but it comes to me again as spam.

So what could it be? The only thing I did was change the firewall. I later discovered the current IP I was assigned was listed on SORBS and possibly other RBL lists. I assumed my previous IP was listed too so this wasn't my initial conclusion of being the problem but the old IP was not listed. My initial thought for fixing this was to re-write the headers in order to get mail out but I needed to step one square back and understand that it was my server rejecting even tho I use SMTPAUTH to avoid relay rejection. To fix this problem I had to add my IP to the spam.whitelist.rules that MailScanner reads.

In conclusion: My email server started rejecting my own email due to the change of my connecting IP address which is listed in the SORBS database. This was resolved by adding my IP to the MailScanner whitelist.