> If someone knows the answer to the does Auth or DNSBL happen first, I would still be interested to have the answer to that question.

Blacklisting happens upon connection by the sending system when MercuryS checks to see of the connecting IP address is blacklisted. Authentication happens much later in the process after the receipt of the EHLO string.  If you do a session log from a blacklisted address it becomes readily apparent when the blacklisted connection is rejected.

What you can do though is tag using the blacklist instead of rejecting and then later in the receipt process done by the core module setup some sort of filter based the header added to the message.

For some time now (years) we have been using Spamhaus to keep unwanted stuff out of our email system successfully.  Some time back (again years) we started running into problems where hotel internet connections would be blocked by Spamhaus which would result in lots of odd hours international cell phone calls from irate managers and sales people not being able to send outgoing email.  We have solved this problem by using a proxy to allow connections on port 2525, which causes all connections coming in on that port to appear to be coming from a local private IP address (192.168.x.y) which Spamhaus doesn't block.  This had worked fine until recently when a large number of staff booked rooms in a hotel in the Netherlands which was blocking outgoing connections on high numbered ports.  Not wanting to blame this one hotel because I know once I see it in one place, there will be more soon, I need to find another solution.  As of now, we are not using Authentication and have had no problems.  The question is, if I enable Authentication and an incoming connection authenticates successfully, will Mercury let the connection through even though the source IP is listed as a bad guy by Spamhaus?  Any insight into this problem will be greatly appreciated.

Gus

I'm not sure if authentication would redeem a message from an IP address that has triggered a DNSBL. It could be so, there is a feature in Mercury's SMTP transaction handling that will delay termination of connections until it's known if the user does authenticate successfully, but I can't think of any quick way to test it right now.

On the other hand, why not simply use the standard mail submission port (587) instead of 2525?

/Rolf

I have set that one up quickly, now to see if the sales people are still at the questionable hotel and have gotten the message I sent them to try it.  I had originally used port 2525 at the suggestion of someone in this forum some time ago.  If someone knows the answer to the does Auth or DNSBL happen first, I would still be interested to have the answer to that question.