Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32

    pfBlockerNG
    3
    11
    172
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      n257jy last edited by

      Hello, all I tried a search for this topic, so apologies if this is duplicate. Installed versions. PFsense 2.4.5 // PFblockerNG 2.2.5_32 // Browser Firefox 68.8 64 bit

      My wife uses yahoo mail.... I know, please spare me the comments, I have to live with her...
      Anyway she has legitimate documents that are routinely blocked by the DNSBL function in PFblocker.
      I have disabled and re-enabled DNSBL and the problem comes and goes... I have turned off all DNSBL groups and still no joy. I do not have DNSBL groups or Safe search enabled

      This surely is a no brainer for all you gurus out there, I'm just not one of them :-)

      Below the web link the gets blocked...
      https://dl-mail.ymail.com/ws/download/mailboxes/@.id==(+lots of encryped data jibberish)

      I have entered .ymail and .yahoo into the whitelist - no joy!

      ANY help where to begin or questions for more info would be greatly appreciated.

      NollipfSense 1 Reply Last reply Reply Quote 0
      • DaddyGo
        DaddyGo last edited by

        DNSBL is thus a large category in itself.....
        I suggest you watch in the log exactly which list in the DNSBL triggers the block.
        I understand your second sentence.....☺
        otherwise are you sure pfBlockerNG is blocking......?
        , see these:

        https://morph.zone/modules/newbb_plus/viewtopic.php?topic_id=11826&forum=11
        https://answers.microsoft.com/en-us/ie/forum/all/cannot-download-attachments-from-yahoo-mail-error/6515e6fa-6faa-42ce-951e-39f082fe2f59

        and finally this:

        d3efbc2a-474c-4852-8293-92eeb183ca9e-image.png

        N 1 Reply Last reply Reply Quote 0
        • N
          n257jy @DaddyGo last edited by

          @DaddyGo

          Thanks for getting back. I'm pretty sure it is something in DNSBL because I can make the problem go away and open the attachment link when DNSBL is turned off.

          I am a real newbie with this but as far as I could see there were no block entries showing this particular site, that is the confusing part. You would think that when you turn off DNSBL and the problem goes away, that the logs would show something after you turn it back on.

          I read the links you sent, but they refer issues which did not seem to apply to my situation.

          the last item you included, might have sparked an idea to try though, so thanks for that. I will send update if I find an answer.

          1 Reply Last reply Reply Quote 0
          • DaddyGo
            DaddyGo last edited by

            it seems to me that, this is a more global problem with yah ... and let’s not say its name......

            in case pfBlockerNG blocks it should be seen in the log, maybe BBcan177 will have a suggestion about it, He really knows DNSBL, you can even give advice on this issue closely

            Yes it makes sense, if you disable pfBlockerNG and it works to unambiguously block the source, but keep in mind that, this is likely to happen, because there are problems with it or a possible false positive (hard to believe yah ---) ???

            1 Reply Last reply Reply Quote 0
            • NollipfSense
              NollipfSense @n257jy last edited by

              @n257jy said in Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32:

              I have entered .ymail and .yahoo into the whitelist - no joy!

              Did you reload pfBlockerNG immediately afterwards? Also, you should add: dl-mail.ymail.com and/or ymail.com or yahoo.com ... Do you have this checked and read the note?

              Screen Shot 2020-05-19 at 11.28.26 AM.png

              N 1 Reply Last reply Reply Quote 0
              • N
                n257jy @NollipfSense last edited by

                @NollipfSense

                Thanks - YES TLD box is checked.
                Whitelist has: dl-mail.ymail.com, .ymail.com and .yahoo.com

                Also discovered these lines in the DNSBL log! belowlog capture.JPG
                I shows that AntiSocial... feed that is blocking it... but when I search for dl-mail. in the list it is not there!? I am not sure what the + or - at the end mean... There are also several lines below , that have a lot of "unknown" in them...

                Any ideas?

                NollipfSense 1 Reply Last reply Reply Quote 0
                • NollipfSense
                  NollipfSense @n257jy last edited by

                  @n257jy The plus symbol (+) means clicking that adds it to whitelist or wildcard whitelist. It seems from your log DNS resolver is having issues with the (di-mail) part of the address. Also, when you add the (ymail.com) be sure a dot is not in front like here (.ymail.com).

                  1 Reply Last reply Reply Quote 0
                  • N
                    n257jy last edited by n257jy

                    @NollipfSense said in Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32:

                    ).

                    OK, two things.
                    The + or - I was talking about was the ones at the very end of the log line... ...BD,+ yellow highlighted lines. Understand + sign in feeds list.

                    I thought the . infront of the domain meant any subdomain was white listed too, which technically would make the dl-mail.ymail.com entry redundant. If I 'm wrong on that please let me know...

                    NollipfSense 1 Reply Last reply Reply Quote 0
                    • NollipfSense
                      NollipfSense @n257jy last edited by

                      @n257jy Okay ... I have never seen the (+ or -) in the log before. I would add the entire address (dl-mail.ymail.com) to the whitelist.

                      1 Reply Last reply Reply Quote 0
                      • N
                        n257jy last edited by

                        Update:

                        I did a full reset (default install) of Pfblocker. I had changed and clicked soooo many things - I figured a fresh starting point would be a good thing.
                        So then I also cleared out the logs and recreated the issue... log image below.

                        Bingo Boingo there was a line in the log again - and this time I actually found the ymail entry in the feed alike the log said i should. I turned off the offending list and voila, all is well.
                        So now i need to decide whether to ditch that list altogether or edit out the offending lines. and use as a custom list...

                        log capture2.JPG

                        Thanks to everyone for asking the questions, because they lead me to learning a bit more about pfblocker and figuring out the issue...

                        cheers!

                        NollipfSense 1 Reply Last reply Reply Quote 0
                        • NollipfSense
                          NollipfSense @n257jy last edited by

                          @n257jy I would add to custom list than ditch the feed ... congrats on the self-learning that brought you more confidence as network administrator.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense Plus
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy