Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32

  • Hello, all I tried a search for this topic, so apologies if this is duplicate. Installed versions. PFsense 2.4.5 // PFblockerNG 2.2.5_32 // Browser Firefox 68.8 64 bit

    My wife uses yahoo mail.... I know, please spare me the comments, I have to live with her...
    Anyway she has legitimate documents that are routinely blocked by the DNSBL function in PFblocker.
    I have disabled and re-enabled DNSBL and the problem comes and goes... I have turned off all DNSBL groups and still no joy. I do not have DNSBL groups or Safe search enabled

    This surely is a no brainer for all you gurus out there, I'm just not one of them :-)

    Below the web link the gets blocked...
    https://dl-mail.ymail.com/ws/download/mailboxes/@.id==(+lots of encryped data jibberish)

    I have entered .ymail and .yahoo into the whitelist - no joy!

    ANY help where to begin or questions for more info would be greatly appreciated.

  • DNSBL is thus a large category in itself.....
    I suggest you watch in the log exactly which list in the DNSBL triggers the block.
    I understand your second sentence.....☺
    otherwise are you sure pfBlockerNG is blocking......?
    , see these:


    and finally this:


  • @DaddyGo

    Thanks for getting back. I'm pretty sure it is something in DNSBL because I can make the problem go away and open the attachment link when DNSBL is turned off.

    I am a real newbie with this but as far as I could see there were no block entries showing this particular site, that is the confusing part. You would think that when you turn off DNSBL and the problem goes away, that the logs would show something after you turn it back on.

    I read the links you sent, but they refer issues which did not seem to apply to my situation.

    the last item you included, might have sparked an idea to try though, so thanks for that. I will send update if I find an answer.

  • it seems to me that, this is a more global problem with yah ... and let’s not say its name......

    in case pfBlockerNG blocks it should be seen in the log, maybe BBcan177 will have a suggestion about it, He really knows DNSBL, you can even give advice on this issue closely

    Yes it makes sense, if you disable pfBlockerNG and it works to unambiguously block the source, but keep in mind that, this is likely to happen, because there are problems with it or a possible false positive (hard to believe yah ---) ???

  • @n257jy said in Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32:

    I have entered .ymail and .yahoo into the whitelist - no joy!

    Did you reload pfBlockerNG immediately afterwards? Also, you should add: dl-mail.ymail.com and/or ymail.com or yahoo.com ... Do you have this checked and read the note?

    Screen Shot 2020-05-19 at 11.28.26 AM.png

  • @NollipfSense

    Thanks - YES TLD box is checked.
    Whitelist has: dl-mail.ymail.com, .ymail.com and .yahoo.com

    Also discovered these lines in the DNSBL log! belowlog capture.JPG
    I shows that AntiSocial... feed that is blocking it... but when I search for dl-mail. in the list it is not there!? I am not sure what the + or - at the end mean... There are also several lines below , that have a lot of "unknown" in them...

    Any ideas?

  • @n257jy The plus symbol (+) means clicking that adds it to whitelist or wildcard whitelist. It seems from your log DNS resolver is having issues with the (di-mail) part of the address. Also, when you add the (ymail.com) be sure a dot is not in front like here (.ymail.com).

  • @NollipfSense said in Legitimate yahoo .pdf attachments being blocked by DNSBL in PFblocker 2.2.5.-32:


    OK, two things.
    The + or - I was talking about was the ones at the very end of the log line... ...BD,+ yellow highlighted lines. Understand + sign in feeds list.

    I thought the . infront of the domain meant any subdomain was white listed too, which technically would make the dl-mail.ymail.com entry redundant. If I 'm wrong on that please let me know...

  • @n257jy Okay ... I have never seen the (+ or -) in the log before. I would add the entire address (dl-mail.ymail.com) to the whitelist.

  • Update:

    I did a full reset (default install) of Pfblocker. I had changed and clicked soooo many things - I figured a fresh starting point would be a good thing.
    So then I also cleared out the logs and recreated the issue... log image below.

    Bingo Boingo there was a line in the log again - and this time I actually found the ymail entry in the feed alike the log said i should. I turned off the offending list and voila, all is well.
    So now i need to decide whether to ditch that list altogether or edit out the offending lines. and use as a custom list...

    log capture2.JPG

    Thanks to everyone for asking the questions, because they lead me to learning a bit more about pfblocker and figuring out the issue...


  • @n257jy I would add to custom list than ditch the feed ... congrats on the self-learning that brought you more confidence as network administrator.

Log in to reply