[Dshield] DOS by Sorbs?
smelnick at water.com
Thu Dec 22 16:28:42 GMT 2005
Ooopps. Ok its morning for me. That's the IP for your personal domain.
Well, I assume that your MX records for vuw.ac.nz is your inbounds only
and it goes outbound is on another IP.
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Scott Melnick
Sent: Thursday, December 22, 2005 11:02 AM
To: General DShield Discussion List
Subject: Re: [Dshield] DOS by Sorbs?
Here is what I found. I used Solar Winds Blacklist utility. I show 2
black list sites Black listing you for Dynamic IP addresses. This is
assuming I got your outbound mail IP correct.
You can also have trouble with email servers that do reverse DNS
lookups. If the reverse doesn't match the email domain, they will reject
Target "Reason(s) for being Blacklisted" URL
184.108.40.206 "Blacklisted by 2 servers"
"Sorbs" " Received 1 reason" dnsbl.sorbs.net
" 127.0.0.10" " Dial-up/Dynamic network" " Dynamic IP
Addresses See: http://www.sorbs.net/lookup.shtml?220.127.116.11 "
"Not Just Another Bogus List - Secondary list" " Received 1 reason"
" 127.0.0.3" " Dial-up/dynamic IP address" "
Dynamic/Residential IP range listed by NJABL dynablock -
>Are there many of you that have been "cornered" by Sorbs in Australia?
>Suddenly, we started to receive complaints from users that we were on
>RBL list. And when I looked at it, we have been listed by Sorbs as a
>site. After analysing the issue, it turns out that the complaint made
>Sorbs is faked/false and no warning was given to us. Basically, I
>contacted the remote user (in Finland) that the complaint was referring
>and he have never heard of it. I also contacted our user, who the email
>"was sent from". As most of you probably is guessing by now, a
>If we don't do "non delivery notifications", we will break rfc's.
>If we deliver non delivery notifications, we will most likely send crap
>Our mail servers do strict mail filtering and do not relay. We have a
>commercial anti spam system for incoming email. Outgoing, incoming and
>internal email systems are separated with a lot of security checks.
>What is the general feeling amongst you lot?
>Is it reasonable to be listed on RBL lists for following rfc's?
>Have many of you had problems with Sorbs?
>In order for them to remove us from their black list, they want money.
>Is it normal custom to blacklist without warning?
>Victoria University of Wellington
Learn about Intrusion Detection in Depth from the comfort of your own
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list