[Dshield] DOS by Sorbs?

David Cary Hart DShield at TQMcube.com
Fri Dec 23 03:08:30 GMT 2005


On Thu, 22 Dec 2005 20:43:15 -0500
jayjwa <jayjwa at atr2.ath.cx> opined:
> 
> 
> Supposedly, I'm running an Anal X Proxy (Windowz trojan/program, this is a 
> linux machine, go figure...) so don't feel bad ;)

SORBS has your IP listed as an exploitable server. We have it listed as a
dynamic IP.
> 
> -> After analysing the issue, it turns out that the complaint made to Sorbs is
> -> faked/false and no warning was given to us.
> 
> This is one of the biggest down falls about the concept of RBL's: they list 
> tons of false positives. I've never heard of a case where someone was warned, 
> or even told. Most people find out when they get complaints, as you did. 
> Meanwhile, they think their mail is going thru OK. Makes one wonder what you 
> think got sent, but actually didn't. Was it important? Did someone depend on 
> it?

EVERY reject gets a bounce message referring them back to the RBL.  And, yes,
there are false positives. However, an RBL that has excessive FPs simply won't
be used. It's unreasonable to expect to be warned when an IP is added. Who
should SORBS advise (and how should they do it) at
"host-69-95-5-4.syr.choiceone.net?"
> 
> It's reasonable to be listed for never spamming, ever, so I guess that you 
> could be listed for just about anything.
> 
FWIW, Matthew Sullivan is a very decent guy. If you have a legitimate gripe,
he'll fix it. However, if you want your email to be broadly accepted you'll
need to establish that you have a static IP with unique rDNS.

-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php
              GeoGraphics: http://www.TQMcube.com/origins.php


More information about the list mailing list