Ex_Brit Posted March 26, 2006 Share Posted March 26, 2006 I happened to be doing an IP lookup and just on a whim entered my own as well, and was shocked to see that I'm on the SORBS hit list!! I registered with them and filed a support request immediately. The following is their reply and I haven't the faintest idea what they are talking about. From: SORBS Support \(lem\) Date: 03/25/06 21:14:32 To: xxxxx[at]xxxx.com Subject: [sorbs.net #70828] Need help with 69.195.8.76 (support form) *** Collection of IP space considered dynamic (Dynamic rDNS) 69.195.8.76/32 (rDNS with too short TTL) 69.195.8.76/32 The IP address space identified above is listed in SORBS DUHL list. The IP space _not_ depicted above, is _not_ listed in SORBS DUHL or is eligible for delisting. More information about this list can be found here (Please read this information thoroughly) http://www.sorbs.net/faq/dul.shtml IP Addresses with defined rDNS and a TTL longer than 43200 seconds, have been included because they seem to point to a dynamic IP address. According to our policies, we cannot delist said IP address until actions explained below, are completed in your part. Names that look generic (ie, include the IP address or a part of it, mention the keywords "pool", "ppp", "customer", etc) are considered by us as an indicator of the IP address being dynamically assigned. Note that SORBS tools may cache its results for up to 48 hours. Therefore, if you've recently changed your DNS configuration or intend to do so, please wait before asking us to review your case. *** IP Space with a TTL too short 69.195.8.76/32 The TTL for the reverse DNS name (rDNS) of the IP address space identified above, is less than the minimum we accept for delisting, 43200 seconds. According to our policies, we cannot delist an address whose rDNS has a TTL lower than this value. Note that we recommend setting the TTL to 86400 seconds at least. We are setting this ticket to 'Rejected', as an action is required in your part before we can update our lists regarding the IP address you wrote us about. After one or more of the three options set forth above has been implemented, please reopen this ticket and we will re-evaluate your case. If you choose to modify your current DNS configuration, it is very important that you verify the correctness of your changes with a third party before asking us to review your case. This will help us all to help you faster. A reliable third party is the "Reverse DNS Lookup tool" available at http://www.dnsstuff.com/ Also, the tools used by SORBS can cache DNS lookup results for up to 48 hours. Please make sure to wait at least this time before requesting a review of this case or submitting a related one. If you find this instructions too complicated or don't understand what they mean, please ask your ISP for support - Showing this answer to them is also a good idea. Your options at this time, are as follows: (1) Send your email through your ISP's mail servers, as suggested in various places at our website. - or - (2) Have your DNS data modified so that the listed IP address has a clearly non-dynamic rDNS. We suggest that you include the keyword "static" on this name, to avoid future listings. Also, insure that the TTL is set to no less than 43200 seconds (we recommend 86400). To comply with RFC1912 you must have a matching A record for every PTR record. - or - (3) Ask your ISP to get in touch with SORBS with the list of dynamic and static IP allocations within its network, so that our DUHL list can be updated. Note that many large ISPs do this periodically to reduce the inconvenience to its users. In this case, the communication must come from a RIR contact for the affected IP space. Also note that if you adjust your DNS configuration properly, you may be able to use the automated delisting facility at https://www.dnsbl.sorbs.net/scgi-bin/dulexclusions This facility can allow you to quickly delist IP addresses under your control without intervention of SORBS' staff. Thank you SORBS Support I tried their quick delisting which failed.. "No acceptable MX records found". If this is in the wrong section, please forgive me and move it appropriately, thanks. Link to comment Share on other sites More sharing options...
Wazoo Posted March 26, 2006 Share Posted March 26, 2006 You offer no data dealing with the running of an e-mail server. 03/26/06 05:28:44 Slow traceroute 69.195.8.76 Trace 69.195.8.76 ... 66.185.80.241 RTT: 65ms TTL: 32 (gw01.bloor.phub.net.cable.rogers.com fraudulent rDNS) 66.185.83.166 RTT: 62ms TTL: 32 (gw03.bloor.phub.net.cable.rogers.com fraudulent rDNS) 66.185.90.2 RTT: 62ms TTL: 32 (cmts01.bloor.phub.net.cable.rogers.com ok) * * * failed * * * failed There appears to be a firewall right after 66.185.90.2 (hop 8) that blocks ICMP, unwanted UDP, and unwanted TCP packets. telnet 69.195.8.76 25 could not open a connection to 69.195.76.25 IP address: 69.195.8.76 Reverse DNS: cpe000cf1c621da-cm000a73a944f1.cpe.net.cable.rogers.com. Reverse DNS authenticity: [Verified] ASN: 812 ASN Name: ROGERS-CABLE IP range connectivity: 1 Registrar (per ASN): ARIN Country (per IP registrar): CA [Canada] Country Currency: CAD [Canada Dollars] Country IP Range: 69.192.0.0 to 69.199.255.255 Country fraud profile: Normal City (per outside source): Toronto, Ontario Private (internal) IP? No IP address registrar: whois.arin.net Known Proxy? No 69.195.8.76 PTR record: CPE000cf1c621da-CM000a73a944f1.cpe.net.cable.rogers.com. [TTL 1800s] [A=69.195.8.76] I guess the real question of the moment ... it's on Sorbs, but so what? Link to comment Share on other sites More sharing options...
Ex_Brit Posted March 26, 2006 Author Share Posted March 26, 2006 Hi Wazoo, I'm not on a server...just one PC connected via lan/high-speed cable to the Rogers network. I'm using McAfee Firewall Plus. I guess you are right....so I'm on the Sorbs list....big deal. It just surprised me that's all. They go on about increasing my TTL to 86400 or something like that...well I can't. (Not that I'm very sure about that either). Also that my IP address appeared to be dynamic...it isn't it's fixed. I copied Rogers to see what they have to say....probably nothing knowing them. Thanks! Link to comment Share on other sites More sharing options...
Wazoo Posted March 26, 2006 Share Posted March 26, 2006 A bit of semantics involved is all ... the old "dial-up" description was based on a user basically getting a 'new / different' IP address every time a net onnection was made. Although most Cable/DSL connections these days end up being a bit static, unless you are paying extra, they aren't really classified as such, rather just another address in a pool that the ISP has set aside for customer use. This client base would normally be configured to use other ISP assets for the rest of the package, i.e., sending/receiving e-mail via a server administered by the ISP. The settings mentioned would only come into play if "you" were administrating the server/system providing services at that IP address (typically setting up the Domain package that would be sitting there) .... in this case, the only setting that would impact you would basically be the lease time that allowed you to "own" that address for a while. Link to comment Share on other sites More sharing options...
Ex_Brit Posted March 26, 2006 Author Share Posted March 26, 2006 Thanks. So basically it's a storm in a teacup and I should forget it....good!! ;-) Link to comment Share on other sites More sharing options...
Ex_Brit Posted March 26, 2006 Author Share Posted March 26, 2006 Well, I take back all the bad things I've said about my ISP in the past!! Dear Peter, Thank you for emailing the Rogers Yahoo! Hi-Speed Internet Electronic Support team. We appreciate hearing from our subscribers regarding our service. As we do appreciate your concerns regarding your issue, please be advised that a ticket WFR00402439 is currently under investigation, in regards to the Rogers SMTP mail server IP addresses being blacklisted with the SORBS/DSBL. We apologize for the inconvenience. Although the above ticket does not specifically reflect a client IP address, the matter may be related. You may want to confirm with SORBS/DSBL via URL shown below. http://www.us.sorbs.net/cgi-bin/support We apologize for the inconvenience. If you have any further questions or comments regarding our service, please fill out the online form on our Customer Support page listed below or contact us by phone at 1-888-288-4663. Regards, Anil M. Rogers Yahoo!Hi-Speed Internet Electronic Support Group Customer Support: http://help.yahoo.com/rogers Email:internetsupport[at]rci.rogers.com Rogers Hi-Speed Internet Support KMM14266550C0KM Link to comment Share on other sites More sharing options...
Farelf Posted March 27, 2006 Share Posted March 27, 2006 Well, I take back all the bad things I've said about my ISP in the past!! 41617[/snapback] Steady on - no need to go overboard. I think every large organization has within it a Vigilance Committee, charged with the elimination of all vestiges of competency (not cynical, just experienced). Tell me when Rogers (how apposite!) have actually done something and I may be forced to resile Link to comment Share on other sites More sharing options...
Ex_Brit Posted March 27, 2006 Author Share Posted March 27, 2006 Ok, let's put it this way. They accidentally did something right for a change. (Despite all efforts to the contrary). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.