Jump to content

snagglepuss

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About snagglepuss

  • Rank
    Newbie
  1. snagglepuss

    exchange 2003 sp2 server dnsbl problem

    Thanks Graemel! You have been a great help. I will have the tech guys take a look at this and see what they recommend. Your assumption is correct ( Internal server <---> External gateway <---> Internet). we also have an SMTP email virus checking server that checks the incoming email before it gets to the email server(exchange) for viruses. Maybe this is the issue. Thanks again, I'll let you know what we do!
  2. snagglepuss

    exchange 2003 sp2 server dnsbl problem

    Hello Graemel, Thanks for the information. I'm not sure I can interpret what you are saying here. It sounds to me like you are saying that the response back from spamcop/spamhaus look valid to you? I'm afraid I'm not familiar with Dig and my position here at my company is Mangement so I am relying on the technical people that I work with. The packet capture was done by our security monitoring company and the technician that tried to help me said he couldn't understand why the packet trace is showing an address of 15.103.16.10 (which is the address of hewlett packard) instead of the 127.0.0.x return code. I can see through exchange monitoring that the dns BL lookup requests are being sent to spamcop/spamhaus, however, the exchange monitor is showing that none of the replies from spamcop/spamhaus are indicating to exchange to drop the email if it's spam. It's just showing the 15.103.16.10 address as the return code (according to the tech)? Any additional help or explaination would be greatly appreciated! Thanks! Thanks for your direction/help Wazoo! I'll try not to make the same mistake next time!
  3. Hi All, I'm new to spamcop so bear with me! I'm not sure where to post this issue, but I'll try here and on the Geek forum. We have an exchange 2003 sp2 server and I have setup connection filtering using spamcop and spamhaus as the blocklist providers. I can see the dns lookup requests being sent to spamcom/spamhaus, however, the only thing I get back from both bl providers is what looks to be the ip address of HP (hewlett packard)???return code ?? see below for the packet trace for detailed info.......... 22:07:12.926859 10.16.103.3.47116 > 216.220.0.1.53: [udp sum ok] 1503+ A? 15.103.16.10.sbl-xbl.spamhaus.org. [|domain] (ttl 128, id 55291, len 79) 0x0000 4500 004f d7fb 0000 8011 18b2 0a10 6703 E..O..........g. 0x0010 d8dc 0001 b80c 0035 003b 090d 05df 0100 .......5.;...... 0x0020 0001 0000 0000 0000 0231 3503 3130 3302 .........15.103. 0x0030 3136 0231 3007 7362 6c2d 7862 6c08 7370 16.10.sbl-xbl.sp 0x0040 616d 6861 7573 036f 7267 0000 0100 01 amhaus.org..... 22:07:12.939353 216.220.0.1.53 > 10.16.103.3.47116: [udp sum ok] 1503 NXDomain q: A? 15.103.16.10.sbl-xbl.spamhaus.org. 0/1/0 ns: sbl-xbl.spamhaus.org. SOA need.to.know.only. hostmaster.spamhaus.org. 2007112887 3600 600 432000 900 (115) (ttl 59, id 49229, len 143) 0x0000 4500 008f c04d 0000 3b11 7520 d8dc 0001 E....M..;.u..... 0x0010 0a10 6703 0035 b80c 007b 111d 05df 8183 ..g..5...{...... 0x0020 0001 0000 0001 0000 0231 3503 3130 3302 .........15.103. 0x0030 3136 0231 3007 7362 6c2d 7862 6c08 7370 16.10.sbl-xbl.sp 0x0040 616d 6861 7573 036f 7267 0000 0100 01c0 amhaus.org...... 0x0050 1900 0600 0100 0000 f200 3404 6e65 6564 ..........4.need 0x0060 0274 6f04 6b6e 6f77 046f 6e6c 7900 0a68 .to.know.only..h 0x0070 6f73 746d 6173 7465 72c0 2177 a21c b700 ostmaster.!w.... 0x0080 000e 1000 0002 5800 0697 8000 0003 84 ......X........ 22:07:12.940154 10.16.103.3.47117 > 216.220.0.1.53: [udp sum ok] 1504+ A? 15.103.16.10.bl.spamcop.net. [|domain] (ttl 128, id 55292, len 73) 0x0000 4500 0049 d7fc 0000 8011 18b7 0a10 6703 E..I..........g. 0x0010 d8dc 0001 b80d 0035 0035 d5a8 05e0 0100 .......5.5...... 0x0020 0001 0000 0000 0000 0231 3503 3130 3302 .........15.103. 0x0030 3136 0231 3002 626c 0773 7061 6d63 6f70 16.10.bl.spamcop 0x0040 036e 6574 0000 0100 01 .net..... 22:07:13.045317 216.220.0.1.53 > 10.16.103.3.47117: [udp sum ok] 1504 NXDomain q: A? 15.103.16.10.bl.spamcop.net. 0/1/0 ns: bl.spamcop.net. SOA bl.spamcop.net. hostmaster.admin.spamcop.net. 1196286351 3600 1800 3600 0 (98) (ttl 59, id 49261, len 126) 0x0000 4500 007e c06d 0000 3b11 7511 d8dc 0001 E..~.m..;.u..... 0x0010 0a10 6703 0035 b80d 006a efa4 05e0 8183 ..g..5...j...... 0x0020 0001 0000 0001 0000 0231 3503 3130 3302 .........15.103. 0x0030 3136 0231 3002 626c 0773 7061 6d63 6f70 16.10.bl.spamcop 0x0040 036e 6574 0000 0100 01c0 1900 0600 0100 .net............ 0x0050 0000 0000 29c0 190a 686f 7374 6d61 7374 ....)...hostmast 0x0060 6572 0561 646d 696e c01c 474d e18f 0000 er.admin..GM.... 0x0070 0e10 0000 0708 0000 0e10 0000 0000 Thanks for any/all help!
×