Jump to content

technion

Members
  • Content Count

    23
  • Joined

  • Last visited

Community Reputation

0 Neutral

About technion

  • Rank
    Member
  1. technion

    no-more-funn Bogon list

    Thanks for the help all. I did email both the addresses Farelf recommended, neither have yieleded a reply yet. It does looks like this is somewhat a dying RBL, it's just frustrating to see it listed on every single "check your mail server for problems" list I have found to date.
  2. technion

    no-more-funn Bogon list

    Hi, I realise this RBL has no association with Spamcop, but I got useful advise with a revent Senderbase issue and I'm hoping to do the same with this one. We have this IP address: 110.76.128.230 It's not running live yet, but my preparation for sending email involved the following: Setup paranoid reverse DNS Check against Barracuda RBL Check against Senderbase (whew, no issues here this time) Check against the list at kloth.net Here, I got the following: Listed in no-more-funn.moensted.dk, moensted.dk/spam/no-more-funn/ : 127.0.0.9 : IP not supposed to be routed. See http://www.cymru.com/Documents/bogon-list.html Bogon List v2.0 08 APR 2003 Rob Thomas bogon list 2.0 1055973600 - (ttl:2100) Well of course we are listed. Their bogon list, from what I'm reading there, was last updated 2003. This IP address block was allocated this year. Heading over to the given URL, http://www.cymru.com/Documents/bogon-list.html, shows a list which, no suprises, we're not listed in. I tried to fill out the "remove" form on the moensted website, and just got this back: This IP is not supposed to be not supposed to be routed, and is probaly not your public ip. It can't be removed! I then tried to fill out the contact form on the site. After all, there is some discussion about delisting entire blocks that are incorrectly listed. Except when you fill out the contact form and hit "submit", you get a 404 error. There's a "please email me" link at the top of the page, where the mailto: appears to be malformed. I've always used the kloth.net list before satisfying myself email was going to get out. Any information on whether: * the no-more-funn bogons list is known to be obsolete and noone uses it * how to contact the Dr and have our netblock removed * this is going to bite me, which presumably means noone can allocate a new IP and use it Would be very appreciated. Edit: robtex.com also lists the same RBL
  3. technion

    Senderbase listing, trying to make sense of it

    If you click on that silly "Explain my reputation" link (most of which renders in a popup off the screen on my desktop), then you'll know as much as anyone else does. That being: Poor = A problematic level of threat activity has been observed from your IP address or domain. Your email or Web traffic is likely to be filtered or blocked*. It's a pity when you get better (neutral) you still see this: Neutral = Your IP address or domain is within acceptable parameters. However, your email or Web traffic may still be filtered or blocked*. At least I haven't found anyone yet that rejects email from addresses "within acceptable parameters". Try sending them an email from a different domain to your usual, and explain you've improved security. Don't ask for headers or anything because they won't give it to you, but if you suggest the problem should be gone, they'll hopefully tell you if it really is - in my case, they gave me a date of their single "complaint".
  4. technion

    Senderbase listing, trying to make sense of it

    Definitely agreed. I did find a number of discussions around the place with similar issues. The major difficulty is someone needs to be fairly skilled to convince people that it's not their problem. And when you say "I'm running a Netgear modem as my firewall", which realistically, many budgets don't have any opposing choice for, you acknowledge viruses can get through that modem. Whether that's what happened or not, there's doubt there, and it's hard to prove your innocence.
  5. technion

    Senderbase listing, trying to make sense of it

    Again, discussed earlier. We changed the name after several days already on the blacklist to see if it would help a delisting. t did not. I'll note that change is yet to be reflected on the senderbase page. The domain change was my IPs rDNS domain. There were no changes to actual email addresses at any point.
  6. technion

    Senderbase listing, trying to make sense of it

    My long term ownership of the IP address in question was discussed already on this thread. You have to consider what's a fair burden to place on network owners. Setup a reverse DNS. Setup a forward DNS. Make sure your HELO matches it. Register at abuse.net. Setup a firewall that doesn't allow port 25 outbound except from the server. Deal with users who get grumpy that their POP/SMTP accounts on outside servers suddenly don't work. And no, they don't care that there's a port 587 they can still use. Stop backscatter. Harder than it should be under Exchange 2007. Setup SPF records. Check the IP at any of the multi-dns RBL checks out there. Check yourself against Trusted Score. Check yourself against Barracuda. Distribute an email use policy. Argue with marketing for days that purchased email lists are not appropriate. It would be less of an issue if Senderbase published a standard DNS lookup that sites like www.robtex.com could plug into (just add one to the list). But they've made a business decision to go proprietry. Even the Perl Net::Sender module I tried working with (to save dealing with the website) tells you everything on the Senderbase database about an IP - except it's score. This is a well documented business decision to go another route. Instead, you load up this awful website that produces seemingly random results (still flapping between neutral and good, while doing constant refreshes) after sitting through 5-10 minutes of lag, hoping your browser doesn't time out on you. I'd really hate for regular repeating of this process to be added to the lists of tasks for a "responsible mail server admin". There have been multiple replies from people stating senderbase contact has been a big black hole. I got the impression that at least one of these users were currently having no reputation issues. When you do get a reply, it's automated, you're not talking to anyone in power, you're talking to a cut + paste guy who clearly doesn't have the authority to act on suggestions, and although I'd love to hear about something placed up the chain, I don't believe it will happen. I found this some time back. It appears to be restricted to Ironport customers. Ironport's implied view on these sorts of issues seemed to come down to "it's not our fault if Senderbase if incorrect, it's an independant third party, which we just happen to own".
  7. technion

    Senderbase listing, trying to make sense of it

    Unfortunately, if such a contact method existed, I would have done it. At least AOL whitelisted you - none of the ISPs around here would do that. Wazoo posted in my thread on Mar 24 2009, 07:31 AM that he was unable to get senderbase to ever respond to his emails either. The major difference here is that Spamcop: a) Post enough information on their website that if you are listed, you know exactly why, and how to get delisted Have a forum right here with people who can get action Senderbase has neither of those things. It's not the product that's frustrating, it's the ivory tower "don't talk to us just use our filters" approach that is their problem.
  8. technion

    Senderbase listing, trying to make sense of it

    It's telling me "neutral" at the moment, but I'll take grey over red any day. I'm sure no closer to making sense of it, but I thank all the comments the same. It was helpful to at least keep busy with something throughout this process.
  9. technion

    Senderbase listing, trying to make sense of it

    It could still be completely coincedental. For all we know we got punished for 15 days because of one reported incident. Most of the options are requite depressing here. Whether it's abuse.net, loooong delisting periods, the fact a long established rDNS name for changed, or something else entirely, it's all stupid when you don't tell the person. Open relays only get closed when they are told it gets them off an RBL in a matter of hours. This reputation guesswork is rubbish, and it does nothing to encourage people to improve their networks. I'd also like the bigger Australian ISPs, all of whom seemed to be using this garbage filter system, who'd like to consider this. Multiple tech support agents would only give me the same thing about a "zero tolerance approach to spammers" and couldn't comprehend at all that this reputation system doesn't necessarily make guarantees about a certain IP belonging to a known spammer.
  10. technion

    Senderbase listing, trying to make sense of it

    Microsoft's internal Partner Community (Exchange Miscellaneous). Probably the last group of people I'd expect to be cluey on this, but then, Exchange configuration issues were suggested on this forum, so I took it there. Presented them with full dumps of all Exchange config data, but when noone could see anything wrong, they started looking for less obvious issues in the same way we all have been. Update: Still neutral four hours on.
  11. technion

    Senderbase listing, trying to make sense of it

    Thanks for that. I'm also not aware how such things affect us, but will consider looking into it. I did hear on another forum that, yet again, this was probably my fault for having a domain which was not registered at abuse.net. This sounded overly stupid to me - I've certainly never heard of any requirement to do so. It's certainly not RFC mandated. But it WAS pointed out to me that senderbase's whitelisting service will only consider domains registered there. Well I did so, and less than an hour later, turned around "neutral" on senderbase. I waited an hour before posting this in case we were back in one of those flap states, but it doesn't appear to be. I've severly rate limited our email through to Ironport users to ensure we don't get some massive traffic spike, I guess we'll see what happens over the next few hours/days.
  12. technion

    Senderbase listing, trying to make sense of it

    Well something did work. That something being to send them an email from a completely different domain. (no, my original emails weren't blocked by filters, they were from a different domain again to the one experiencing the issue. But they'd appeared to have had enough of me after the first email). The reply was pretty much a cut and paste of the first, that being that they had a single complaint on the 15th (now 11 days ago) and a story about how when you have a bad credit rating, it takes a while to get it back, and I would have to "earn" back my neutral Senderbase reputation. They never addressed anything relating to the DNS situation.
  13. technion

    Senderbase listing, trying to make sense of it

    I had already been through thednsreport.com, which provides the exact service dnsstuff.com did before it became a paid service. It warns me about glue at the parent nameserver, but that's only because the DNS servers are on a different TLD. I've got hundreds of domains I've been involved with run the same way, and the expected issue (an extra few seconds in lookup time) is all I seem to get. There is a "fail" surrounding the two DNS servers being on the same network. I know exactly how many pipes to the Internet that network has and aren't too worried about that. I'd really hope things like this don't cause "suspicious threat activity".
  14. technion

    Senderbase listing, trying to make sense of it

    It was put to me elsewhere that this was probably my fault for having inconsistent DNS servers managing that IP range. Before anyone else suggests it, I struggle to see this being the case: [root[at]ceilingcat ~]# dig +short ns 113.14.61.in-addr.arpa ns3.brennanit.net.au. ns2.brennanit.net.au. ns1.brennanit.net.au. [root[at]ceilingcat ~]# dig +short -x 61.14.113.190 [at]ns3.brennanit.net.au smtp.cocaus.org. [root[at]ceilingcat ~]# dig +short -x 61.14.113.190 [at]ns2.brennanit.net.au smtp.cocaus.org. [root[at]ceilingcat ~]# dig +short -x 61.14.113.190 [at]ns1.brennanit.net.au smtp.cocaus.org.
  15. technion

    Senderbase listing, trying to make sense of it

    I end up looking at this server: [root[at]ceilingcat ~]# dig +short www.senderbase.org www.senderbase.org.edgesuite.net. a579.g.akamai.net. 210.9.88.51 210.9.88.58 Which takes *forever* to load. You'd swear it was running off a dialup modem. As of right now, I'm getting the correct rDNS address again, "unverified forward/rev DNS match", my network owner is "Unknown", as is the "date first email seen from this address", and my score is unfortunately still "poor".
×