Jump to content

[Resolved] How to remove blacklistings on drbl.gremlin.ru


Tommy2xs

Recommended Posts

One of our IPs (24.89.134.138) was recently blacklisted on DRBLs vote.drbl.gremlin.ru and work.drbl.gremlin.ru. I'm the system administrator and can confirm that our network is secure, no viruses, etc, we are not relaying, and we absolutely do not send spam, but I cannot for the life of me figure out how to request a removal from these lists. It doesn't help that they're in Russian. They offer translated pages here http://gremlin.ru/soft/drbl/en/ but their removal instructions are lame because there is no postmaster[at]gremlin.ru.

You can see the two blacklistings here: http://multirbl.valli.org/lookup/24.89.134.138.html

Does anyone know if gremlin.ru is even legit?

Should I be concerned that our IP is listed with them?

Link to comment
Share on other sites

If it's of any consolation to you, I just checked my own (dynamic) IP and found that it was listed in 15 blacklists, some of which make sense (i.e., Spamhaus PBL), and others of which are suspicious to say the least.

I think the proof of a BL is in how many people use it and how many deliveries (in toto) that it blocks. If nobody uses the list other than its creator and his pals, then it probably isn't responsible for much mail blocking and therefore is nothing for IP address users (including spammers) to worry about.

I looked over the site and found that it was very elliptical to say the least, particularly as to the nature of "offenses" that would land one on one of the "voting" lists.

Unless you are getting evidence (i.e., bounces) that your mail deliveries are being blocked in significant numbers, it may not be worth your time to deal with these guys.

-- rick

Link to comment
Share on other sites

...their removal instructions are lame because there is no postmaster[at]gremlin.ru....
The point is you need to interrogate the data to find out who added you to the bl and write to them, not gremlin, per the FAQ http://gremlin.ru/soft/drbl/en/faq.html#howtogetout. Now just how you go about that interrogation is way out of my experience and knowledge levels, despite the illustration given in that FAQ. And it doesn't help that "the list of known zones and their respective contacts" from the FAQ returns a 404.

I'm sort of with Rick on the significance of your listing - if there's no evidence of effective blocking it is probably not an issue - but the fact is someone has "voted" you on to the bl, presumably on the basis of mail they didn't want and they (at least) will continue to block you and (maybe) so too some other mail/network admins. It then depends on your type of business just how much of a liability that might become. I can't see you being taken off that list anytime ever without requesting it and maybe not even then - but I haven't looked through the FAQ in detail.

If you have any concerns that gremlin.ru is not legitimate, you would need to address them to valli.org for explanation or reassurance. I see they nominate several bls as scam operations in their listings but not gremlin.ru.

Link to comment
Share on other sites

Ah, I see (maybe) - the nslookup query is supposed to say which zone added your IP address but all the txt record for 138.134.89.24.vote.drbl.gremlin.ru says is

text = "spam source"

and 138.134.89.24.work.drbl.network-1.ru says

text = "vote.drbl.gremlin.ru[at]ns.gremlin.ru:spam source"

Which you construe to mean it was gremlin.ru themselves that added you and presumably need to be contacted - and so would I. That address would be av[at]gremlin.ru (whois.ripn.net).

Link to comment
Share on other sites

  • 3 weeks later...
...The email server mail.gremlin.ru does not accept connections so the registrar contact is bogus. As an email admin is tough to ignore a blacklisting but that's probably the best advice in this case.
Thanks for the info Tommy2xs. We can't close this off as "resolved" but I guess it's gone about as far as it can go at this stage. They're funny people in Eastern Europe ...
Link to comment
Share on other sites

  • 4 weeks later...

OMFG... `dig vote.drbl.gremlin.ru soa` will answer your question.

The same applies to all other DRBL voting zones I know of - we strictly conform to RFCs.

Link to comment
Share on other sites

OMFG... `dig vote.drbl.gremlin.ru soa` will answer your question.

The same applies to all other DRBL voting zones I know of - we strictly conform to RFCs.

Thanks gremlin. Looks like the O/P managed to get off the drbl.gremlin.ru listings but maybe forgot to update his post. Marking resolved.
Link to comment
Share on other sites

  • 9 months later...

I am having the exact same issue as Tommy2xs. Does anyone know who to contact to attempt to get removed from these two lists?

I see gremlin said: OMFG... `dig vote.drbl.gremlin.ru soa` will answer your question.

What does this mean? How can I contact them?

Thanks in advance for any answers.

Link to comment
Share on other sites

...I see gremlin said: OMFG... `dig vote.drbl.gremlin.ru soa` will answer your question.

What does this mean? How can I contact them?...

Gremlin was referring to the blacklisting checking and removal procedure, outlined at http://gremlin.ru/soft/drbl/en/faq.html#howtogetout (and the bits above that section) - which is all a touch technical for this Windows end-user but presumably within the range of stuff handled routinely by a network administrator (ordinarily the level necessary to confidently resolve these matters). He was pointing the way to the "responsible email address" in the DNS record of domain drbl.gremlin.ru - though that may not be contactable from a location within the blacklist.

User gremlin might better be contactable via Personal Message - just go to his profile by clicking on his username in his post above then select the PM link - but no guarantee.

Needless to say, nothing at all to do with SpamCop but of interest to some members here.

Link to comment
Share on other sites

He was pointing the way to the "responsible email address" in the DNS record of domain drbl.gremlin.ru - though that may not be contactable from a location within the blacklist.

As that's DRBL, messages destined to the contact address bypass any and all DNSBL checks. However, that applies only to DNSBL, so the requirement of strict RFC-821 compliance is still enforced.

Of course, there are false positives - but most people perceive them as a good reason to properly configure their servers.

Link to comment
Share on other sites

  • 9 years later...

Hi everyone, I'm triying to contact gremli.ru by mail but it's impossible to found any mail available for contact in order  to contact them for deslisting  an Ip blacklisted by them.

Anyone knows how can I try to contact them? on gremli.ru web Page there's nothing available (an email, or a form, nothing)  to contact .

Could you please help? 

Also this url http://gremlin.ru/soft/drbl/en/faq.html#howtogetout ,  is not currently available for the removal procedure.

Thank so much

Link to comment
Share on other sites

On 1/16/2021 at 3:03 PM, ford78 said:

Anyone knows how can I try to contact them? on gremli.ru web Page there's nothing available (an email, or a form, nothing)  to contact .

Apparently, they don't have a contact directly, but they do have who added you to the list with a contact in the database file.  Per http://drbl.gremlin.ru/en.html, it appears, you need to download the .tar.gz file and it has a contact person inside it.

On 11/7/2010 at 10:53 AM, Farelf said:

The point is you need to interrogate the data to find out who added you to the bl and write to them, not gremlin, per the FAQ http://gremlin.ru/soft/drbl/en/faq.html#howtogetout.

Currently at that  FAQ page, the link is under the software section at "'Download drbl.tar.gz".

Delisting requests are accepted only from network administrators according to the whois information. If you aren't the network administrator, don't try to "jump over a head": the effect will be null or even negative.

Because of too many issues with blacklists, I have moved to a scoring system instead of straight up blocking.  Meaning an IP would have to show up on more than one blacklist before I block the email.

Link to comment
Share on other sites

  • 1 year later...

Our Cisco CES appliances have been blacklisted by Gremlin.ru. We have emailed drbl-gy7g4s@gremlin.ru but gotten no response. Whois IP is Cisco but appliance is owned by us. We have lodged a ticket with Cisco them but they have been unable to get a response either. Does anybody have any other means to contact for removal?

Link to comment
Share on other sites

8 hours ago, phatman said:

Our Cisco CES appliances have been blacklisted by Gremlin.ru. We have emailed drbl-gy7g4s@gremlin.ru but gotten no response. Whois IP is Cisco but appliance is owned by us. We have lodged a ticket with Cisco them but they have been unable to get a response either. Does anybody have any other means to contact for removal?

Without ANY IP the only contact address I can see is maybe on??
https://glockapps.com/blacklist/work-drbl-gremlin-ru/
Which gives this link
http://gremlin.ru/soft/drbl/en.html#removemenow
Tread carefully though

Edited by petzl
Link to comment
Share on other sites

  • 2 weeks later...
On 3/9/2022 at 7:04 PM, phatman said:

We have emailed drbl-gy7g4s@gremlin.ru but gotten no response.

Probably try looking up the blocked IP as 1.2.3.4 as follows:

nslookup -type=any 4.3.2.1.vote.drbl.gremlin.ru

to see if it might offer other contact emails.  Or you can try this and replace the vote.drbl with the list where your IP was found.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...