Jump to content
Tommy2xs

[Resolved] How to remove blacklistings on drbl.gremlin.ru

Recommended Posts

One of our IPs (24.89.134.138) was recently blacklisted on DRBLs vote.drbl.gremlin.ru and work.drbl.gremlin.ru. I'm the system administrator and can confirm that our network is secure, no viruses, etc, we are not relaying, and we absolutely do not send spam, but I cannot for the life of me figure out how to request a removal from these lists. It doesn't help that they're in Russian. They offer translated pages here http://gremlin.ru/soft/drbl/en/ but their removal instructions are lame because there is no postmaster[at]gremlin.ru.

You can see the two blacklistings here: http://multirbl.valli.org/lookup/24.89.134.138.html

Does anyone know if gremlin.ru is even legit?

Should I be concerned that our IP is listed with them?

Share this post


Link to post
Share on other sites

If it's of any consolation to you, I just checked my own (dynamic) IP and found that it was listed in 15 blacklists, some of which make sense (i.e., Spamhaus PBL), and others of which are suspicious to say the least.

I think the proof of a BL is in how many people use it and how many deliveries (in toto) that it blocks. If nobody uses the list other than its creator and his pals, then it probably isn't responsible for much mail blocking and therefore is nothing for IP address users (including spammers) to worry about.

I looked over the site and found that it was very elliptical to say the least, particularly as to the nature of "offenses" that would land one on one of the "voting" lists.

Unless you are getting evidence (i.e., bounces) that your mail deliveries are being blocked in significant numbers, it may not be worth your time to deal with these guys.

-- rick

Share this post


Link to post
Share on other sites
...their removal instructions are lame because there is no postmaster[at]gremlin.ru....
The point is you need to interrogate the data to find out who added you to the bl and write to them, not gremlin, per the FAQ http://gremlin.ru/soft/drbl/en/faq.html#howtogetout. Now just how you go about that interrogation is way out of my experience and knowledge levels, despite the illustration given in that FAQ. And it doesn't help that "the list of known zones and their respective contacts" from the FAQ returns a 404.

I'm sort of with Rick on the significance of your listing - if there's no evidence of effective blocking it is probably not an issue - but the fact is someone has "voted" you on to the bl, presumably on the basis of mail they didn't want and they (at least) will continue to block you and (maybe) so too some other mail/network admins. It then depends on your type of business just how much of a liability that might become. I can't see you being taken off that list anytime ever without requesting it and maybe not even then - but I haven't looked through the FAQ in detail.

If you have any concerns that gremlin.ru is not legitimate, you would need to address them to valli.org for explanation or reassurance. I see they nominate several bls as scam operations in their listings but not gremlin.ru.

Share this post


Link to post
Share on other sites

Ah, I see (maybe) - the nslookup query is supposed to say which zone added your IP address but all the txt record for 138.134.89.24.vote.drbl.gremlin.ru says is

text = "spam source"

and 138.134.89.24.work.drbl.network-1.ru says

text = "vote.drbl.gremlin.ru[at]ns.gremlin.ru:spam source"

Which you construe to mean it was gremlin.ru themselves that added you and presumably need to be contacted - and so would I. That address would be av[at]gremlin.ru (whois.ripn.net).

Share this post


Link to post
Share on other sites

Thanks for investigating.

The email server mail.gremlin.ru does not accept connections so the registrar contact is bogus. As an email admin is tough to ignore a blacklisting but that's probably the best advice in this case.

Share this post


Link to post
Share on other sites
...The email server mail.gremlin.ru does not accept connections so the registrar contact is bogus. As an email admin is tough to ignore a blacklisting but that's probably the best advice in this case.
Thanks for the info Tommy2xs. We can't close this off as "resolved" but I guess it's gone about as far as it can go at this stage. They're funny people in Eastern Europe ...

Share this post


Link to post
Share on other sites

OMFG... `dig vote.drbl.gremlin.ru soa` will answer your question.

The same applies to all other DRBL voting zones I know of - we strictly conform to RFCs.

Share this post


Link to post
Share on other sites
OMFG... `dig vote.drbl.gremlin.ru soa` will answer your question.

The same applies to all other DRBL voting zones I know of - we strictly conform to RFCs.

Thanks gremlin. Looks like the O/P managed to get off the drbl.gremlin.ru listings but maybe forgot to update his post. Marking resolved.

Share this post


Link to post
Share on other sites

Thank you Gremlin for the SOA tip.

I didn't post a follow-up because I'm not sure how my IP was delisted, but glad it was. I was never able to get through to anyone at gremlin.ru since the MX record is still not accepting connections from any of my email servers.

Share this post


Link to post
Share on other sites

I am having the exact same issue as Tommy2xs. Does anyone know who to contact to attempt to get removed from these two lists?

I see gremlin said: OMFG... `dig vote.drbl.gremlin.ru soa` will answer your question.

What does this mean? How can I contact them?

Thanks in advance for any answers.

Share this post


Link to post
Share on other sites
...I see gremlin said: OMFG... `dig vote.drbl.gremlin.ru soa` will answer your question.

What does this mean? How can I contact them?...

Gremlin was referring to the blacklisting checking and removal procedure, outlined at http://gremlin.ru/soft/drbl/en/faq.html#howtogetout (and the bits above that section) - which is all a touch technical for this Windows end-user but presumably within the range of stuff handled routinely by a network administrator (ordinarily the level necessary to confidently resolve these matters). He was pointing the way to the "responsible email address" in the DNS record of domain drbl.gremlin.ru - though that may not be contactable from a location within the blacklist.

User gremlin might better be contactable via Personal Message - just go to his profile by clicking on his username in his post above then select the PM link - but no guarantee.

Needless to say, nothing at all to do with SpamCop but of interest to some members here.

Share this post


Link to post
Share on other sites
He was pointing the way to the "responsible email address" in the DNS record of domain drbl.gremlin.ru - though that may not be contactable from a location within the blacklist.

As that's DRBL, messages destined to the contact address bypass any and all DNSBL checks. However, that applies only to DNSBL, so the requirement of strict RFC-821 compliance is still enforced.

Of course, there are false positives - but most people perceive them as a good reason to properly configure their servers.

Share this post


Link to post
Share on other sites

Hi everyone, I'm triying to contact gremli.ru by mail but it's impossible to found any mail available for contact in order  to contact them for deslisting  an Ip blacklisted by them.

Anyone knows how can I try to contact them? on gremli.ru web Page there's nothing available (an email, or a form, nothing)  to contact .

Could you please help? 

Also this url http://gremlin.ru/soft/drbl/en/faq.html#howtogetout ,  is not currently available for the removal procedure.

Thank so much

Share this post


Link to post
Share on other sites
On 1/16/2021 at 3:03 PM, ford78 said:

Anyone knows how can I try to contact them? on gremli.ru web Page there's nothing available (an email, or a form, nothing)  to contact .

Apparently, they don't have a contact directly, but they do have who added you to the list with a contact in the database file.  Per http://drbl.gremlin.ru/en.html, it appears, you need to download the .tar.gz file and it has a contact person inside it.

On 11/7/2010 at 10:53 AM, Farelf said:

The point is you need to interrogate the data to find out who added you to the bl and write to them, not gremlin, per the FAQ http://gremlin.ru/soft/drbl/en/faq.html#howtogetout.

Currently at that  FAQ page, the link is under the software section at "'Download drbl.tar.gz".

Delisting requests are accepted only from network administrators according to the whois information. If you aren't the network administrator, don't try to "jump over a head": the effect will be null or even negative.

Because of too many issues with blacklists, I have moved to a scoring system instead of straight up blocking.  Meaning an IP would have to show up on more than one blacklist before I block the email.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×