Jump to content
Sign in to follow this  
Calzonie

My setup stopped working 1/11

Recommended Posts

I have spamcop in place on several servers, since Jan 11th my logs show -0- blocks for spamcop yet all my others RBL's still work. Was anything done or is this something that is effecting only me?

Thanks.

Edited by Calzonie

Share this post


Link to post
Share on other sites
I have spamcop in place on several servers, since Jan 11th my logs show -0- blocks for spamcop yet all my others RBL's still work.  Was anything done or is this something that is effecting only me?

You'll have to be a little more clear as to what your problem is. You seem to imply that bl.spamcop.net is no longer responding. You can try an nslookup of 2.0.0.127.bl.spamcop.net and see what happens. If that fails to respond something may be up with your DNS server(s).

Share this post


Link to post
Share on other sites

I happened to check all the bl mirrors just a few minutes ago and they are all working. You can see where the mirrors are by doing a dig bl.spamcop.net ns

Share this post


Link to post
Share on other sites

[root[at]dale mail]# dig bl.spamcop.net ns

; <<>> DiG 9.2.1 <<>> bl.spamcop.net ns

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33659

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;bl.spamcop.net. IN NS

;; ANSWER SECTION:

bl.spamcop.net. 86400 IN NS loopback.

;; Query time: 177 msec

;; SERVER: 127.0.0.1#53(0.0.0.0)

;; WHEN: Wed Feb 4 10:46:10 2004

;; MSG SIZE rcvd: 54

Share this post


Link to post
Share on other sites

It just doesn't seem to ask SP if the ip is relay anymore and the 3 other RBL's I use all work fine.

[root[at]dale mail]# nslookup 2.0.0.127.bl.spamcop.net

Note: nslookup is deprecated and may be removed from future releases.

Consider using the `dig' or `host' programs instead. Run nslookup with

the `-sil[ent]' option to prevent this message from appearing.

Server: 0.0.0.0

Address: 0.0.0.0#53

** server can't find 2.0.0.127.bl.spamcop.net: NXDOMAIN

Share this post


Link to post
Share on other sites
[root[at]dale mail]# dig bl.spamcop.net ns

; <<>> DiG 9.2.1 <<>> bl.spamcop.net ns

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33659

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;bl.spamcop.net.                        IN      NS

;; ANSWER SECTION:

bl.spamcop.net.      86400 IN      NS      loopback.

;; Query time: 177 msec

;; SERVER: 127.0.0.1#53(0.0.0.0)

;; WHEN: Wed Feb  4 10:46:10 2004

;; MSG SIZE  rcvd: 54

That's not right. You shouldn't get loopback as the answer. It sounds to me like whoever runs that DNS server has either intentionally blocked access to the bl or has tried to set something else up and gotten it wrong.

JT

Share this post


Link to post
Share on other sites

Calzonie, someone has been mucking with your nameserver. "bl.spamcop.net. 86400 IN NS loopback." is just plain wrong - it never should have gotten into your nameserver, as it specifies "don't use bl.spamcop.net for 24 hours". Please ask your nameserver's administrator who authorized that info and will fix it, what possessed them to install that info, when it was authorized and when it will be fixed, where that info came from, and why it was allowed into the nameserver. Thanks!

Share this post


Link to post
Share on other sites

I handle my own dns and have att as my forwards. The dns serial hasn't changed since november 03 and the running zone has the correct serial number. My sendmail.conf is as I created it.

sendmail.mc

FEATURE(`dnsbl',`bl.spamcop.net',`Rejected - http://spamcop.net/')dnl

sendmail.cf

# DNS based IP address spam list bl.spamcop.net

R$* $: $&{client_addr}

R$-.$-.$-.$- $: <?> $(dnsbl $4.$3.$2.$1.bl.spamcop.net. $: OK $)

R<?>OK $: OKSOFAR

R<?>$+<TMP> $: TMPOK

R<?>$+ $#error $[at] 5.7.1 $: Rejected - http://spamcop.net/

Is it possible that spamcop is now blocking me for one reason or another?

Here's a "tcpdump | grep spamcop"

: 32231+ AAAA? 39.220.195.208.bl.spamcop.net. (47) (DF)

11:23:53.277366 ns1.mydomain.com.32769 > dns-rs1.bgtmo.ip.att.net.domain: 49103+ AAAA? 39.220.195.208.bl.spamcop.net. (47) (DF)

11:23:51.263007 ns1.mydoamin.com.32769 > rmtu.mt.rs.els-gms.att.net.domain: 32231+ AAAA? 39.220.195.208.bl.spamcop.net. (47) (DF)

11:23:53.277366 ns1.mydomain.com.32769 > dns-rs1.bgtmo.ip.att.net.domain: 49103+ AAAA? 39.220.195.208.bl.spamcop.net. (47) (DF)

11:24:10.534846 ns2.mydomain.com.45483 > dns-rs1.bgtmo.ip.att.net.domain: 47673+ AAAA? 41.181.59.69.bl.spamcop.net. (45) (DF)

Share this post


Link to post
Share on other sites
I handle my own dns and have att as my forwards. The dns serial hasn't changed since november 03 and the running zone has the correct serial number.  My sendmail.conf is as I created it.

sendmail.mc

FEATURE(`dnsbl',`bl.spamcop.net',`Rejected - http://spamcop.net/')dnl

sendmail.cf

# DNS based IP address spam list bl.spamcop.net

R$*                  $: $&{client_addr}

R$-.$-.$-.$-            $: <?> $(dnsbl $4.$3.$2.$1.bl.spamcop.net. $: OK $)

R<?>OK                  $: OKSOFAR

R<?>$+<TMP>          $: TMPOK

R<?>$+                  $#error $[at] 5.7.1 $: Rejected - http://spamcop.net/

Is it possible that spamcop is now blocking me for one reason or another?

Here's a "tcpdump | grep spamcop"

:  32231+ AAAA? 39.220.195.208.bl.spamcop.net. (47) (DF)

11:23:53.277366 ns1.mydomain.com.32769 > dns-rs1.bgtmo.ip.att.net.domain:  49103+ AAAA? 39.220.195.208.bl.spamcop.net. (47) (DF)

11:23:51.263007 ns1.mydoamin.com.32769 > rmtu.mt.rs.els-gms.att.net.domain:  32231+ AAAA? 39.220.195.208.bl.spamcop.net. (47) (DF)

11:23:53.277366 ns1.mydomain.com.32769 > dns-rs1.bgtmo.ip.att.net.domain:  49103+ AAAA? 39.220.195.208.bl.spamcop.net. (47) (DF)

11:24:10.534846 ns2.mydomain.com.45483 > dns-rs1.bgtmo.ip.att.net.domain:  47673+ AAAA? 41.181.59.69.bl.spamcop.net. (45) (DF)

Your DNS server is confused. You're saying you run your own DNS, but do you run your own DNS cache? What do your clients computers have configured for DNS server? The serial number you mention is for your zone and doesn't have anything to do with the cache.

The tcpdump only shows IPV6 queries, going to AT&T DNS servers. I don't know why you're doing IPV6 queries or why you're querying AT&T servers.

Try restarting your cache and see if that fixes it by itself.

To see what a proper response looks like, try:

dig [at]use1.akam.net bl.spamcop.net ns

JT

Share this post


Link to post
Share on other sites

The box points to itself to resolve and the named.conf forwards to att.

I reloaded bind and ran your query:

[root[at]chip mail]# dig [at]use1.akam.net bl.spamcop.net ns

; <<>> DiG 9.2.1 <<>> [at]use1.akam.net bl.spamcop.net ns

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57687

;; flags: qr rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 8

;; QUESTION SECTION:

;bl.spamcop.net. IN NS

;; ANSWER SECTION:

bl.spamcop.net. 172800 IN NS blns12.spamcop.net.

bl.spamcop.net. 172800 IN NS blns4.spamcop.net.

bl.spamcop.net. 172800 IN NS blns5.spamcop.net.

bl.spamcop.net. 172800 IN NS blns6.spamcop.net.

bl.spamcop.net. 172800 IN NS blns8.spamcop.net.

bl.spamcop.net. 172800 IN NS blns10.spamcop.net.

bl.spamcop.net. 172800 IN NS blns11.spamcop.net.

bl.spamcop.net. 172800 IN NS blns9.spamcop.net.

;; ADDITIONAL SECTION:

blns12.spamcop.net. 172800 IN A 216.127.43.91

blns4.spamcop.net. 172800 IN A 194.109.6.147

blns5.spamcop.net. 172800 IN A 198.145.240.35

blns6.spamcop.net. 172800 IN A 209.198.142.147

blns8.spamcop.net. 172800 IN A 66.6.205.130

blns10.spamcop.net. 172800 IN A 206.67.234.112

blns11.spamcop.net. 172800 IN A 209.92.188.201

blns9.spamcop.net. 172800 IN A 208.39.222.110

;; Query time: 79 msec

;; SERVER: 63.209.170.136#53(use1.akam.net)

;; WHEN: Wed Feb 4 12:15:14 2004

;; MSG SIZE rcvd: 334

Share this post


Link to post
Share on other sites

Here's a manual query on an ip that is listed on spamcop:

[root[at]dale etc]# dig 39.220.195.208.bl.spamcop.net

; <<>> DiG 9.2.1 <<>> 39.220.195.208.bl.spamcop.net

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60187

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;39.220.195.208.bl.spamcop.net. IN A

;; AUTHORITY SECTION:

bl.spamcop.net. 10800 IN SOA loopback. root.loopback. 1 3600 600 3600000 86400

;; Query time: 2243 msec

;; SERVER: 127.0.0.1#53(0.0.0.0)

;; WHEN: Wed Feb 4 12:32:20 2004

;; MSG SIZE rcvd: 96

Also, I read:

http://www.spamcop.net/fom-serve/cache/294.html

And change the sendmail.conf section of Kdnsbl but it doesn't seem to change anything.

Share this post


Link to post
Share on other sites

Here's another manual dig after the sendmail.cf update:

[root[at]dale mail]# dig 100.220.111.207.bl.spamcop.net

;; AUTHORITY SECTION:

bl.spamcop.net. 10735 IN SOA loopback. root.loopback. 1 3600 600 3600000 86400

Here's a new tcpdump (diff ip), notice only one "A" now:

13:35:04.656464 ns2.mydomain.com.56636 > dns-rs1.bgtmo.ip.att.net.domain: 53021+ A? 207.68.119.66.bl.spamcop.net. (46) (DF)

Share this post


Link to post
Share on other sites

Well what do you know!!!!

I took out my isp (att) as the forward and let my dns query the root servers and:

Feb 4 13:37:52 dale sendmail[16862]: ruleset=check_relay, arg1=noc-207-182-132-120-su-4377-pt.youdidto.com, arg2=127.0.0.2, relay=noc-207-182-132-120-su-4377-pt.youdidto.com [207.182.132.120], reject=553 5.3.0 Rejected - http://spamcop.net/

Feb 4 13:46:37 chip sendmail[16757]: ruleset=check_relay, arg1=offd14.cw69.com, arg2=127.0.0.2, relay=offd14.cw69.com [66.239.205.114] (may be forged), reject=553 5.3.0 Rejected - http://spamcop.net/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×