Jump to content

Bumbling Idiots...


timothyx
 Share

Recommended Posts

What bumbling idiots created the blacklist removal tool? It does a reverse DNS lookup on my mail server's IP address, surprise surprise its comes back to my internet providers domain. Of course there are no MX records... So now you offer me a choice of some common administrator emails at my ISP's domain how exactly am i supposed to request delisting based on those emails?

Link to comment
Share on other sites

What bumbling idiots created the blacklist removal tool?

Someone that a lot of folks hold in very high regard, showing signs of genuis in many ways.

It does a reverse DNS lookup on my mail server's IP address,

And just what mail server might this be? (Actually, at this point, it doesn't matter .. the rDNS lookup is done against the IP Address, not your "mail server') The only information provided in your post is (data available to just a few) is the IP Address of the system you posted from. So that's what I used to start trying to look things up in order to try to answer your apparent 'real' question ...

Hostname: ip-203.191.163.83.dsl.sta.onestream.com.au ... doesn't really 'look' like an 'official' e-mail server, more like someone's DSL connection to their ISP.

surprise surprise its comes back to my internet providers domain. Of course there are no MX records...

??? and if there are MX records somewhere that point to something else, where and what might they be? Of course, the real question is actually asking just what IP Address is really involved .... which of course then leads to even more questions like is it one computer, a network point, is there a router and/or firewall in place, on and on .. all that wonderful stuff not mentioned in your rant ...

On the other hand ....

telnet 203.191.163.83 25

220 insightinformatics.com.au Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 19 Mar 2009 16:55:51 +1000

ns18.zoneedit.com reports the following MX records for 'insightinformatics.com.au':

Preference Host Name IP Address

0 mail.insightinformatics.com.au 203.191.163.83

Reverse DNS FAILED! This is a problem. (also explains some of your ranted-about issues)

So there really is an e-mail server running at that IP Address .... but there's some bad background data involved. Wondering if you really meant to lie about the "no MX records" or is it that this server/network/whatever isn't really under "your" control?

So now you offer me a choice of some common administrator emails at my ISP's domain how exactly am i supposed to request delisting based on those emails?

The "you" in question isn't actually 'here' .... on the other hand, delisting at the moment doesn't look like very good idea.

http://www.spamcop.net/w3m?action=checkblock&ip=203.191.163.83

203.191.163.83 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 23 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week

Has this been corrected yet? Hmmm, doesn't look like it ....

http://www.senderbase.org/senderbase_queri...=203.191.163.83

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ...... 3.5 ... 1357%

Last month .. 2.4

A starting spot might be http://www.spamcop.net/bl.shtml?203.191.163.83

It seems that taking the time to look at some FAQs, read some existing Posts/Discussions made by folks that have "been there before you" might be a better use of your time, as compared to simply stopping by here and venting .... especially without providing any real data. The delisting process would make more sense if the numbers and details seen above changed dramatically, typically by finding and removing the compromised system(s) from the network, infected computer(s) cleaned up, stuff like that ....

Link to comment
Share on other sites

The important thing is that apparently there is an infected computer (or insecure wireless router) at that IP address.

However, many server admins will not allow email from computers that have no reverse DNS. It doesn't affect the spamcop blocklist, but server admins do not only use the spamcop blocklist, but a variety of blocklists and content filters to prevent spam from entering their space.

Being listed on the spamcop blocklist is an early warning sign that somehow a spammer is using this IP address to send spam, usually without the owner's knowledge. If the computer is not cleaned up, then eventually that IP address will be listed on lots of blocklists. The spamcop blocklist is automatic - spam stops being reported, the IP address comes off the blocklist. Other blocklists are not automatic.

Miss Betsy

Link to comment
Share on other sites

What bumbling idiots created the blacklist removal tool? It does a reverse DNS lookup on my mail server's IP address, surprise surprise its comes back to my internet providers domain.

The primary function of that page is to allow the administrators of the mail server in question to delist after the issues have been resolved. It only allows that to be done once before you are forced to wait the 24 hours after the last spam is received, so precautions are needed.
Link to comment
Share on other sites

blcheck (<23 hours from listing)

203.191.163.83 not listed in bl.spamcop.net

-------------------------------------------------------------------------------------------

SenderBase

Report on IP address: 203.191.163.83

Hostname: ip-203.191.163.83.dsl.sta.onestream.com.au

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day 3.6 1449%

Last month 2.4

Information from whois

No information found for 203.191.163.83

-------------------------------------------------------------------------------------------

nslookup

> set type=mx

> insightinformatics.com.au

...

Non-authoritative answer:

insightinformatics.com.au MX preference = 0, mail exchanger = mail.insight

informatics.com.au

mail.insightinformatics.com.au internet address = 203.191.163.83

> asklibero.com

...

Non-authoritative answer:

asklibero.com MX preference = 0, mail exchanger = mail.asklibero.com

mail.asklibero.com internet address = 203.191.163.83

--------------------------------------------------------------------------------------------

SenderBase

Report on hostname: mail.insightinformatics.com.au

Volume Statistics for this Network Owner

Magnitude Vol Change vs. Last Month

Last day 0.0 N/A

Last month 0.0

Information from whois [ Show/hide details ]

Network Owner:

Registrant ID: ACN 010979987

Eligibility Type: Sole Trader

Link to comment
Share on other sites

blcheck (<23 hours from listing)

203.191.163.83 not listed in bl.spamcop.net

-------------------------------------------------------------------------------------------

SenderBase

Report on IP address: 203.191.163.83

Hostname: ip-203.191.163.83.dsl.sta.onestream.com.au

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day 3.6 1449%

Last month 2.4

Information from whois

No information found for 203.191.163.83

203.191.163.83

Record Type: IP Address

OrgName: Asia Pacific Network Information Centre

OrgID: APNIC

Address: PO Box 2131

City: Milton

StateProv: QLD

PostalCode: 4064

Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 202.0.0.0 - 203.255.255.255

CIDR: 202.0.0.0/7

NetName: APNIC-CIDR-BLK

NetHandle: NET-202-0-0-0-1

Parent:

NetType: Allocated to APNIC

NameServer: NS1.APNIC.NET

NameServer: NS3.APNIC.NET

NameServer: NS4.APNIC.NET

NameServer: TINNIE.ARIN.NET

NameServer: NS-SEC.RIPE.NET

NameServer: DNS1.TELSTRA.NET

Comment: This IP address range is not registered in the ARIN database.

Comment: For details, refer to the APNIC Whois Database via

Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl

Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry

Comment: for the Asia Pacific region. APNIC does not operate networks

Comment: using this IP address range and is not able to investigate

Comment: spam or abuse reports relating to these addresses. For more

Comment: help, refer to http://www.apnic.net/info/faq/abuse

Comment:

RegDate: 1994-04-05

Updated: 2005-05-20

OrgTechHandle: AWC12-ARIN

OrgTechName: APNIC Whois Contact

OrgTechPhone: +61 7 3858 3188

OrgTechEmail: search-apnic-not-arin[at]apnic.net

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...