shouldbeq931 Posted June 1, 2012 Posted June 1, 2012 Hello, I fiend of mine pointed me to a blocklist "meta" site, and one of my secondary exit addresses (IPv4) is listed as being on a single blocklist. The IP address is not listed as being on any other blocklist. As it is not my primary exit address I've not seen any errors and I'm not too worried, but I would like to be able to prove my "innocence". My primary exit address is not listed on any blocklist :-) Both primary and secondary are dedicated static addresses. The site where I discovered this is http://domain-blacklist.e-dns.org and the listing appears as below LISTED 455ms DRBL vote node gremlin.ru DNS MX Record (Mail Server) <redacted>. resolves to a blacklisted IP <redacted> LISTED 458ms DRBL work node gremlin.ru DNS MX Record (Mail Server) <redacted>. resolves to a blacklisted IP <redacted> There appears to be no HTTP response from gremlin.ru, I even tried lynx :-) local[at]ten-0-4:~$ lynx gremlin.ru Looking up 'gremlin.ru' first Looking up gremlin.ru first Looking up gremlin.ru Making HTTP connection to gremlin.ru Alert!: Unable to connect to remote host. lynx: Can't access startfile http://gremlin.ru/ After a quick search I found this thread http://forum.spamcop.net/forums/lofiversio...php/t11590.html. It suggested going here http://gremlin.ru/soft/drbl/en/faq.html#howtogetout but as there is no HTTP response this was a dead end. Later in the thread it suggested doing nslookup <redacted>.vote.drbl.gremlin.ru but this fails Later in the thread it suggested doing dig vote.drbl.gremlin.ru soa but this doesn't appear to have any useful information in it. I'd appreciate any constructive suggestions on what my next step should be. Thanks edit Just to add that IP addresses and domain names have been deliberately redacted. I'm not after assistance with finding out what list(s) I might be one or what the problem might be, I already know that what list I'm on, and I'm 99.99% certain that no spam has been sent by my mail servers from that address :-)
Farelf Posted June 1, 2012 Posted June 1, 2012 gremlin.ru appears to be "down" at the moment. Nameservers are working but no server response. Initiating server query ... Looking up IP address for domain: gremlin.ru The IP address for the domain is: 95.131.31.231 Connecting to the server on standard HTTP port: 80 No response was received from the machine and port at that IP. The machine may be offline or the connection port may be stealthed. Query complete. Suggest you re-try from time to time until it rouses. You can sometimes watch a server come to life bit-by-bit across the networks using http://just-ping.com/ or similar if it is still baulky after a few hours. Beats twiddling thumbs, I suppose. There's also a trial link to http://www.watchmouse.com/en/checkit.php at the bottom of the just-ping page to verify whether/where the server is serving content after completing the pings. If you can't wait, you could at least research the FAQ there through the recently cached version - gremlin.ru/soft/drbl/en/faq.html (e.g. Google cache). Housekeeping only - moving this to the Lounge as the topic is nothing to do with SpamCop, redirection link left in original forum section.
petzl Posted June 2, 2012 Posted June 2, 2012 Hello, Just to add that IP addresses and domain names have been deliberately redacted. I'm not after assistance with finding out what list(s) I might be one or what the problem might be, I already know that what list I'm on, and I'm 99.99% certain that no spam has been sent by my mail servers from that address :-) Just read the "Google cached FAQ" From what I can gather someone has to "vote" for your server to be blocked You need to get a actual bounce message from that blocklist to see why you have been blocked (who is voting for it eg "example.net") Then write to "postmaster AT example DOT net" and ask them to re-test your server. It is possible the blocklist is now defunct? I have nothing to do with this blocklist, in fact never heard of it till now?
Farelf Posted June 2, 2012 Posted June 2, 2012 ... It is possible the blocklist is now defunct? ... "The number of the dead DNSbls long exceedeth all that shall live," to misquote Sir Thomas Browne but this one is apparently still responding to DNSbl queries (ref multirbl.valli.org/dnsbl-lookup etc.). Must admit the website has been down for some time now. At this rate it is going to lose its Google-cached data next time the cache is updated. Presently there seems to be an acknowledgement there are problems:Уважаемые поÑетители! Данный Ñервер, ÑÑƒÐ´Ñ Ð¿Ð¾ вÑему, не будет доведен до ума уже никогда. Ð’ наÑтоÑщий момент здеÑÑŒ наличеÑтвуют лишь: <gremlin ПРИ gremlin ТЧК ru> - адреÑ, по которому Ñо мной (теоретичеÑки) можно ÑвÑзатьÑÑ. http://gremlin.ru/soft/ - кое-какие мои труды. http://gremlin.ru/antispam/ - методы борьбы Ñ Ð¾Ð´Ð½Ð¸Ð¼ из видов Ñетевого дерьма. http://speleo.gremlin.ru - а еще у Ð¼ÐµÐ½Ñ Ð²Ð¾Ñ‚ такое увлечение еÑÑ‚ÑŒ... Which is something like: "Dear visitors! This server appears to not be brought to mind have never been. Currently, there are present only: <gremlin gremlin STOP AT ru> - the address to which to me (in theory) can be contacted. http://gremlin.ru/soft/ - some of my works. http://gremlin.ru/antispam/ - methods of dealing with one type of network crap. http://speleo.gremlin.ru - and even now I have a passion is ..." ...which is maybe a little too idiomatic to clearly tell me much but seems to say gremlin might be contacted at <gremlin AT gremlin stop ru> (not certain about that but he doesn't handle delisting anyway) and that some web pages may be available. Well, they don't seem to be and those pages don't address de-listing anyway. Your summary of the de-listing process from the FAQ seems like it might be the only way forward if the O/P wants to progress this one.
shouldbeq931 Posted June 2, 2012 Author Posted June 2, 2012 Apologies for posting in the wrong folder. My Google foo wasn't quite good enough to find a cached copy last night. Many thanks for providing me with that link. It might just be too early in the morning, but I'm getting lost on the instructions. Possibly part of my problem is that I haven't actually had a 550 response and am just going on the response from http://domain-blacklist.e-dns.org/ First I tried local[at]ten-0-4:~$ host -t any <redacted>.vote.drbl.gremlin.ru Host <redacted>.vote.drbl.gremlin.ru not found: 3(NXDOMAIN) local[at]ten-0-4:~$ host -t any <redacted>.work.drbl.gremlin.ru Host <redacted>.work.drbl.gremlin.ru not found: 3(NXDOMAIN) Then I tried local[at]ten-0-4:~$ host -t any <redacted>.drbl.gremlin.ru Host <redacted>.drbl.gremlin.ru not found: 3(NXDOMAIN) Then I tried local[at]ten-0-4:~$ host -t any<redacted>.gremlin.ru <redacted>.gremlin.ru has address 95.131.31.231 <redacted>.gremlin.ru has IPv6 address 2a01:ba80::f1d0:2:5020:545 The last one indicating that there is a wildcard DNS response. I'm obviously doing something incorrectly, but I think I'm now in a "can't see the wood for the trees" position. I'd be grateful if anyone could point out where I've misinterpreted the instructions. Thanks edit I started writing the above before you posted, then breakfast got in the way and I stupidly didn't check to see if it had been updated before posting.
petzl Posted June 2, 2012 Posted June 2, 2012 It might just be too early in the morning, but I'm getting lost on the instructions. Thanks Not sure what IP your concerned with? This one (95.131.31.231) is not blacklistedlisted by gremlin? After going through the cached FAQ (while it lives) I seem to get the idea it also has trusted (whitelisted) servers? It's as clear as mud to me also (SpamCop Blocklist takes an IP off after 24 hours of no spam, Gremlin don't seem to have an expiry time which means it fills with false positives) From what I gather mail servers run software that "votes" for placement on gremlin To get taken off that list you have to see a bounce message which will tell you who's "voted" put your IP on that list. It is only the postmaster of that mail server that can take you off that list? Most DNS lists are formed by spamtraps which are usually impossible to guess email Addies similar to spam_trap_hard2_guess_44 [AT]whoever.com These are gathered by "spambots/webcrawlers. If someone is sending "vacation notification" "out of office" emails you can get listed when they mindlessly reply to "from" address which spammers normally forge.
shouldbeq931 Posted June 2, 2012 Author Posted June 2, 2012 I did an AXFR on vote.drbl.gremlin.ru dig [at]ns.gremlin.ru work.drbl.gremlin.ru AXFR > work.drbl.gremlin.ru.zone There is no entry for my address, but I did find this *.120.213.vote.drbl.gremlin.ru. 86400 IN A 127.0.0.2 *.120.213.vote.drbl.gremlin.ru. 86400 IN TXT "spam source" *.121.213.vote.drbl.gremlin.ru. 86400 IN A 127.0.0.2 *.121.213.vote.drbl.gremlin.ru. 86400 IN TXT "spam source" *.122.213.vote.drbl.gremlin.ru. 86400 IN A 127.0.0.2 *.122.213.vote.drbl.gremlin.ru. 86400 IN TXT "spam source" *.123.213.vote.drbl.gremlin.ru. 86400 IN A 127.0.0.2 *.123.213.vote.drbl.gremlin.ru. 86400 IN TXT "spam source" I have a /28 in the middle of it... I don't think I'm going to lose any sleep over it :-) Thanks to all edit There are no whitelist entries in the list
Recommended Posts
Archived
This topic is now archived and is closed to further replies.