Jump to content

on gremlin.ru blocklist, unable to find removal instructions


shouldbeq931
 Share

Recommended Posts

Hello,

I fiend of mine pointed me to a blocklist "meta" site, and one of my secondary exit addresses (IPv4) is listed as being on a single blocklist. The IP address is not listed as being on any other blocklist.

As it is not my primary exit address I've not seen any errors and I'm not too worried, but I would like to be able to prove my "innocence". My primary exit address is not listed on any blocklist :-)

Both primary and secondary are dedicated static addresses.

The site where I discovered this is http://domain-blacklist.e-dns.org and the listing appears as below

LISTED 455ms DRBL vote node gremlin.ru

DNS MX Record (Mail Server) <redacted>. resolves to a blacklisted IP <redacted>

LISTED 458ms DRBL work node gremlin.ru

DNS MX Record (Mail Server) <redacted>. resolves to a blacklisted IP <redacted>

There appears to be no HTTP response from gremlin.ru, I even tried lynx :-)

local[at]ten-0-4:~$ lynx gremlin.ru

Looking up 'gremlin.ru' first

Looking up gremlin.ru first

Looking up gremlin.ru

Making HTTP connection to gremlin.ru

Alert!: Unable to connect to remote host.

lynx: Can't access startfile http://gremlin.ru/

After a quick search I found this thread http://forum.spamcop.net/forums/lofiversio...php/t11590.html.

It suggested going here http://gremlin.ru/soft/drbl/en/faq.html#howtogetout but as there is no HTTP response this was a dead end.

Later in the thread it suggested doing nslookup <redacted>.vote.drbl.gremlin.ru but this fails

Later in the thread it suggested doing dig vote.drbl.gremlin.ru soa but this doesn't appear to have any useful information in it.

I'd appreciate any constructive suggestions on what my next step should be.

Thanks

edit

Just to add that IP addresses and domain names have been deliberately redacted. I'm not after assistance with finding out what list(s) I might be one or what the problem might be, I already know that what list I'm on, and I'm 99.99% certain that no spam has been sent by my mail servers from that address :-)

Edited by shouldbeq931
Link to comment
Share on other sites

gremlin.ru appears to be "down" at the moment. Nameservers are working but no server response.

Initiating server query ...

Looking up IP address for domain: gremlin.ru

The IP address for the domain is: 95.131.31.231

Connecting to the server on standard HTTP port: 80

No response was received from the machine and port at that IP. The machine may be offline or the connection port may be stealthed.

Query complete.

Suggest you re-try from time to time until it rouses. You can sometimes watch a server come to life bit-by-bit across the networks using http://just-ping.com/ or similar if it is still baulky after a few hours. Beats twiddling thumbs, I suppose. There's also a trial link to http://www.watchmouse.com/en/checkit.php at the bottom of the just-ping page to verify whether/where the server is serving content after completing the pings.

If you can't wait, you could at least research the FAQ there through the recently cached version - gremlin.ru/soft/drbl/en/faq.html (e.g. Google cache).

Housekeeping only - moving this to the Lounge as the topic is nothing to do with SpamCop, redirection link left in original forum section.

Link to comment
Share on other sites

Hello,

Just to add that IP addresses and domain names have been deliberately redacted. I'm not after assistance with finding out what list(s) I might be one or what the problem might be, I already know that what list I'm on, and I'm 99.99% certain that no spam has been sent by my mail servers from that address :-)

Just read the "Google cached FAQ"

From what I can gather someone has to "vote" for your server to be blocked

You need to get a actual bounce message from that blocklist to see why you have been blocked (who is voting for it eg "example.net")

Then

write to "postmaster AT example DOT net" and ask them to re-test your server.

It is possible the blocklist is now defunct?

I have nothing to do with this blocklist, in fact never heard of it till now?

Edited by petzl
Link to comment
Share on other sites

...

It is possible the blocklist is now defunct? ...

"The number of the dead DNSbls long exceedeth all that shall live," to misquote Sir Thomas Browne but this one is apparently still responding to DNSbl queries (ref multirbl.valli.org/dnsbl-lookup etc.). Must admit the website has been down for some time now. At this rate it is going to lose its Google-cached data next time the cache is updated. Presently there seems to be an acknowledgement there are problems:
Уважаемые посетители! Данный сервер, судя по всему, не будет доведен до ума уже никогда. В настоящий момент здесь наличествуют лишь:

<gremlin ПРИ gremlin ТЧК ru> - адрес, по которому со мной (теоретически) можно связаться.

http://gremlin.ru/soft/ - кое-какие мои труды.

http://gremlin.ru/antispam/ - методы борьбы с одним из видов сетевого дерьма.

http://speleo.gremlin.ru - а еще у меня вот такое увлечение есть...

Which is something like:

"Dear visitors! This server appears to not be brought to mind have never been. Currently, there are present only:

<gremlin gremlin STOP AT ru> - the address to which to me (in theory) can be contacted.

http://gremlin.ru/soft/ - some of my works.

http://gremlin.ru/antispam/ - methods of dealing with one type of network crap.

http://speleo.gremlin.ru - and even now I have a passion is ..."

...which is maybe a little too idiomatic to clearly tell me much but seems to say gremlin might be contacted at <gremlin AT gremlin stop ru> (not certain about that but he doesn't handle delisting anyway) and that some web pages may be available. Well, they don't seem to be and those pages don't address de-listing anyway.

Your summary of the de-listing process from the FAQ seems like it might be the only way forward if the O/P wants to progress this one.

Link to comment
Share on other sites

Apologies for posting in the wrong folder.

My Google foo wasn't quite good enough to find a cached copy last night. Many thanks for providing me with that link.

It might just be too early in the morning, but I'm getting lost on the instructions.

Possibly part of my problem is that I haven't actually had a 550 response and am just going on the response from http://domain-blacklist.e-dns.org/

First I tried

local[at]ten-0-4:~$ host -t any <redacted>.vote.drbl.gremlin.ru

Host <redacted>.vote.drbl.gremlin.ru not found: 3(NXDOMAIN)

local[at]ten-0-4:~$ host -t any <redacted>.work.drbl.gremlin.ru

Host <redacted>.work.drbl.gremlin.ru not found: 3(NXDOMAIN)

Then I tried

local[at]ten-0-4:~$ host -t any <redacted>.drbl.gremlin.ru

Host <redacted>.drbl.gremlin.ru not found: 3(NXDOMAIN)

Then I tried

local[at]ten-0-4:~$ host -t any<redacted>.gremlin.ru

<redacted>.gremlin.ru has address 95.131.31.231

<redacted>.gremlin.ru has IPv6 address 2a01:ba80::f1d0:2:5020:545

The last one indicating that there is a wildcard DNS response.

I'm obviously doing something incorrectly, but I think I'm now in a "can't see the wood for the trees" position. I'd be grateful if anyone could point out where I've misinterpreted the instructions.

Thanks

edit

I started writing the above before you posted, then breakfast got in the way and I stupidly didn't check to see if it had been updated before posting.

Edited by shouldbeq931
Link to comment
Share on other sites

It might just be too early in the morning, but I'm getting lost on the instructions.

Thanks

Not sure what IP your concerned with? This one (95.131.31.231) is not blacklistedlisted by gremlin? After going through the cached FAQ (while it lives) I seem to get the idea it also has trusted (whitelisted) servers?

It's as clear as mud to me also (SpamCop Blocklist takes an IP off after 24 hours of no spam, Gremlin don't seem to have an expiry time which means it fills with false positives)

From what I gather mail servers run software that "votes" for placement on gremlin

To get taken off that list you have to see a bounce message which will tell you who's "voted" put your IP on that list. It is only the postmaster of that mail server that can take you off that list?

Most DNS lists are formed by spamtraps which are usually impossible to guess email Addies similar to

spam_trap_hard2_guess_44 [AT]whoever.com

These are gathered by "spambots/webcrawlers. If someone is sending "vacation notification" "out of office" emails you can get listed when they mindlessly reply to "from" address which spammers normally forge.

Edited by petzl
Link to comment
Share on other sites

I did an AXFR on vote.drbl.gremlin.ru

dig [at]ns.gremlin.ru work.drbl.gremlin.ru AXFR &gt; work.drbl.gremlin.ru.zone

There is no entry for my address, but I did find this

*.120.213.vote.drbl.gremlin.ru. 86400 IN A	  127.0.0.2
*.120.213.vote.drbl.gremlin.ru. 86400 IN TXT	"spam source"
*.121.213.vote.drbl.gremlin.ru. 86400 IN A	  127.0.0.2
*.121.213.vote.drbl.gremlin.ru. 86400 IN TXT	"spam source"
*.122.213.vote.drbl.gremlin.ru. 86400 IN A	  127.0.0.2
*.122.213.vote.drbl.gremlin.ru. 86400 IN TXT	"spam source"
*.123.213.vote.drbl.gremlin.ru. 86400 IN A	  127.0.0.2
*.123.213.vote.drbl.gremlin.ru. 86400 IN TXT	"spam source"

I have a /28 in the middle of it...

I don't think I'm going to lose any sleep over it :-)

Thanks to all

edit

There are no whitelist entries in the list

Edited by shouldbeq931
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...