 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | May-2008 | Next-Thread | Next-Msg |
| Subject: | Re: Problem with Black List |
| Group: | Postfix-users |
| From: | Bill Cole |
| Date: | 8 May 2008 |
>Hi, unfortunately also for domain.it I am the postmaster !
>Thanks.
>
>------
>
> Salvatore.
I think there may be some confusion grounded in the odd domain names,
which people may have assumed to be "munged" from their real names.
Since the MX for domain.it resolves to the same set of addresses as
the A for mx.test.it, I'm assuming that you haven't munged the
domains and are telling the truth.
As postmaster, you should have access to all the hosts that
act as mail.test.it, as they are your mail exchangers. On whichever
of those machines actually rejected mail because of a bogus CBL hit,
you should run this command to look up the problem address in the CBL:
dig 157.15.174.81.cbl.abuseat.org
You should get a response something like this:
; <<>> DiG 9.3.4 <<>> 157.15.174.81.cbl.abuseat.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20251
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;157.15.174.81.cbl.abuseat.org. IN A
;; AUTHORITY SECTION:
cbl.abuseat.org. 1200 IN SOA ns1-cbl.abuseat.org.
cbl.cbl.abuseat.org. 1210274309 3600 600 432000 1200
;; Query time: 34 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu May 8 15:29:09 2008
;; MSG SIZE rcvd: 95
If you get an answer that does not have NXDOMAIN in the HEADER line
and has an ANSWER SECTION that includes A records showing something
other than 127.0.0.2 as the result, you are using a broken DNS server.
You may be able to fix your problem while still using a broken DNS
server by specifying a result in your reject_rbl_client setting:
reject_rbl_client cbl.abuseat.org=127.0.0.2
Anyone using a DNS resolver that they do not control or not paying
very close attention to the status of the DNSBL's they use should be
specifying results that way. Arguably, the default of treating any
result in a DNSBL lookup as a hit is a bug. ISP resolvers have
increasingly been returning bogus A records in place of NXDOMAIN in
order to funnel web surfers to their own advertising pages, and DNSBL
zones can end up with wildcards pointing to domain-vulture
webservers, so taking any result as a hit is dangerous.
>----- Original Message ----- From: "Arne Hoffmann" <arne>
>To: <postfix-users>
>Sent: Thursday, May 08, 2008 7:46 PM
>Subject: Re: Problem with Black List
>
>>Sasa wrote:
>>
>>>Final-Recipient: rfc822; test
>>>Original-Recipient: rfc822;test
>>>Action: failed
>>>Status: 5.7.1
>>>Remote-MTA: dns; mail.test.it
>>>Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host
>>> [81.174.15.157] blocked using cbl.abuseat.org
>>
>>Write a mail to postmaster and ask them to fix the problem.
--
Bill Cole
bill
| Prev-Msg | Prev-Thread | Postfix-users | May-2008 | Next-Thread | Next-Msg |