Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: SORBS Blacklist

Hybrid View

  1. #1
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Angry SORBS Blacklist

    Our email server is on XX.X.56.182
    Our domain/primary DNS is on XX.X.56.162

    The IP XX.X.56.162 has been blacklisted by SORBS for being a dyanmic IP, even though it's a static IP.

    Now clients that use SORBS are unable to send/recieve emails to us.

    The bounce backs say:
    This message has been block because it is from a black ip XX.X.56.162

    I've tried de-listing via SORBS, the robot reply says it'll de-list XX.X.56.162, but nothing has changed for over 2 months now....

    This is costing us business, and the wolves are breathing down my back to get it fixed ASAP.

    What are my options?

  2. #2
    Join Date
    Nov 2007
    Posts
    27
    Rep Power
    8

    Default

    I would say it's up to your ISP to fix this. If they don't do it use a ISP that doesn't have blacklisted ip:s

  3. #3
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    Right from the SORBS website, they say only the ISP has power over this unless you have rDNS setup.

    From time to time the DUHL will need to be modified as ISP networks are changed. ISPs are invited to send changes to their address ranges listed.
    Anyone else may request delisting of addresses or netblocks provided that reverse DNS naming is set to indicate static assignment. SORBS will consider unique names that are not part of a generic naming scheme, or a generic naming scheme with an indication of staticness (we prefer the word "static" being included in the names, but will accept any existing ISP convention if the ISP just informs us of it) as proof of static assignment. Also, the Times to Live of the PTR records need to be 43200 seconds or more. This is an arbitrary limit chosen by SORBS. And of course, the reverse DNS names need to be valid; i.e. the names given in reverse DNS need to map forward to the IP addresses for which they were given.
    Taken from: SORBS Dynamic User/Host List FAQ

  4. #4
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    I've been trying to contact XO our ISP....but with no luck, haven't heard back yet.

    Any temporary workaround?

  5. #5
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    There are lots of mail relay services that you could sign up for and use as a temporary fix.

    Something like Outgoing SMTP Authentication - Zimbra :: Wiki

  6. #6
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    Hmmmm...ok.
    I poked around a bit...

    I did a nslookup...
    XX.X.56.182 - email.server.com
    XX.X.56.180 - dns.server.com
    XX.X.56.162 - TIMED OUT

    Now when the emails bounce back...they say XX.X.56.162 is blacklisted dispite the email server being on XX.X.56.182...

    Why is it saying XX.X.56.162....?
    The domain and name servers are on XX.X.56.180
    And the email server is on XX.X.56.182

    The nslookup is saying the rDNS is failing on XX.X.56.162...
    But why does XX.X.56.162 even matter!?!

    (ok got tired typing the XX.X...LOL)

    Is there a way to redirect 162 to 182 or 180?
    Or is it possible to create a PTR for 162 with the same domains as the DNS and mail server?

    So odd...can someone explain this to me...?

  7. #7
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    It might help to post the actual IP addresses so that others can analyze directly. I'm not sure what security issues you might have, and those might certainly be valid, but by not sharing this information you're making it harder for others to help you.

    Aside from that I'd suggest sending email to gmail several times and making sure that it isn't coming from .162.

  8. #8
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    It's likely that your server is making outbound connections from that IP. Are you behind a NAT?

  9. #9
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    I emailed the IPs to y@w....

    I think the emails are coming out of 162 cause that's the IP that got banned and the IP listed in bounce backs...

    yes, behind a NAT....it's the firewall that's on 162....

  10. #10
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    Yeah, logs on my end show them coming from .162.

    I used the sorbs.org checker and it shows your .182 IP as:

    Listed as an exception and therefore NOT blocked.
    It also looks like rDNS is setup for that IP.

    I'm assuming then that you're behind a NAT.. Depending upon the brand/model, you should be able to just add an SNAT rule (terminology can change) for traffic from your mail server to be coming from that IP.

Similar Threads

  1. How to Whitelist a SORBS Blacklisted Server
    By the_griz in forum Administrators
    Replies: 4
    Last Post: 04-03-2010, 04:59 PM
  2. Per domain blacklist
    By lfasci in forum Administrators
    Replies: 3
    Last Post: 10-06-2009, 08:45 AM
  3. Fake Blacklist and DNSAdvantage ???
    By palmczak in forum Administrators
    Replies: 0
    Last Post: 12-04-2008, 11:17 AM
  4. Limit to a blacklist?
    By Jbrabander in forum Administrators
    Replies: 13
    Last Post: 08-13-2008, 09:02 AM
  5. Replies: 0
    Last Post: 03-05-2007, 02:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •