[Gllug] blacklisted mail servers

Martyn Drake martyn at drake.org.uk
Fri Oct 21 08:57:18 UTC 2005 

Anthony Newman wrote:

> I know of at least one DNSBL who have gone to the extent of adding all 
> apparently dynamically-assigned IP address space (based on internet 
> registry information) to their list; the rationale presumably being that 
>  people on DHCP'd broadband etc. don't need to run a mail server, so any 
> mail originating from their address is likely to be as the result of a 
> trojan/zombie stylee compromise.

Oh yes.  I've seen that one myself.  In those cases the customer has had 
to rely on a third party smart host to send out all their mail.

However, why static IP addresses are not used in those instances I don't 
know - most ISPs will provide them for free (or for very little extra 
cost if not).  And don't the majority of ISPs in this country now block 
common server ports on their broadband offerings to prevent stupidly 
configured mail servers, trojans, viruses and so on from circulating and 
possibly landing them on various DNSBLs?  In those cases, the ISP then 
requires customers wanting to run legitimate services to get in contact 
with them (or the ISP has an automated system check) first so that they 
can test to ensure that the customer isn't likely to cause mischief.

After all, it's a headache for any legitimate ISP if they find any of 
their IP address blocks on a DNSBL - especially when customers start 
complaining to them that their emails are being rejected...

> An offshoot of this is that re-classified/re-assigned address space may 
> be contaminated or have not been correctly updated with the registry, so 
> it is possible to have a contaminated recently-assigned static IP 
> address block, which can lead to some head scratching :)

Unfortunately from what I've seen on 'nanae' it's almost impossible to 
reason with such DNSBLs.  There are a few good ones that do listen, 
understand and will do something to help you out, but I think for the 
vast majority of them fall in the description you give below :)

> DNSBLs are basically evil organisations staffed by fascist pigs, but a 
> lot of fools have been sucked into the easy spam-culling with which they 
> attract new addicts before stinging you with the "good stuff", which 
> entails a huge amount of grief and massively overloaded mail servers 
> because no-one will accept mail from you. AOL come a close second with 
> their own interpretation of the same thing.

Done right, DNSBLs are actually rather good.  But it's a question of 
knowing the good ones and rejecting the ones run by the facists ;)

And as for AOL - I remember provisioning a server from a dedicated 
server company and I somehow ended up with an IP address that was 
blacklisted with AOL.   When I got the server operational, I received 
complaints from my fellow users to say that AOL email was being blocked. 
   The efforts to find out why the emails were being blocked and to get 
it resolved probably deserve a book dedicated to it.  Such is the 
bureacracy involved it makes the process of adoption look easy.

Regards,

	Martyn
-- 
Martyn Drake
martyn at drake.org.uk
http://www.drake.org.uk

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list