Adding Documentation to Linux-SXS

David Bandel david.bandel
Thu Dec 7 11:43:28 PST 2006 

On 12/7/06, Kevin O'Gorman <kogorman at gmail.com> wrote:
[snip]
> >
> > Try hinfo.  It shows who has you listed and why.  Some sites, notably
> > abuse.net, seems to list a lot of site incorrectly.  For example, it
> > has pananix.com listed for not having a postmaster address.  The
> > postmaster and MAILER-DAEMON addresses, as abuse and spam are in _all_
> > my domains as the first aliases.  Most likely, they check from a
> > system that's blacklisted, although those addresses aren't included in
> > the blacklist checks, but something is wrong at their end.
>
> Easy for you to say.  Hinfo looks interesting, but I'm mildly baffled
> by the output, particularly by how my host is identified remotely as
> 0.0.0.2 or 127.1.0.1, 65.77.130.111, etc.  Take a look:  Notice also
> that SBC is my ISP, so their showing up in whois is normal.  The
> 64.160.0.0/12 address seems to blacklist me along with a huge slab of
> the ISP. What am I to make of all this?

I shouldn't have to say it:  RTFM.  hinfo returns more than just
blacklist info (which you would know if you read the fine manual).
The ASN number has nothing to do with blacklisting.

>
> > Processing treat.kosmanor.com (64.166.164.49)
> treat.kosmanor.com. is in Abuse.net Contacts as 0.0.0.2
>         "postmaster at treat.kosmanor.com"
>         "postmaster at kosmanor.com"
> 64.166.164.49 is adsl-64-166-164-49.dsl.snlo01.pacbell.net.
> adsl-64-166-164-49.dsl.snlo01.pacbell.net. is in Abuse.net Contacts as 0.0.0.1
>         "abuse at sbcglobal.net"
> adsl-64-166-164-49.dsl.snlo01.pacbell.net. is in rfc-ignorant whois as 127.0.0.5
> 64.166.164.49 is in Blars Block List as 127.1.0.1
>         Spam sending domain
> 64.166.164.49 is in v6net spammers as 65.77.130.111
> 64.166.164.49 is in Yahoo as 127.0.0.2
> 64.166.164.49 is in n13mbl relaywatcher as 208.38.61.228
> 64.166.164.49 in ASN7132 64.160.0.0/12
>
> IPQuery: 64.166.164.49 Server: whois.arin.net
> SBC Internet Services SBCIS-SIS80 (NET-64-160-0-0-1)
>                                   64.160.0.0 - 64.175.255.255
>

And yes, you have been blacklisted -- by v6net, by Yahoo (what a
joke), by n13mbl relaywatcher, and by blars (no big deal on blars).

Appears you're rfc-ignorant.  Do you have postmaster, MAILER-DAEMON,
spam, and abuse addresses as well as rDNS for your mail server? (Note:
the mail server rDNS does not have to say mail.foo.org, it just has to
exists.  And BTW, the ADSL list is like the dial-up list, normally
blocked by all mail servers as a spam-bot.

Ciao,

David A. Bandel
-- 
Focus on the dream, not the competition.
            - Nemesis Air Racing Team motto

More information about the Linux-users mailing list