Adding Documentation to Linux-SXS

Kevin O'Gorman kogorman
Sat Dec 9 20:37:04 PST 2006 

On 12/9/06, David Bandel <david.bandel at gmail.com> wrote:
> On 12/9/06, Kevin O'Gorman <kogorman at gmail.com> wrote:
> > On 12/7/06, David Bandel <david.bandel at gmail.com> wrote:
> > > On 12/7/06, Kevin O'Gorman <kogorman at gmail.com> wrote:
> > > [snip]
> > > > >
> > > > > Try hinfo.  It shows who has you listed and why.  Some sites, notably
> > > > > abuse.net, seems to list a lot of site incorrectly.  For example, it
> > > > > has pananix.com listed for not having a postmaster address.  The
> > > > > postmaster and MAILER-DAEMON addresses, as abuse and spam are in _all_
> > > > > my domains as the first aliases.  Most likely, they check from a
> > > > > system that's blacklisted, although those addresses aren't included in
> > > > > the blacklist checks, but something is wrong at their end.
> > > >
> > > > Easy for you to say.  Hinfo looks interesting, but I'm mildly baffled
> > > > by the output, particularly by how my host is identified remotely as
> > > > 0.0.0.2 or 127.1.0.1, 65.77.130.111, etc.  Take a look:  Notice also
> > > > that SBC is my ISP, so their showing up in whois is normal.  The
> > > > 64.160.0.0/12 address seems to blacklist me along with a huge slab of
> > > > the ISP. What am I to make of all this?
> > >
> > > I shouldn't have to say it:  RTFM.  hinfo returns more than just
> > > blacklist info (which you would know if you read the fine manual).
> > > The ASN number has nothing to do with blacklisting.
> >
> > You don't have to say it, but you might give a pointer to the FM.
> > Googling hinfo got me to the software, but nothing else.  The packaged
> > man page is minimal, to say the least.  So what FM should I be
> > reading?
>
> I have a FM (man page) on my system that came with hinfo, and it
> presented enough info for me to discern that much more than blacklist
> information was provided.  In fact, the DESCRIPTION of the software
> doesn't even mention blacklists until the fourth para.

Right.  I knew it wasn't all blacklists, which is why I had to ask for
an interpretation of what it was.
I still don't know what they all are, but I'm learning.  What would
help is some information about what they are if they're not
blacklists.  I did research abuse.com, and have some idea what are
about, and I've registered with them.

> >
> > In particular, what should I make of those odd generic IP addresses?
>
> well 127.0.0.x goes nowhere.  127.0.0.0/8 is localhost.  0.0.0.x is
> also non-existant.  Now your 65.77.130.111 is in your block
> 64.160.0.0/12.

This is part of the puzzle.  I know what 127.x.x.x and 0.0.0.x are,
thus I'm wondering if anyone knows why they are listed at all.  They
have no more meaning to me than they have to everyone, so their
presense in this list is entirely mysterious to me.  And I have no
idea what 65.77.130.111 has to do with me at all.  My address begins
with 64.  I do understand that "ASN7132" has blacklisted a large block
that includes me -- the earlier message indicated that this could
happen to all ADSL IP's -- but that block has noting to with
65.anything.

So far, I haven't made any sense at all of the "as x" phrases in the
hinfo output.

I would have guessed that v6net would have to do with IP v6, but I'm
not aware of being connected to the IP v6 net at all.  What could I
have to do with spamming on that net?

Anyway, the report is changing.  Perhaps because of changes I'm making
as this goes on, but it's actually longer and a bit more
ominous-seeming now, although I haven't changed anything in Postfix
save adding the "spam" alias:

Processing treat.kosmanor.com (64.166.164.49)
treat.kosmanor.com. is in Abuse.net Contacts as 0.0.0.2
        "postmaster at kosmanor.com"
        "postmaster at treat.kosmanor.com"
64.166.164.49 is adsl-64-166-164-49.dsl.snlo01.pacbell.net.
adsl-64-166-164-49.dsl.snlo01.pacbell.net. is in Abuse.net Contacts as 0.0.0.1
        "abuse at sbcglobal.net"
adsl-64-166-164-49.dsl.snlo01.pacbell.net. is in rfc-ignorant whois as 127.0.0.5
64.166.164.49 is in Blars Block List as 68.178.232.99
        Spam sending domain
        Multi-hop relay
        Hosts spamers web sites
        Hosts spammers email dropboxes
        Knowingly supports spammers
        attepted mail relay
        attepted formmail exploit
        carreer spammer support
        provides connection to rogue isp
64.166.164.49 is in selwerd XBL as 64.237.51.57
64.166.164.49 is in v6net spammers as 65.77.130.111
64.166.164.49 is in Yahoo as 127.0.0.2
64.166.164.49 is in n13mbl relaywatcher as 208.38.61.228
timeout looking up 64.166.164.49 in vox schpider
64.166.164.49 in ASN7132 64.160.0.0/12

IPQuery: 64.166.164.49 Server: whois.arin.net
SBC Internet Services SBCIS-SIS80 (NET-64-160-0-0-1)
                                  64.160.0.0 - 64.175.255.255


-- 
Kevin O'Gorman, PhD

More information about the Linux-users mailing list