On 2/14/2021 10:00 AM, Chris via mailop wrote:
On 2021-02-14 01:42, André Peters via mailop wrote:
...
2) Securi.net used mxtoolbox. It has problems of its own of
synthesizing it's own queries, and jumping to conclusions and
misleading you. For example, if you do a domain lookup, you can end
up with assertions you're listed in IP-only DNSBLs which have nothing
to do with you.
I personally prefer to use this for straight and
uncomplicated/non-misleading results:
http://multirbl.valli.org/lookup/192.124.249.6.html
Which lists some 9 listings for the IP. Now of course most of the
DNSBLs listing it are trivial, not used much, or largely ignored (like
RFC Ignorant), there are at least two that do seem indicate that they
HAVE seen email traffic from that specific IP. So something seems to
be awry with their assertion it can't make outbound connections.
- If I had a nickel for everyone who insisted that their IP can't send
email, when I have spam sample in my hand proving otherwise, I'd have
retired long ago, or at least be a few dozen cases of beer richer.
Even tho it's Securi.net, I'd prefer to see them at least expending
the effort to see if anything *is* emitting from that IP rather than
just asserting it. It wouldn't the first time that network hardware
got infected, or a network operator got outsmarted.
This was my first thought. The article's author states that his server
doesn't accept [incoming] connections on port 25 and somehow interprets
this as though the server therefore could not possibly send [outbound]
mail on port 25. This is obviously false. A form on a website, a command
line script, a malicious binary, etc could all certainly send email
messages on a system that's not listening on port 25 (or has incoming
connections to port 25 blocked). While remote, there's also a
possibility of IP hijacking or spoofing - more likely when you're just
talking about port scanning logs, less likely when you're talking about
fully functional TCP connections.
I'm surprised the author didn't try to do any self-verification (or
state as such) before writing an article defaming another party.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop