Re: postfix and zen vs sbl-xbl

Tue, 29 Apr 2008 14:43:41 -0700

What do you get if you do a DNS lookup, i.e. 'dig 17.165.202.64.zen.spamhaus.org' in a terminal session? 

;; QUESTION SECTION:
;17.165.202.64.zen.spamhaus.org.        IN      A

;; ANSWER SECTION:
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.92
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.93
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.94
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.95
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.90
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.91



So.... an A record is being returned, but none are the expected 
answer (either 127.0.0.2-11 or nothing). According to the postfix 
docs, if I do not specify, for example, reject_rbl_client 
zen.spamhaus.org=127.0.0.2, I will get a reject if any A record is 
returned.



But what are those A records? Ah-ha - barefruit, the bastards. 
Because I'm using an earthlink upstream resolver.




The other possibility is that you may be forwarding your DNS queries 
to a server that plays games with them.


<snip>


I would say this may be what is happening. I used to run djbdns on my 
Linux box but that's fallen by the wayside at the moment with OSX. 
Looks like I might need to return.



You may get around ISP DNS injection by specifying the Spamhaus 
return codes in your postfix config:


smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.2,
   reject_rbl_client zen.spamhaus.org=127.0.0.4,
   reject_rbl_client zen.spamhaus.org=127.0.0.5,
   reject_rbl_client zen.spamhaus.org=127.0.0.10,
   reject_rbl_client zen.spamhaus.org=127.0.0.11


Otherwise, reject_rbl_client will catch on any answer from the DNS 
query, and since DNS injection is done to inject bogus A records 
pointing at real IP's, it will make reject_rbl_client catch if you 
don't specify the lookup result.


Yep, there you go. Haven't tried it yet, but I will bet that's what's going on.


Bill, you are still a lifesaver. My roughly 5-yr-old (?) offer of 
dinner and a beer in the RTP NC area if you ever make it here is 
still good!



Stefan Jeglinski


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>























					Reply via email to