[sf-lug] wiki ... Re: I have a spare lenovo T420 laptop
Al
awsflug at sunnyside.com
Thu May 6 15:17:05 PDT 2021
Also, watch out for IPv6. Google has taken the position that something
they long wanted but it's hopeless to strong-arm people on for IPv4,
they are insisting on for IPv6. The IP # has to have an inverse record
with the "domain in question" which IIRC is the domain of the MX server,
not the email domain. Maybe. Anyway, at one time I didn't have that
set up right so at the moment I and just sending things out on IPv4.
I have to go out and update my spam filter for IPv6 anyway, so another
project...... real soon now.
On 5/6/2021 15:10, Rick Moen wrote:
> Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
>
>> Drats ...
>> # fgrep -hi ehud.kaldor at gmail.com /var/log/exim4/mainlog{.1,}
>> 2021-05-05 17:55:56 1leLkZ-0004uQ-3U ** ehud.kaldor at gmail.com
>> R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com
>> [2607:f8b0:400e:c07::1a] X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256
>> CV=yes DN="C=US,ST=California,L=Mountain View,O=Google
>> LLC,CN=mx.google.com": SMTP error from remote mail server after
>> pipelined end of data: 550-5.7.1 [2001:470:1f05:19e::2 19] Our
>> system has detected that this\n550-5.7.1 message is likely
>> suspicious due to the very low reputation of the\n550-5.7.1 sending
>> domain. To best protect our users from spam, the message
>> has\n550-5.7.1 been blocked. Please visit\n550 5.7.1
>> https://support.google.com/mail/answer/188131 for more information.
>> b4si5793943pgw.419 - gsmtp
>> #
> Auntie Goog thinks poorly of balug.org as an SMTP-sending domain?
> Time to check those DNSBLs.
>
>
> 1 of 2: http://multirbl.valli.org/ , test "DNSBL lookups", checking balug.org:
>
> Completely clean. Test runs at this site sometimes must be run again on
> account of transient test failures (somewhat misleadingly shown in red,
> intending to show failure not as a test return value but rather failure
> to connect to the back-end DNSBL sites).
>
>
> 2 of 2: https://www.dnsbl.info/ , checking 96.86.170.229 (IP where the
> MX record for balug.org points):
>
> 47 DNSBL passes, 2 failures. Those failures are:
>
> 1 b.barracudacentral.org
>
> $ dig 229.170.86.96.b.barracudacentral.org +short
> 127.0.0.2
> $ dig -t txt 229.170.86.96.b.barracudacentral.org +short
> "http://www.barracudanetworks.com/reputation/?pr=1&ip=96.86.170.229"
> $
>
> (Return page snippet from doing lookup on the site:)
>
> The IP address 96.86.170.229 is listed as "poor" on the Barracuda
> Reputation System. To request removal, please click here.
>
>
>
>
>
> 2. spam.dnsbl.sorbs.net
> $ dig 229.170.86.96.spam.dnsbl.sorbs.net +short
> 127.0.0.6
> $ dig -t txt 229.170.86.96.spam.dnsbl.sorbs.net +short
> ;; Truncated, retrying in TCP mode.
> "Spam Received See: http://www.sorbs.net/lookup.shtml?96.86.170.229"
> $
>
>
>
> Spam record for address 96.86.170.229
> Description: Spam Received from this host
> Record Created: 04:30:02 24 Apr 2021 GMT-04
> Message ID (munged): 590**************************9$@******org
> Additional Information: No Info
>
> The following hostname is found within this spam.
> j.mp Hostname has been marked as hosting a spamvertised website/URL.
>
>
>
> Spam record for address 96.86.170.229
> Description: Spam Received from this host
> Record Created: 04:30:01 24 Apr 2021 GMT-04
> Message ID (munged): 590**************************9$@******org
> Additional Information: No Info
>
> The following hostname is found within this spam.
> j.mp Hostname has been marked as hosting a spamvertised website/URL.
>
>
>
> Spam record for address 96.86.170.229
> Description: Spam Received from this host
> Record Created: 04:49:44 16 Apr 2021 GMT-04
> Message ID (munged): C6C*******************************0D@******org
> Additional Information: No Info
>
>
>
> Spam record for address 96.86.170.229
> Description: Spam Received from this host
> Record Created: 17:07:50 12 Apr 2021 GMT-04
> Message ID (munged): 6.8***********************.5@******org
> Additional Information: No Info
>
>
>
>
> Above presumably will help you a little, Michael, in hunting through
> logs, etc., trying to find what these two DNSBLs are reacting to.
>
> This may or may not apply, and some DNSBLs are just error-prone and
> collectors of bad information, but _sometimes_ in my experience the
> root cause turns out to be one or more Mailman listadmin who voluntarily
> signed up to receive Mailman administrative notices, which often concern
> held or rejected spam, but failed to think about collateral damage from
> the listadmin's (or more often the listadmin's ISP's) antispam defences.
>
> For example, for a while when Jim Stockford was _theoretically_ one of
> the listadmins for the SF-LUG mailing list (hosted on my linuxmafia.com
> server) -- although he seems to have never actually shouldered any of
> the listadmin duties over more than a decade of allegedly being a
> listadmin -- his ISP's spam defences added linuxmafia.com to a number of
> DNSBLs as a spamhaus, strictly in reaction to the (legitimate) Mailman
> administrative notices that the ISP's MTA considered spammy.
>
> That injury persisted until I noticed the syndrome and removed Jim as a
> listadmin.
>
> You might want to check the roster of BALUG listadmins to see if any
> listadmin is likewise shooting balug.org in the foot.
>
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/
More information about the sf-lug
mailing list