How To Do Blacklisting And Ospf With Djbdns

Jun 17, 2007

this is about a patch that once applied against djbdns source tree will allow you do to dns blacklisting, dns ospf and other cool stuff - at country level and not only.

since most of this stuff is done at a "higher layer" like www or smtp service, moving it to dns is a gain for your server (you define access rules to your internet services before client is actually accessing the service and not while he is doing it).

you can find detailed description, full howto and samples at
[url]

View 1 Replies


ADVERTISEMENT

Blacklisting

Sep 5, 2007

I'm getting mails bounced back from 2 domains. I can't specify the exact domain, but one is .fr and the other .de. I am a 3 year happy BlueWho costumer, BUT, the only other time I considered another host (and actually got it, just never left BlueWho), was because e-mail problems. They SUCK at troubleshooting e-mails, imo.

Ok so, their last ticket reply reads:

-----------
John,

then it has nothing to do with our server, please ask them to whitelist you in thier content filtering system.
-----------

I know NOTHING about blacklisting but what I have read here. That it takes months sometimes to get out of those lists or something? Anyway, it sounds (to me) that this is happening here? Or not necessarily? I mean, why would I need to be "whitelisted"!?

I linked some gmail account to my address meanwhile, but I'm considering new hosts if that will do the trick.

BlueWho claims it's nothing on their servers. But these companies are huge and I doubt they are totally incommunicated. In fact, they are not, since I can mail them with gmail,

And while I'm on it.. I was looking at the current recommendations that are going on here. Damn, they offer MUCH more than BlueWho. Are they as reliable (TrexHost, HostNine)? I use like NO bandwidth nor space, hah. So I need uber uptime and stability, really. Service next (not 1st in list since I only do basic stuff), and then price. I have used one month of the basic package's limit probably in 1 year,

View 12 Replies View Related

Ongoing Blacklisting

Aug 28, 2007

For the last month I've had problems with my VPS being blacklisted, and it always seems to be around the same time of day.

Anyway, the VPS is managed, but it's a right pain the backside getting support to deal with the problem for me and sort it out. I get answers like "Its a PHP script", and when I ask which script they say they can't find out.

After getting advice from people on this forum, I asked support to setup exim so that it recorded the folder of any scripts sending out mail, but when I run grep so show any exim_mainlog entries with cwd= there is very little appearing appart from genuine mails being sent by contact forms on websites.

I managed to get evidence of a mail which caused the server to be blacklisted and sent this to support, who said the mails are being send via header injection on contact scripts, so I've got through the contact scripts and changed them, but again, still blacklisted.

I may be wrong here, but surely if someone was doing mail injection then I would be receiving copies of the mail myself as the website mails me with the enquiry, and also surely the exim_mainlog would so the folder containing the script as sending mails...but it doesnt.

I'm completely lost here, somehow mail is being sent from the server, whether it be via a script or what, but I can't(and neither can support) determine the exact script that is sending mail.

Here is a snippet of the exim_mainlog from around the time the evidence mail was sent.

Code:
Aug 25 21:59:40 awt spamd[5164]: spamd: checking message <16291601c7e75a$d5a016e0$0d4cb34c@ALLEN> for thegran:32010
Aug 25 21:59:46 awt spamd[23731]: spamd: connection from localhost [127.0.0.1] at port 47366
Aug 25 21:59:46 awt spamd[23731]: spamd: setuid to libraifa succeeded
Aug 25 21:59:46 awt spamd[23731]: spamd: checking message <494307824222.548029453854@flcjn.net> for libraifa:32006
Aug 25 21:59:48 awt spamd[5164]: spamd: identified spam (17.1/5.0) for thegran:32010 in 7.7 seconds, 1050 bytes.
Aug 25 21:59:48 awt spamd[5164]: spamd: result: Y 17 - BAYES_99,DATE_IN_PAST_06_12,FORGED_MUA_OUTLOOK,INVALID_MSGID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RDNS_DYNAMIC,STOX_REPLY_TYPE,URIBL_BLACK,URIBL_RHS_DOB,URIBL_SBL scantime=7.7,size=1050,user=thegran,uid=32010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=47347,mid=<16291601c7e75a$d5a016e0$0d4cb34c@ALLEN>,bayes=1.000000,autolearn=spam
Aug 25 21:59:48 awt spamd[28500]: prefork: child states: IB
Aug 25 21:59:52 awt spamd[23731]: spamd: identified spam (12.3/2.5) for libraifa:32006 in 6.4 seconds, 6742 bytes.
Aug 25 21:59:52 awt spamd[23731]: spamd: result: Y 12 - AXB_XMID_1212,BAYES_60,EXTRA_MPART_TYPE,HTML_IMAGE_ONLY_04,HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE scantime=6.4,size=6742,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=47366,mid=<494307824222.548029453854@flcjn.net>,bayes=0.654621,autolearn=no
Aug 25 21:59:52 awt spamd[28500]: prefork: child states: II
Aug 25 21:59:53 awt pop3d: LOGIN, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86]
Aug 25 21:59:56 awt pop3d: LOGOUT, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86], top=0, retr=39944, rcvd=56, sent=40746, time=3
Aug 25 22:04:12 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 48176
Aug 25 22:04:12 awt spamd[5164]: spamd: setuid to libraifa succeeded
Aug 25 22:04:12 awt spamd[5164]: spamd: checking message <E1IP2ng-0002eI-Eg@wear.readytogo.net> for libraifa:32006
Aug 25 22:04:20 awt spamd[5164]: spamd: clean message (-2.6/2.5) for libraifa:32006 in 7.6 seconds, 1827 bytes.
Aug 25 22:04:20 awt spamd[5164]: spamd: result: . -2 - AWL,BAYES_00 scantime=7.6,size=1827,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=48176,mid=<E1IP2ng-0002eI-Eg@wear.readytogo.net>,bayes=0.000000,autolearn=ham
Aug 25 22:04:20 awt spamd[28500]: prefork: child states: II
Aug 25 22:09:29 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 49145
Aug 25 22:09:29 awt spamd[5164]: spamd: setuid to gbtravel succeeded
Aug 25 22:09:29 awt spamd[5164]: spamd: checking message <putcgcbfbhamfer@fruitpads.com> for gbtravel:32017
Aug 25 22:09:39 awt spamd[5164]: spamd: identified spam (12.6/5.0) for gbtravel:32017 in 10.2 seconds, 5003 bytes.
Aug 25 22:09:39 awt spamd[5164]: spamd: result: Y 12 - BAYES_99,HTML_IMAGE_ONLY_32,HTML_MESSAGE,LOCALPART_IN_SUBJECT,MSGID_SPAM_LETTERS,SPF_PASS,TVD_RATWARE_MSGID_02,URIBL_BLACK,URI_NOVOWEL scantime=10.2,size=5003,user=gbtravel,uid=32017,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=49145,mid=<putcgcbfbhamfer@fruitpads.com>,bayes=1.000000,autolearn=no
Aug 25 22:09:39 awt spamd[28500]: prefork: child states: II
Aug 25 22:10:06 awt pop3d: LOGIN, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86]
Aug 25 22:10:07 awt pop3d: LOGOUT, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86], top=0, retr=0, rcvd=12, sent=39, time=1
Aug 25 22:11:27 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 49520
Aug 25 22:11:27 awt spamd[5164]: spamd: setuid to libraifa succeeded
Aug 25 22:11:27 awt spamd[5164]: spamd: checking message <000601c7e75c$894ed180$0100007f@fpviosw> for libraifa:32006
Aug 25 22:11:36 awt spamd[5164]: spamd: identified spam (16.3/2.5) for libraifa:32006 in 8.5 seconds, 19328 bytes.
Aug 25 22:11:36 awt spamd[5164]: spamd: result: Y 16 - BAYES_60,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,SHORT_HELO_AND_INLINE_IMAGE,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=8.5,size=19328,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=49520,mid=<000601c7e75c$894ed180$0100007f@fpviosw>,bayes=0.726583,autolearn=spam
Aug 25 22:11:36 awt spamd[28500]: prefork: child states: II
Aug 25 22:16:17 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 50217
Aug 25 22:16:17 awt spamd[5164]: spamd: setuid to sr8 succeeded
Aug 25 22:16:17 awt spamd[5164]: spamd: checking message <984907979.55364767348457@utsc.utoronto.ca> for sr8:32004
Aug 25 22:16:26 awt spamd[5164]: spamd: identified spam (12.9/5.0) for sr8:32004 in 9.3 seconds, 9431 bytes.
Aug 25 22:16:26 awt spamd[5164]: spamd: result: Y 12 - DATE_IN_FUTURE_03_06,FH_HELO_EQ_D_D_D_D,FUZZY_CREDIT,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,HTML_OBFUSCATE_10_20,MIME_HTML_ONLY,RCVD_IN_PBL,RDNS_DYNAMIC,TVD_RCVD_IP scantime=9.3,size=9431,user=sr8,uid=32004,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50217,mid=<984907979.55364767348457@utsc.utoronto.ca>,autolearn=spam
Aug 25 22:16:26 awt spamd[28500]: prefork: child states: II
Aug 25 22:19:29 awt pop3d: LOGIN, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86]
Aug 25 22:19:29 awt pop3d: LOGOUT, user=andrew@myhomeonthe.net, ip=[::ffff:212.159.101.86], top=0, retr=0, rcvd=12, sent=39, time=0
Aug 25 22:20:33 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 51016
Aug 25 22:20:33 awt spamd[5164]: spamd: setuid to thegran succeeded
Aug 25 22:20:33 awt spamd[5164]: spamd: checking message <21ecc01c7e75d$bbd32420$2f01a8c0@windowsa607f1d> for thegran:32010
Aug 25 22:20:41 awt spamd[5164]: spamd: identified spam (17.5/5.0) for thegran:32010 in 8.1 seconds, 1174 bytes.
Aug 25 22:20:41 awt spamd[5164]: spamd: result: Y 17 - BAYES_99,DATE_IN_PAST_06_12,FH_HOST_EQ_VERIZON_P,FORGED_MUA_OUTLOOK,INVALID_MSGID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,STOX_REPLY_TYPE,URIBL_RED,URIBL_RHS_DOB scantime=8.1,size=1174,user=thegran,uid=32010,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=51016,mid=<21ecc01c7e75d$bbd32420$2f01a8c0@windowsa607f1d>,bayes=0.999360,autolearn=spam
Aug 25 22:20:41 awt spamd[28500]: prefork: child states: II
Aug 25 22:26:21 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 51946
Aug 25 22:26:21 awt spamd[5164]: spamd: setuid to gbtravel succeeded
Aug 25 22:26:21 awt spamd[5164]: spamd: checking message <264166.236793146.1188032962@ourfirststep.net> for gbtravel:32017
Aug 25 22:26:30 awt spamd[5164]: spamd: identified spam (7.1/5.0) for gbtravel:32017 in 9.2 seconds, 6091 bytes.
Aug 25 22:26:30 awt spamd[5164]: spamd: result: Y 7 - AWL,BAYES_50,HTML_IMAGE_RATIO_04,HTML_MESSAGE,HTML_TAG_BALANCE_HEAD,MPART_ALT_DIFF,SPF_PASS,URIBL_BLACK,URIBL_JP_SURBL scantime=9.2,size=6091,user=gbtravel,uid=32017,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=51946,mid=<264166.236793146.1188032962@ourfirststep.net>,bayes=0.592462,autolearn=no
Aug 25 22:26:30 awt spamd[28500]: prefork: child states: II
Aug 25 22:34:09 awt pop3d: LOGIN, user=mike@camberleydrivingschool.co.uk, ip=[::ffff:86.13.153.74]
Aug 25 22:34:10 awt pop3d: LOGOUT, user=mike@camberleydrivingschool.co.uk, ip=[::ffff:86.13.153.74], top=0, retr=2252, rcvd=50, sent=2521, time=1
Aug 25 22:51:28 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 55911
Aug 25 22:51:28 awt spamd[5164]: spamd: setuid to libraifa succeeded
Aug 25 22:51:28 awt spamd[5164]: spamd: checking message <3235985408.20070825170556@qmuqybrxw> for libraifa:32006
Aug 25 22:51:35 awt spamd[5164]: spamd: identified spam (9.8/2.5) for libraifa:32006 in 7.2 seconds, 836 bytes.
Aug 25 22:51:35 awt spamd[5164]: spamd: result: Y 9 - BAYES_99,RDNS_NONE,SPF_HELO_NEUTRAL,SPF_NEUTRAL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL scantime=7.2,size=836,user=libraifa,uid=32006,required_score=2.5,rhost=localhost,raddr=127.0.0.1,rport=55911,mid=<3235985408.20070825170556@qmuqybrxw>,bayes=1.000000,autolearn=no
Aug 25 22:51:35 awt spamd[28500]: prefork: child states: II
Aug 25 22:54:30 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 56343
Aug 25 22:54:30 awt spamd[5164]: spamd: setuid to sr8 succeeded
Aug 25 22:54:30 awt spamd[5164]: spamd: checking message <8678967196.190217665470@yahoo.com> for sr8:32004
Aug 25 22:54:37 awt spamd[5164]: spamd: identified spam (14.0/5.0) for sr8:32004 in 6.9 seconds, 847 bytes.
Aug 25 22:54:37 awt spamd[5164]: spamd: result: Y 14 - FORGED_YAHOO_RCVD,RCVD_IN_PBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,REPTO_QUOTE_YAHOO,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL scantime=6.9,size=847,user=sr8,uid=32004,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=56343,mid=<8678967196.190217665470@yahoo.com>,autolearn=spam
Aug 25 22:54:37 awt spamd[28500]: prefork: child states: II
Aug 25 22:57:06 awt spamd[5164]: spamd: connection from localhost [127.0.0.1] at port 56732
Aug 25 22:57:06 awt spamd[5164]: spamd: setuid to thegran succeeded
Aug 25 22:57:06 awt spamd[5164]: spamd: checking message <1IP4?n-000NOC-YL@pool-72-82-6-40.prvdri.east.verizon.net> for thegran:32010
Aug 25 22:57:14 awt spamd[5164]: spamd: identified spam (13.8/5.0) for thegran:32010 in 8.3 seconds, 1185 bytes.

View 2 Replies View Related

Shared Hosting - Blacklisting

Jun 3, 2008

Let's say you are on a shared hosting plan. The server that is being used for your plan becomes blacklisted because of the activity of some other person using the same server as you.

What becomes of your websites? Will reputable hosting companies quickly move your data and sites to another server? I am just wondering because I am about to buy a shared hosting plan, and I see that as being a big downside to shared hosting.

View 8 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved