Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-04-24, 00:48:35
« previous next »
Pages: [1]   Go Down

Author Topic: Spamdyke RBL working?  (Read 2505 times)

0 Members and 1 Guest are viewing this topic.

Offline fossxplorer

  • Master
  • **
  • Posts: 640
  • Karma: +1/-0
    • View Profile
Spamdyke RBL working?
« on: 2014-09-07, 00:03:07 »
Can anyone confirm if Spamdyke's RBL blocking works at all?
I've the following RBL, but still i get SPAM from IPs listed e.g at spamhaus:

b.barracudacentral.org
bl.deadbeef.com
bl.emailbasura.org
bl.spamcannibal.org
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org
cdl.anti-spam.org.cn
combined.abuse.ch
combined.rbl.msrbl.net
db.wpbl.info
zen.spamhaus.org

@Musfata, i've been investigating a possible severe bug in Kloxo related to Spamdyke, but in which order is
checks for the following done:
 Reject Servers Without RDNS Names
 Reject Servers With IP Address In RDNS Names
 Reject Messages From Server Without MX Records
 Reject Servers With RDNS Names Not Resolving To IP

and

Space Separated DNS RBL Servers ?

Here is a line from the log: "Sep  7 10:40:53 mail smtp: 1410079253.603884 30286 > 421 Refused. You have no reverse DNS entry.? "
Does that mean that's checked first and if the sender MTA doesn't have a valid RDNS then DNS RBL checks are omitted?

Also, here is log from another IP in a DNS RBL, but for me  it seems it's going through?  12.133.41.130 is clearly a spam source and in many of the DNS RBLs.

Sep  7 10:55:57 mail smtp: 1410080157.600872 tcpserver: status: 1/10
Sep  7 10:55:57 mail smtp: 1410080157.601008 tcpserver: pid 30565 from 12.133.41.130
Sep  7 10:55:57 mail smtp: 1410080157.601110 tcpserver: ok 30565 mail.mydomain.com:111.111.111.111:25 :12.133.41.130::2820
Sep  7 10:55:57 mail smtp: 1410080157.867741 30565 > 220 mydomain.com - Welcome to Qmail ESMTP?
Sep  7 10:55:57 mail smtp: 1410080157.984045 30565 < EHLO User?
Sep  7 10:55:57 mail smtp: 1410080157.984238 30565 > 250-mydomain.com - Welcome to Qmail?
Sep  7 10:55:57 mail smtp: 1410080157.984282 30565 > 250-STARTTLS?
Sep  7 10:55:57 mail smtp: 1410080157.984310 30565 > 250-PIPELINING?
Sep  7 10:55:57 mail smtp: 1410080157.984334 30565 > 250-8BITMIME?
Sep  7 10:55:57 mail smtp: 1410080157.984357 30565 > 250-SIZE 20971520?
Sep  7 10:55:57 mail smtp: 1410080157.984384 30565 > 250 AUTH LOGIN PLAIN CRAM-MD5?
Sep  7 10:55:58 mail smtp: 1410080158.100688 30565 < AUTH LOGIN?
Sep  7 10:55:58 mail smtp: 1410080158.100877 30565 > 334 VXNlcm5hbWU6?
Sep  7 10:55:58 mail smtp: 1410080158.217273 30565 < [EOF]
Sep  7 10:55:58 mail smtp: 1410080158.218264 30565 > [EOF]
Sep  7 10:55:58 mail smtp: 1410080158.218547 tcpserver: end 30565 status 0
Sep  7 10:55:58 mail smtp: 1410080158.218587 tcpserver: status: 0/10
Sep  7 10:56:52 mail smtp: 1410080212.071432 tcpserver: status: 1/10



I'll post my finding about the possible bug in a new thread!


« Last Edit: 2014-09-07, 11:02:09 by fossxplorer (formerly 'Mella') »
Logged
Kloxo-MR!
Pages: [1]   Go Up
« previous next »
 


Top 10 Social Networking:    Facebook    Twitter    LinkedIn    Pinterest    Google Plus    Tumblr    Instagram    VK    Flickr    Vine
Click Here

Page created in 0.03 seconds with 21 queries.

web stats analysis