The policy was implemented in March 2021 over a year ago.

The 127.255.255.254 is the return code, not the IP queried.  From

https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now.


A reminder

As of March 2021, we will begin the implementation of the following return 
codes:
Return code     Meaning
127.255.255.252         Typing error in DNSBL Name
127.255.255.254         Query via public/open resolver/generic unattributable 
rDNS
127.255.255.255         Excessive Number of Queries

Ordinarily, you'd see a return code with 127.0.0.xxx for acceptable queries.

You mail server SHOULD NOT be treating unexpected IP value returns as being listed. Eg: your mail server should NOT be rejecting/penalizing email with a code of 127.255.255.254, and instead informing the operator it's getting weird things back.

Abruptly seeing these sorts of things now suggests to me that your DNS resolving configuration has been altered, or Spamhaus has identified another free-loading open resolver, and EITHER WAY your mail server is improperly parsing return codes.

Spamhaus blocks large scale open resolvers because very large providers with query volumes MUCH higher than the free limits and should be paying for the service, have found this to be a backdoor.

On 2022-05-13 14:36, Mark E. Jeftovic via mailop wrote:

We're seeing these for localhost netblock, which seems kinda odd...

Error: open resolver; https://www.spamhaus.org/returnc/pub/127.255.255.254

On 2022-05-13 12:32 PM, Jarland Donnell via mailop wrote:
I'm not sure if the rest of you are seeing the same, but I've seen a lot of errors like this lately:

554 Service unavailable; Client host [mail-108-mta215.mxroute.com] blocked by sbl-xbl.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/74.63.16.232

It seems that Spamhaus is cracking down on a certain type of activity and it has caught more than a few mail admins with their pants down. As you can see from the error, these mail servers are configured in such a way that they assume the connecting IP to be blacklisted when the error is in fact about that mail server's configuration and not the connecting IP. This may be a good time to check your own logs, if you are querying Spamhaus, just to be sure your house is in order.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
--
Mark E. Jeftovic <[email protected]>
Co-founder & CEO easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225

/"Never expect a thing you do not want,
and never desire a thing you do not expect."
-- Bob Proctor /

_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

Reply via email to