Re: RBL list

Thu, 15 Nov 2001 10:53:03 -0800 

 From Charles L. Martin, received 15/11/01, 10:21 am -0800 (GMT):
>  Bill,
>
>  I don't understand this. Specifically, I don't understand "use a current
>  SIMS which can differentiate between return values and choose your
>  blocking that way."

In your IP Blacklist (SIMS > SMTP > Black List) you have a line that 
says "127.0.0.2 - 127.0.0.100" (or similar).

This is what tells SIMS to refuse the connection if the connecting 
machine's DNS lookup returns a value in that range.

When the spammer connects to you, SIMS sees this:

   mail.monsterhut.com. 3600    IN      A       64.80.217.101

and does a lookup at relays.osirusoft.com like this:

   101.217.80.64.relays.osirusoft.com

The answer comes back immediately like this:

101.217.80.64.relays.osirusoft.com.     43200   IN      TXT     "[1] 
MONSTERHUT, see http://spews.org/ask.cgi?S340";
101.217.80.64.relays.osirusoft.com.     43200   IN      TXT 
        "http://www.spamhaus.org/SBL/sbl.lasso?query=ROK1491";
101.217.80.64.relays.osirusoft.com.     43200   IN      TXT 
        "Monsterhut.com is recognized as a spamhaus by many sites. 
FTC Ref. No. 161194"
101.217.80.64.relays.osirusoft.com.     43200   IN      A       127.0.0.4
101.217.80.64.relays.osirusoft.com.     43200   IN      A       127.0.0.6

SIMS sees the return 127.0.0.4 (or 127.0.0.6) and since that is 
blacklisted in your local blacklist, SIMS will bounce the spam.

So, say you want to use relays.osirusoft.com, but you don't want to 
use the SPEWS part of relays.osirusoft.com, since SPEWS returns 
"127.0.0.4" you simply do not blacklist "127.0.0.4" in SIMS blacklist 
- therefore SIMS will ignore the SPEWS returns from 
relays.osirusoft.com.

If you have only "127.0.0.6" in your local blacklist then only SBL 
(spamhaus.relays.osirusoft.com) would be bounced, and so on.

-- 
   Steve Linford
   Ultradesign Xtreme Network
   http://www.uxn.com

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

Reply via email to