Re: SORBS

List Mail User Fri, 25 Nov 2005 14:57:34 -0800

>...
>It seems they have taken leave of their database. The Earthlink mailers
>have somehow gotten listed in their DUL listings. They are quite positively
>not DUL based. If SORBS can get this screwed up I'd suggest lowering their
>scores in the rules files.
>===8<---
>[EMAIL PROTECTED] ~]$ dig 209.93.86.209.dnsbl.sorbs.net
>
>; <<>> DiG 9.3.1 <<>> 209.93.86.209.dnsbl.sorbs.net
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48703
>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 10
>
>;; QUESTION SECTION:
>;209.93.86.209.dnsbl.sorbs.net. IN      A
>
>;; ANSWER SECTION:
>209.93.86.209.dnsbl.sorbs.net. 3133 IN  A       127.0.0.10
>
>...
>;; Query time: 2 msec
>;; SERVER: 127.0.0.1#53(127.0.0.1)
>;; WHEN: Fri Nov 25 14:01:27 2005
>;; MSG SIZE  rcvd: 472
>
>[EMAIL PROTECTED] ~]$ host 209.86.93.209
>209.93.86.209.in-addr.arpa domain name pointer pop08.earthlink.net.
>[EMAIL PROTECTED] ~]$
>===8<---
>
>Idiots!
>{^_-}


        Actually, it seems to be at least part Earthlink's fault;  SORBS
(properly) assumes that a very low TTL means the IP can and is intended to
change relatively often, and Earthlink is now using a 1/2 hour TTL for these
servers.

% dig pop08.earthlink.net any @itchy.earthlink.net

; <<>> DiG 9.3.0 <<>> pop08.earthlink.net any @itchy.earthlink.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13978
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;pop08.earthlink.net.           IN      ANY

;; ANSWER SECTION:
pop08.earthlink.net.    1800    IN      A       209.86.93.209

;; AUTHORITY SECTION:
earthlink.net.          1800    IN      NS      itchy.earthlink.net.
earthlink.net.          1800    IN      NS      scratchy.earthlink.net.

;; ADDITIONAL SECTION:
itchy.earthlink.net.    1800    IN      A       207.69.188.196
scratchy.earthlink.net. 1800    IN      A       207.69.188.197

;; Query time: 27 msec
;; SERVER: 207.69.188.196#53(itchy.earthlink.net)
;; WHEN: Fri Nov 25 14:46:19 2005
;; MSG SIZE  rcvd: 128

        So there is at least some idiocy at both ends.  Why should a static
mail server need a 1/2 hour TTL?  Try asking Earthlink.  SORBS will list any
host with a TTL of less than 1/2 *day* as dynamic (seems reasonable to me,
but I don't make the rules).  See the FAQ and note the reuirement for a TTL
"of at least 43200 seconds".

        http://www.us.sorbs.net/faq/dul.shtml

        Paul Shupak
        [EMAIL PROTECTED]

Re: SORBS

Reply via email to