From: "List Mail User" <[EMAIL PROTECTED]>
>...
It seems they have taken leave of their database. The Earthlink mailers
have somehow gotten listed in their DUL listings. They are quite positively
not DUL based. If SORBS can get this screwed up I'd suggest lowering their
scores in the rules files.
===8<---
[EMAIL PROTECTED] ~]$ dig 209.93.86.209.dnsbl.sorbs.net
; <<>> DiG 9.3.1 <<>> 209.93.86.209.dnsbl.sorbs.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48703
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 10
;; QUESTION SECTION:
;209.93.86.209.dnsbl.sorbs.net. IN A
;; ANSWER SECTION:
209.93.86.209.dnsbl.sorbs.net. 3133 IN A 127.0.0.10
...
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Nov 25 14:01:27 2005
;; MSG SIZE rcvd: 472
[EMAIL PROTECTED] ~]$ host 209.86.93.209
209.93.86.209.in-addr.arpa domain name pointer pop08.earthlink.net.
[EMAIL PROTECTED] ~]$
===8<---
Idiots!
{^_-}
Actually, it seems to be at least part Earthlink's fault; SORBS
(properly) assumes that a very low TTL means the IP can and is intended to
change relatively often, and Earthlink is now using a 1/2 hour TTL for these
servers.
No, that is an improper assumption. They are using this as a means of
randomizing access to the dozen or so mail servers for earthlink.net.
They do this for all their mail servers for many different networks
that have come to be owned by Earthlink/Mindspring. This helps distribute
the load on their mail servers in spite of the cheap trick Outlook
Express uses of cacheing the IP address rather than performing a lookup
every time.
% dig pop08.earthlink.net any @itchy.earthlink.net
; <<>> DiG 9.3.0 <<>> pop08.earthlink.net any @itchy.earthlink.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13978
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;pop08.earthlink.net. IN ANY
;; ANSWER SECTION:
pop08.earthlink.net. 1800 IN A 209.86.93.209
;; AUTHORITY SECTION:
earthlink.net. 1800 IN NS itchy.earthlink.net.
earthlink.net. 1800 IN NS scratchy.earthlink.net.
;; ADDITIONAL SECTION:
itchy.earthlink.net. 1800 IN A 207.69.188.196
scratchy.earthlink.net. 1800 IN A 207.69.188.197
;; Query time: 27 msec
;; SERVER: 207.69.188.196#53(itchy.earthlink.net)
;; WHEN: Fri Nov 25 14:46:19 2005
;; MSG SIZE rcvd: 128
So there is at least some idiocy at both ends. Why should a static
mail server need a 1/2 hour TTL? Try asking Earthlink. SORBS will list any
host with a TTL of less than 1/2 *day* as dynamic (seems reasonable to me,
but I don't make the rules). See the FAQ and note the reuirement for a TTL
"of at least 43200 seconds".
http://www.us.sorbs.net/faq/dul.shtml
How about making sure the access to their mail servers is not all
directed to one address? They rather repeatedly get individual mail
servers that overload. Or if a mail server goes down it assures DNS
cached results do not hang around forever. If the DNS cache built
into aberrant email programs is told to flush every half hour they
get slightly fewer customer problem reports. (The problem goes away
of itself in a half an hour.) They MUST work with the deranged
Microsoft products and other products that exhibit this behavior.
So they try to defend against the customer support overload these
products cause.
Their DUL test is based on rather a rather arrogant (fits with their
web site attitude) and stupid test and assumption heavy on the first
three letters of assumption.
I tried to send a poor dweeb on the FC4 list a heads up about SpamAssassin
not being a computer security tool. He'd configured to block based on
SORBS DUL. So, he loses. I face no loss about it. So I am amused at
SORBS' sudden lapse of careful thought processes.
{^_^}
