OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: DNS RBL error

From: donovan jeffrey j (donovanbeth.k12.pa.us)
Date: Mon Apr 19 2010 - 11:52:08 CDT

On Apr 19, 2010, at 12:36 PM, /dev/rob0 wrote:

> On Mon, Apr 19, 2010 at 08:31:19AM -0400, donovan jeffrey j wrote:
>> abuseat.org is working fine. I'm only having trouble with zen.
>> Apr 19 08:29:12 mail2 postfix/smtpd[21642]: NOQUEUE: reject: RCPT
>> from unknown[117.201.68.108]: 554 Service unavailable; Client host
>> [117.201.68.108] blocked using cbl.abuseat.org; Blocked - see
>> http://cbl.abuseat.org/lookup.cgi?ip=117.201.68.108;
>> from=<duserbeth.k12.pa.us> to=<duserbeth.k12.pa.us> proto=ESMTP
>
> Whilst it appears that the DNS problem has been sorted, I'm going to
> suggest a different approach to this one.
>
>> helo=<[117.201.69.50]>
>>
>> any ideas ?
>
> The bracketed IP address is a valid HELO, commonly seen from your
> authenticating clients. There is no reason why a real MTA should be
> using such a HELO. I block these with a pcre: map.
>
> !/[[:alpha:]]/ 502 5.5.4
> We find that all-numeric EHLO/HELO greetings are usually
> spam. If not, please ask your postmaster to correct the
> server's EHLO/HELO greeting.
> !/\./ 502 5.5.4
> We find that non-qualified EHLO/HELO greetings are usually
> spam. If not, please ask your postmaster to correct the
> server's EHLO/HELO greeting.
>
> This would fall under the first condition, "a helo which contains no
> alpha characters." The second condition is my own reimplementation of
> Postfix's built-in reject_non_fqdn_helo_hostname restriction.
>
> Obviously these MUST NOT be applied to authenticating users, same as
> with Zen. Precede this lookup with your permit_* restrictions for
> relaying users (and move submission off of port 25, if applicable.)
> --
> Offlist mail to this address is discarded unless
> "/dev/rob0" or "not-spam" is in Subject: header
>

thanks rob, I will chew on this for weeks Im sure. right now im trying to figure out why my dns server won't speak to spamhaus.
-- oh wait.,

by the time i typed this email. i got an authoritative answer;

dns:~ root# nslookup 2.0.0.127.zen.spamhaus.org
Server: 209.96.96.2
Address: 209.96.96.2#53

Non-authoritative answer:
Name: 2.0.0.127.zen.spamhaus.org
Address: 127.0.0.2
Name: 2.0.0.127.zen.spamhaus.org
Address: 127.0.0.4
Name: 2.0.0.127.zen.spamhaus.org
Address: 127.0.0.10

i removed the rbl from main.cf and kicked postfix. now dns can at least query????. I don't know what was up with that.
do i dare put it back now? some strange foo.
-j