This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--0-707226928-1414896199=:75122
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: 8BIT
Content-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday, 01 November 2014 19:44 -0400,
in article ,
Virus Guy wrote:
[...]
> Again, from spamhaus:
> ------------------
> http://www.spamhaus.org/query/bl?ip 9.206.237.36
> 209.206.237.36 is not listed in the SBL
> 209.206.237.36 is not listed in the PBL
> 209.206.237.36 is listed in the XBL, because it appears in: CBL
> At 3 pm EST - It was last detected at 2014-11-01 08:00 GMT (+/- 30
> minutes), approximately 11 hours ago.
> -------------------
> As I compose this, 11 hours ago was 4 am EST, Nov 1. That IP
> contacted my server at 9:40 pm EST, Oct 31.
> So it's not clear if it would have been listed by the CBL at the time it
> hit my server. We know that it's not listed at spamhaus - even now.
Very little is clear to you.
The only way you can determine whether a sending IP is listed in any
DNSbl, when you first see it, is to check the DNSbl, when the
connection occurs. It's your choice not to do so, but don't go
jumping to conclusions based on your assumptions. These seem to lead
you to err.
If a connecting host is listed in the Spamhaus ZEN zone, which
combines the SBL, SBL/CSS, XBL and PBL zones, it should be sufficient
reason to drop the connection prior to SMTP negotiation. Return codes
one might expect to see from zen.spamhaus.org would include 127.0.0.2
(SBL), 127.0.0.3 (CSS), 127.0.0.4 (XBL), 127.0.0.10 (PBL) or
127.0.0.11 (PBL).
So far as your assertion, "We know that it's not listed at spamhaus -
even now," you've already shown that 209.206.237.36 is listed in the
Spamhaus XBL zone. It's on the XBL, because it's listed at
cbl.abuseat.org. Seriously, WTF is your major malfunction?
The CBL only shows when an IP address was last seen, ±30 minutes. You
and I have been though this before.
209.206.237.36 209-206-237-36.stat.centurytel.net : cbl.abuseat.org :
BLOCKED (127.0.0.2)
Blocked - see http://cbl.abuseat.org/lookup.cgi?ip 9.206.237.36
209.206.237.36 209-206-237-36.stat.centurytel.net : xbl.spamhaus.org
: BLOCKED (127.0.0.4)
http://www.spamhaus.org/query/bl?ip 9.206.237.36
209.206.237.36 209-206-237-36.stat.centurytel.net :
dnsbl-1.uceprotect.net : BLOCKED (127.0.0.2)
IP 209.206.237.36 is UCEPROTECT-Level 1 listed. See
http://www.uceprotect.net/rblcheck.php?ipr 9.206.237.36
$ dig +short 36.237.206.209.cbl.abuseat.org
127.0.0.2
$ dig +short 36.237.206.209.zen.spamhaus.org
127.0.0.4
$ dig +short 36.237.206.209.xbl.spamhaus.org
127.0.0.4
$ dig +short 36.237.206.209.dnsbl-1.uceprotect.net
127.0.0.2
HTH.
- --
David Ritz
Be kind to animals; kiss a shark.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0
iEYEARECAAYFAlRVmoEACgkQUrwpmRoS3utjSgCgskIsnHVr+IMvScCc7h+v8V+b
cXMAn1tMApIdFo9xpQqXgFQfYQu9cpGa
=nEUq
-----END PGP SIGNATURE-----
--0-707226928-1414896199=:75122--
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|