(OT) Mail got blocked because of SORBS/DYNABLOCK

Ed Wilts ewilts at ewilts.org
Thu Apr 1 02:06:58 UTC 2004 

On Wed, Mar 31, 2004 at 03:39:08PM -0500, Reuben D. Budiardja wrote:
> 
> Sorry if this is a little bit OT, but I know some people is knowledgeable 
> about this.

Guilty :-)
 
> But when I check the originating IP of this user (he uses his own ISP) here:
> http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?js&IP=
> 
> I found entry in the "Dynamic IP Space " section. Looks like his ISP, or even 
> his IP block is in the list of SORBS.
> And this
> http://mail-abuse.org/cgi-bin/lookup
> 
> shows his originating IP in the DUL list (whatever that is).

DUL = Dialup User List

Basically what is happening is that the SMTP server is using a
dynamically assigned IP address.  Every SMTP server has the option of
checking the list of dynamically assigned addresses to accept or deny
that particular transaction.  Many major ISPs now check this list for
incoming e-mail.  They also notify the collectors of changes in this
address space.  Naturally, they will check this for incoming e-mail, but
not originating e-mail which they expect to come from their own
subscribers with dynamic addresses.

By checking this list, you have the potentially to block a *LOT* of
spam.  Infected systems on a cable modem have been measured to send 1
million or more e-mails per day.  Personally, I have an SMTP server
running and I block e-mail from dynamic addresses even though I'm on a
dynamic address myself.  

The workaround for the end user is to forward all e-mail to the ISP.  In
sendmail, that's known as a smart host, like this:
# grep [ewilts at p6000 ewilts]$ grep -i smart /etc/mail/sendmail.mc
define(`SMART_HOST',`smtp:smtp.comcast.net')dnl

smtp.comcast.net does nice things like throttle large amounts of e-mail.
It normally has absolutely no impact unless I blast stuff out to a
mailing list, in which case it slows the e-mails down by blocking new
e-mails from me for a while and then accepting them again.  sendmail
handles that transparently.  The advantage to me is I feel a bit more
protected about people using comcast to blast spam out.  I wouldn't feel
offended at all if comcast blocked me getting out directly via port 25
and forced us all comcast users to use their mail servers.  Every little
bit ISPs can do to reduce spam woud help.

-- 
Ed Wilts, Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program

More information about the redhat-list mailing list