Re: Can anyone help me? surbl.org FP problems? - SpamAssassin
This is a discussion on Re: Can anyone help me? surbl.org FP problems? - SpamAssassin ; What should dig return? I too have Verizon fios. If /etc/resolve.conf
contains their DNS servers I get similar dig results as you. If I change
it to DNS servers I trust I get:
$ dig techweb.com.multi.surbl.org
; > DiG 9.2.4 ...
-
Re: Can anyone help me? surbl.org FP problems?
What should dig return? I too have Verizon fios. If /etc/resolve.conf
contains their DNS servers I get similar dig results as you. If I change
it to DNS servers I trust I get:
$ dig techweb.com.multi.surbl.org
; <<>> DiG 9.2.4 <<>> techweb.com.multi.surbl.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11053
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;techweb.com.multi.surbl.org. IN A
;; AUTHORITY SECTION:
multi.surbl.org. 900 IN SOA dev.null.
zone.surbl.org. 120181
4821 900 900 604800 900
;; Query time: 40 msec
;; SERVER: 165.176.32.3#53(165.176.32.3)
;; WHEN: Thu Jan 31 16:41:38 2008
;; MSG SIZE rcvd: 94
Is this a correct response from dig? If so, changing the DNS servers in
/etc/resolve.conf does not fix my problem. The techweb.com email is
still reported on the blocklists. I have also tried dig from two other
email servers I control. They both have different DNS servers in
/etc/resolve.conf and different ISPs. Both return similar dig results to
what I pasted above and the techweb.com email gets the same results.
Matt Kettler wrote:
> David Zinder wrote:
>> Thank you for the response and suggestions.
>>
>> Yes - lists.surbl.org - I was using the link Contacts->mailing lists
>> from www.surbl.org
>>
>> If I understand the request for more info... It seems to get caught
>> by all the lists. Here is an example from an email this morning. I'm
>> not sure how to munge, but I think this is what you requested.
>>
>> Content analysis details: (5.2 points, 5.0 required)
>>
>> pts rule name description
>> ---- ----------------------
>> --------------------------------------------------
>> 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
>> blocklist
>> [URIs: techweb.com]
>
>
> Well, that's really odd. It's *VERY* unusual for a domain to be in
> every surbl and uribl list.
>
> Checking using uribl.com's multi-checker, they've got techweb
> whitelisted. They also show surbl as not listing the domain (but they
> can't see surbl's whitelists).
>
> However, locally I get some *VERY* strange results:
>
> $dig techweb.com.multi.surbl.org
>
>
> ;; ANSWER SECTION:
> techweb.com.multi.surbl.org. 0 IN A 63.251.179.13
> techweb.com.multi.surbl.org. 0 IN A 66.150.2.134
> techweb.com.multi.surbl.org. 0 IN A 8.15.7.117
> techweb.com.multi.surbl.org. 0 IN A 66.150.2.134
> None of which are appropriate answers for multi.surbl.org.
>
> I get the same results for URIBL.com:
>
> These were sent via the built-in DNS in my verizon fios router.. but
> that's really odd.. Perhaps Verizon is screwing up their DNS?
>
> Ahh, yes they are:
>
> http://www.freedom-to-tinker.com/?p=1227
>
> Connecting to those IP's, they're redirects to
> "verizonsearch.infospace.com", so Verizon is actively engaging in
> hijacking failed DNS lookups..
>
> When I use the local named on my Linux box, which doesn't forward to
> the fios router but does the full recursive lookup all on its own, I
> get a correct no-answer.
>
> You might want to try running that dig and see what answers you get
> back. If you're not running your own DNS, you might want to yell at
> your isp..
>
>
>
>
>
