SORBS wrongly listing New Zealand IP space

, posted: 2-May-2006 13:51

I tried to respond to an email from the Geekzone Master himself this morning, but it bounced back as undeliverable with this error message (various details removed to protect the innocent):
SMTP error from remote mail server after RCPT TO::
host []: 554 Service unavailable; Client host []
blocked using; Dynamic IP Addresses See:

Well, that sucks but DNS black lists are not infallible. So I had a look around the site, to see if there was a way to contact the SORBS operators. There's this rather patronising page, but I'm not going to jump through silly hoops like that.

And no, my network isn't in dial-up or dynamic address space either.

ICONZ is being unhelpful as well, and not responding to messages sent to postmaster@. Luckily, ICONZ isn't using SORBS for IDG as far as I can tell, otherwise I wouldn't have been able to send any messages there.

It gets worse though. Craig Humphreys wrote on the NZ Network Operators' Group mailing list that:

A large Telecom subnet has been black listed by sorbs (listed as dynamic e.g. dial-up/dsl/etc), this happens to include some/all of their mail servers as well as many customers (like the organisation I work for).
I understand that it's currently being worked on by Global Gateway (APNIC entry for subnet).

This has caused major disruptions to us and many other Telecom customers (to say nothing of Telecom themselves).

That message got the attention of Matthew Sullivan who runs SORBS. He responded on the NZNOG list that:

A number of announcements have been made by SORBS in various locations - there is an issue with slow database updates currently and this has caused a delay between listing of subnets in the DUHL and the inclusion of the exclusions for the static addresses in the same subnet.

Unfortunately I cannot stop the and restart process or it will make the problem worse for affected users in the 207.x, 208.x, and 210.x ranges. It should clear within the next 24 hours (looking to be around 6-12 hours based on the current timing), previously the maximum delay has been 30 minutes.

The problem has been identified, code has been written, and will not be an issue in the future.

In other words, be damn careful which DNSbl you use, especially if you use it to block messages and not just to score them with something like Spam Assassin.


Other related posts:
Video: Kim Dotcom and Mathias Ortman at the IITP Mega breakfast
Two-factor authentication broken
The problem with naming and shaming

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.