[BlueOnyx:03833] Re: YUM updates (2010-03-02)

Thu Mar 4 12:49:11 -05 2010

On Thu March 4 2010 11:17, Darrell D. Mobley wrote:
> > -----Original Message-----
> > From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
> > On Behalf Of Jeff Folk
> > Sent: Thursday, March 04, 2010 11:25 AM
> > To: BlueOnyx General Mailing List
> > Subject: [BlueOnyx:03823] Re: YUM updates (2010-03-02)
> >
> > I swear it is working on my BX box:
> >
> >        1 Mar  4 10:01:58 box1 sendmail[4232]: o24G1rox004232:
> > ruleset=check_rcpt, arg1=<xxx at qzoneinc.com>,
> > relay=honolulu.icycolddays.net [69.175.125.124], reject=550 5.7.1
> > <xxx at qzoneinc.com
> >
> >  >... Rejected: 69.175.125.124 listed at zen.spamhaus.org
> >
> >        1 Mar  4 10:04:42 box1 sendmail[4624]: o24G4XTs004624:
> > ruleset=check_rcpt, arg1=<xxx at qzoneinc.com>, relay=[213.154.13.9],
> > reject=550 5.7.1 <xxx at qzoneinc.com>... Rejected: 213.154.13.9 listed
> > at zen.spamhaus.org
> >        1 Mar  4 10:11:00 box1 sendmail[5431]: o24GB0DT005431:
> > ruleset=check_rcpt, arg1=<xxx at qzoneinc.com>, relay=[208.71.175.135],
> > reject=550 5.7.1 <xxx at qzoneinc.com>... Rejected: 208.71.175.135 listed
> > at zen.spamhaus.org
> >        1 Mar  4 10:12:45 box1 sendmail[5693]: o24GCiug005693:
> > ruleset=check_rcpt, arg1=<xxx at qzoneinc.com>,
> > relay=189-111-94-158.dsl.telesp.net.br [189.111.94.158] (may be
> > forged), reject=550 5.7.1 <xxx at qzoneinc.com>... Rejected:
> > 189.111.94.158 listed at zen.spamhaus.org
>
> The way Zen is supposed to work is you take the IP address, reverse it and
> ping Zen with the results.
>
> If you enter this manually, "ping 56.83.110.84.zen.spamhaus.org", you will
> probably see on your server this:
>
> [root at www ~]# ping 56.83.110.84.zen.spamhaus.org
> PING 56.83.110.84.zen.spamhaus.org (127.0.0.10) 56(84) bytes of data.
> 64 bytes from 127.0.0.10: icmp_seq=0 ttl=64 time=0.055 ms
> 64 bytes from 127.0.0.10: icmp_seq=1 ttl=64 time=0.043 ms
> 64 bytes from 127.0.0.10: icmp_seq=2 ttl=64 time=0.044 ms
>
> --- 56.83.110.84.zen.spamhaus.org ping statistics ---
> 3 packets transmitted, 3 received, 0% packet loss, time 2001ms
> rtt min/avg/max/mdev = 0.043/0.047/0.055/0.007 ms, pipe 2
> [root at www ~]#
>
>
> That .10 is a hit! If I enter that string in a DOS window, I see:
>
> C:\Users\Darrell Mobley>ping 56.83.110.84.zen.spamhaus.org
>
> Pinging 56.83.110.84.zen.spamhaus.org [127.0.0.10] with 32 bytes of data:
> Reply from 127.0.0.10: bytes=32 time<1ms TTL=128
> Reply from 127.0.0.10: bytes=32 time<1ms TTL=128
> Reply from 127.0.0.10: bytes=32 time<1ms TTL=128
> Reply from 127.0.0.10: bytes=32 time<1ms TTL=128
>
> Ping statistics for 127.0.0.10:
>     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
>     Minimum = 0ms, Maximum = 0ms, Average = 0ms
>
>
> If I enter this on my BX box, I see:
>
> [root at web1 mail]# ping 56.83.110.84.zen.spamhaus.org
> ping: unknown host 56.83.110.84.zen.spamhaus.org
> [root at web1 mail]#
>
>
> Something must be blocking the request going out, or it is a port issue, or
> routing, or something.  Anyone have any ideas where to look?
>

Interesting way to test....  The "ping" itself is actually invalid and it
is your localhost answering since the 127.0.0.X network is not "routable"
on the internet and I know of no ISP that would allow network 127.x.y.z
to traferse their net (I know I do not), but the item it does answer
is whether or not that reverse has an IP at spamhaus.org.
I actually use "host 56.83.110.84.zen.spamhaus.org"
> 56.83.110.84.zen.spamhaus.org has address 127.0.0.10

If you are not getting an answer, then you either have a routing problem;
DNS problem, or spamhaus believes you are hitting them with too many
queries and have "blocked" your IP from talking to their servers....

Try "host -t ns zen.spamhaus.org" from your server and see what it 
says, it should return a really long list of servers.  Then try:
> nslookup 56.83.110.84.zen.spamhaus.org f.ns.spamhaus.org
or something that you know is listed and see what the actual server
says.  (A "refused" code says you are being blocked by spamhaus)...
An answer says you have a DNS problem, a "no route" response or
timeout probably says you have a routing issue...

-- 
Larry Smith
lesmith at ecsis.net