SORBS Blacklist

[NoDoze]

Our email server is on XX.X.56.182
Our domain/primary DNS is on XX.X.56.162

The IP XX.X.56.162 has been blacklisted by SORBS for being a dyanmic IP, even though it's a static IP.

Now clients that use SORBS are unable to send/recieve emails to us.

The bounce backs say:
This message has been block because it is from a black ip XX.X.56.162

I've tried de-listing via SORBS, the robot reply says it'll de-list XX.X.56.162, but nothing has changed for over 2 months now....

This is costing us business, and the wolves are breathing down my back to get it fixed ASAP.

What are my options?

[psgandalf]

I would say it's up to your ISP to fix this. If they don't do it use a ISP that doesn't have blacklisted ip:s

[y@w]

Right from the SORBS website, they say only the ISP has power over this unless you have rDNS setup.

Quote:

From time to time the DUHL will need to be modified as ISP networks are changed. ISPs are invited to send changes to their address ranges listed.

Quote:

Anyone else may request delisting of addresses or netblocks provided that reverse DNS naming is set to indicate static assignment. SORBS will consider unique names that are not part of a generic naming scheme, or a generic naming scheme with an indication of staticness (we prefer the word "static" being included in the names, but will accept any existing ISP convention if the ISP just informs us of it) as proof of static assignment. Also, the Times to Live of the PTR records need to be 43200 seconds or more. This is an arbitrary limit chosen by SORBS. And of course, the reverse DNS names need to be valid; i.e. the names given in reverse DNS need to map forward to the IP addresses for which they were given.

Taken from: SORBS Dynamic User/Host List FAQ

[NoDoze]

I've been trying to contact XO our ISP....but with no luck, haven't heard back yet.

Any temporary workaround?

[y@w]

There are lots of mail relay services that you could sign up for and use as a temporary fix.

Something like Outgoing SMTP Authentication - Zimbra :: Wiki

[NoDoze]

Hmmmm...ok.
I poked around a bit...

I did a nslookup...
XX.X.56.182 - email.server.com
XX.X.56.180 - dns.server.com
XX.X.56.162 - TIMED OUT

Now when the emails bounce back...they say XX.X.56.162 is blacklisted dispite the email server being on XX.X.56.182...

Why is it saying XX.X.56.162....?
The domain and name servers are on XX.X.56.180
And the email server is on XX.X.56.182

The nslookup is saying the rDNS is failing on XX.X.56.162...
But why does XX.X.56.162 even matter!?!

(ok got tired typing the XX.X...LOL)

Is there a way to redirect 162 to 182 or 180?
Or is it possible to create a PTR for 162 with the same domains as the DNS and mail server?

So odd...can someone explain this to me...?

[y@w]

It's likely that your server is making outbound connections from that IP. Are you behind a NAT?

[ewilen]

It might help to post the actual IP addresses so that others can analyze directly. I'm not sure what security issues you might have, and those might certainly be valid, but by not sharing this information you're making it harder for others to help you.

Aside from that I'd suggest sending email to gmail several times and making sure that it isn't coming from .162.

[NoDoze]

I emailed the IPs to y@w....

I think the emails are coming out of 162 cause that's the IP that got banned and the IP listed in bounce backs...

yes, behind a NAT....it's the firewall that's on 162....

[y@w]

Yeah, logs on my end show them coming from .162.

I used the sorbs.org checker and it shows your .182 IP as:

Quote:

Listed as an exception and therefore NOT blocked.

It also looks like rDNS is setup for that IP.

I'm assuming then that you're behind a NAT.. Depending upon the brand/model, you should be able to just add an SNAT rule (terminology can change) for traffic from your mail server to be coming from that IP.