develooper Front page | perl.qpsmtpd | Postings from March 2006

dnsbl or spamhaus occassionally blocks wrong IP

Thread Next
From:
Peter J. Holzer
Date:
March 14, 2006 11:04
Subject:
dnsbl or spamhaus occassionally blocks wrong IP
Message ID:
20060314190403.GC19939@teal.hjp.at
Yesterday I got a bounce because one of my servers was listed with
spamhaus. 

Except that it wasn't. The IP address in the error message was
completely different. Grepping back through my logs I found 4 more mails
in the last three months which were rejected where the IP-Address in the
error message doesn't match the IP address of the connection.

Now, 5 false positives for 1.5 million connections (113000 of which were
rejected because of a listing in spamhaus) doesn't sound that bad, but
I'm worried because I have no idea how that could have happened. Some
wild hypotheses:

* Sometimes forkserver gets confused when handling several parallel
  connections and sets the wrong remote_ip. I don't see how this can
  happen. Also, other messages from the same connection contain
  the correct IP, so that doesn't seem to be the case.

* dnsbl sometimes gets a response to a query sent by a different
  forkserver child. I guess it would be possible that two forkserver
  processes running after each other get the same UDP port and the
  second gets a reply packet intended for the first. However, I would
  expect that Net::DNS checks whether an answer matches the query it
  sent ...

* Sometimes spamhaus looks up the wrong record. Doesn't seem very likely
  either.

So, I'm kind of stumped. 

	hp

-- 
   _  | Peter J. Holzer    | Ich sehe nun ein, dass Computer wenig
|_|_) | Sysadmin WSR       | geeignet sind, um sich was zu merken.
| |   | hjp@hjp.at         |
__/   | http://www.hjp.at/ |	-- Holger Lembke in dan-am

Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About