develooper Front page | perl.qpsmtpd | Postings from March 2006

Re: dnsbl or spamhaus occassionally blocks wrong IP

Thread Previous | Thread Next
March 14, 2006 11:31
Re: dnsbl or spamhaus occassionally blocks wrong IP
Message ID:

interesting.  sounds a lot like:


Peter J. Holzer writes:
> Yesterday I got a bounce because one of my servers was listed with
> spamhaus. 
> Except that it wasn't. The IP address in the error message was
> completely different. Grepping back through my logs I found 4 more mails
> in the last three months which were rejected where the IP-Address in the
> error message doesn't match the IP address of the connection.
> Now, 5 false positives for 1.5 million connections (113000 of which were
> rejected because of a listing in spamhaus) doesn't sound that bad, but
> I'm worried because I have no idea how that could have happened. Some
> wild hypotheses:
> * Sometimes forkserver gets confused when handling several parallel
>   connections and sets the wrong remote_ip. I don't see how this can
>   happen. Also, other messages from the same connection contain
>   the correct IP, so that doesn't seem to be the case.
> * dnsbl sometimes gets a response to a query sent by a different
>   forkserver child. I guess it would be possible that two forkserver
>   processes running after each other get the same UDP port and the
>   second gets a reply packet intended for the first. However, I would
>   expect that Net::DNS checks whether an answer matches the query it
>   sent ...
> * Sometimes spamhaus looks up the wrong record. Doesn't seem very likely
>   either.
> So, I'm kind of stumped. 
> 	hp
> -- 
>    _  | Peter J. Holzer    | Ich sehe nun ein, dass Computer wenig
> |_|_) | Sysadmin WSR       | geeignet sind, um sich was zu merken.
> | |   |         |
> __/   | |	-- Holger Lembke in dan-am

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About