develooper Front page | perl.qpsmtpd | Postings from March 2006

Re: dnsbl or spamhaus occassionally blocks wrong IP

Thread Previous | Thread Next
From:
jm
Date:
March 14, 2006 11:31
Subject:
Re: dnsbl or spamhaus occassionally blocks wrong IP
Message ID:
20060314193055.8EA17590020@radish.jmason.org

interesting.  sounds a lot like:

  http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3997

--j.

Peter J. Holzer writes:
> Yesterday I got a bounce because one of my servers was listed with
> spamhaus. 
> 
> Except that it wasn't. The IP address in the error message was
> completely different. Grepping back through my logs I found 4 more mails
> in the last three months which were rejected where the IP-Address in the
> error message doesn't match the IP address of the connection.
> 
> Now, 5 false positives for 1.5 million connections (113000 of which were
> rejected because of a listing in spamhaus) doesn't sound that bad, but
> I'm worried because I have no idea how that could have happened. Some
> wild hypotheses:
> 
> * Sometimes forkserver gets confused when handling several parallel
>   connections and sets the wrong remote_ip. I don't see how this can
>   happen. Also, other messages from the same connection contain
>   the correct IP, so that doesn't seem to be the case.
> 
> * dnsbl sometimes gets a response to a query sent by a different
>   forkserver child. I guess it would be possible that two forkserver
>   processes running after each other get the same UDP port and the
>   second gets a reply packet intended for the first. However, I would
>   expect that Net::DNS checks whether an answer matches the query it
>   sent ...
> 
> * Sometimes spamhaus looks up the wrong record. Doesn't seem very likely
>   either.
> 
> So, I'm kind of stumped. 
> 
> 	hp
> 
> -- 
>    _  | Peter J. Holzer    | Ich sehe nun ein, dass Computer wenig
> |_|_) | Sysadmin WSR       | geeignet sind, um sich was zu merken.
> | |   | hjp@hjp.at         |
> __/   | http://www.hjp.at/ |	-- Holger Lembke in dan-am

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About