Using nslookup to check an email blocklist

I was notified by someone today that yesterday he had sent an email to a mailing list on an email server I maintain, but the email had not been delivered to recipients. When I checked yesterday's email log, I didn't see any email from his email address, so I asked him to resend the message. He did so, but that email message was also not delivered and I didn't see any log entry for his email address in today's email log, /var/log/maillog. He has a email address and Verizon recently transitioned its email service to AOL. I remembered helping him make that transition last month, so I looked for any entries in the log file and found the entry below for an attempt by an AOL email server to deliver a message that was rejected at the time he told me he had sent the email today.

# grep aol /var/log/maillog
Jun  2 10:50:16 moonpoint sendmail[23955]: ruleset=check_relay, arg1=omr-a006e.m, arg2=, [], reject=55
0 5.7.1 Spam Block:mail from refused - see

I use the Spam and Open Relay Blocking System (SORBS) spam blacklist, which is a DNS-based Blackhole List (DNSBL), aka a Real-time Blackhole List (RBL) to reduce the amount of spam that reaches users' inboxes on the email server. You can check on whether an IP address is still on a DNSBL from a command line interface (CLI) by using the nslookup command. For the fully qualified domain name (FQDN) to use for the DNS query, reverse the octets of the IP address, as you would for a reverse DNS lookup, and then append the FQDN of the blacklist service. E.g., if the IP address is and the blacklist server is, then perform a DNS lookup on as in the example below. In the example, I'm using the Google DNS server at, but you can use the default DNS servers for your system and omit the

Learning Network Technology and Security
Learning Network Technology and Security
1x1 px

# nslookup

Non-authoritative answer:


If the address returned is in the form of 127.0.0.x, where "x" can be any number, then the IP address is on the blocklist queried. For SORBS, the returned address indicates the particular blocklist or lists that the IP address is in.

Udemy - April2516-25off-sitewide120x600

On a Linux or Mac OS X/macOS system, you can also use the host command as shown below:

$ host has address

Related articles:

  1. SORBS Blocking Hotmail Email
  2. SORBS Blocking Email from Gmail
  3. Swinog DNSRBL