I was notified by someone today that yesterday he had sent an email to a mailing
list on an email server I maintain, but the email had not been delivered
to recipients. When I checked yesterday's email log, I didn't see any email
from his email address, so I asked him to resend the message. He did so, but
that email message was also not delivered and I didn't see any log entry for
his email address in today's email log, /var/log/maillog. He
has a verzion.net email address and Verizon recently transitioned its email
service to AOL.
I remembered helping him make that transition last month, so I looked for any
aol.com entries in the log file and found the entry below for an attempt by an
AOL email server to deliver a message that was rejected at the time he told me
he had sent the email today.
# grep aol /var/log/maillog Jun 2 10:50:16 moonpoint sendmail[23955]: ruleset=check_relay, arg1=omr-a006e.m x.aol.com, arg2=127.0.0.6, relay=omr-a006e.mx.aol.com [204.29.186.55], reject=55 0 5.7.1 Spam Block:mail from 204.29.186.55 refused - see http://dnsbl.sorbs.net/
I use the Spam and Open Relay Blocking System (SORBS) spam blacklist, which is a DNS-based Blackhole List (DNSBL), aka a Real-time Blackhole List (RBL) to reduce the amount of spam that reaches users' inboxes on the email server. You can check on whether an IP address is still on a DNSBL from a command line interface (CLI) by using the nslookup command. For the fully qualified domain name (FQDN) to use for the DNS query, reverse the octets of the IP address, as you would for a reverse DNS lookup, and then append the FQDN of the blacklist service. E.g., if the IP address is 204.29.186.55 and the blacklist server is dnsbl.sorbs.net, then perform a DNS lookup on 55.186.29.204.dnsbl.sorbs.net as in the example below. In the example, I'm using the Google DNS server at 8.8.8.8, but you can use the default DNS servers for your system and omit the 8.8.8.8.
# nslookup 55.186.29.204.dnsbl.sorbs.net 8.8.8.8 Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: 55.186.29.204.dnsbl.sorbs.net Address: 127.0.0.6 #
If the address returned is in the form of 127.0.0.x, where "x" can be any number, then the IP address is on the blocklist queried. For SORBS, the returned address indicates the particular blocklist or lists that the IP address is in.
| http.dnsbl.sorbs.net | 127.0.0.2 |
| socks.dnsbl.sorbs.net | 127.0.0.3 |
| misc.dnsbl.sorbs.net | 127.0.0.4 |
| smtp.dnsbl.sorbs.net | 127.0.0.5 |
| new.spam.dnsbl.sorbs.net | 127.0.0.6 |
| recent.spam.dnsbl.sorbs.net | 127.0.0.6 |
| old.spam.dnsbl.sorbs.net | 127.0.0.6 |
| spam.dnsbl.sorbs.net | 127.0.0.6 |
| escalations.dnsbl.sorbs.net | 127.0.0.6 |
| web.dnsbl.sorbs.net | 127.0.0.7 |
| block.dnsbl.sorbs.net | 127.0.0.8 |
| zombie.dnsbl.sorbs.net | 127.0.0.9 |
| dul.dnsbl.sorbs.net | 127.0.0.10 |
| badconf.rhsbl.sorbs.net | 127.0.0.11 |
| nomail.rhsbl.sorbs.net | 127.0.0.12 |
| noserver.dnsbl.sorbs.net | 127.0.0.14 |
| virus.dnsbl.sorbs.net | 127.0.0.15 |
On a Linux or Mac OS X/macOS system, you can also use the host command as shown below:
$ host 55.186.29.204.dnsbl.sorbs.net 55.186.29.204.dnsbl.sorbs.net has address 127.0.0.6 $
Related articles:
