Well I am using Hetrix and I am seeing the same exact thing as MXToolbox On Tue, Feb 16, 2021 at 9:19 AM Blake Hudson via mailop <mailop@mailop.org> wrote:
> > On 2/14/2021 10:00 AM, Chris via mailop wrote: > > On 2021-02-14 01:42, André Peters via mailop wrote: > > ... > > > > 2) Securi.net used mxtoolbox. It has problems of its own of > > synthesizing it's own queries, and jumping to conclusions and > > misleading you. For example, if you do a domain lookup, you can end > > up with assertions you're listed in IP-only DNSBLs which have nothing > > to do with you. > > > > I personally prefer to use this for straight and > > uncomplicated/non-misleading results: > > > >> http://multirbl.valli.org/lookup/192.124.249.6.html > > > > Which lists some 9 listings for the IP. Now of course most of the > > DNSBLs listing it are trivial, not used much, or largely ignored (like > > RFC Ignorant), there are at least two that do seem indicate that they > > HAVE seen email traffic from that specific IP. So something seems to > > be awry with their assertion it can't make outbound connections. > > > > - If I had a nickel for everyone who insisted that their IP can't send > > email, when I have spam sample in my hand proving otherwise, I'd have > > retired long ago, or at least be a few dozen cases of beer richer. > > > > Even tho it's Securi.net, I'd prefer to see them at least expending > > the effort to see if anything *is* emitting from that IP rather than > > just asserting it. It wouldn't the first time that network hardware > > got infected, or a network operator got outsmarted. > > This was my first thought. The article's author states that his server > doesn't accept [incoming] connections on port 25 and somehow interprets > this as though the server therefore could not possibly send [outbound] > mail on port 25. This is obviously false. A form on a website, a command > line script, a malicious binary, etc could all certainly send email > messages on a system that's not listening on port 25 (or has incoming > connections to port 25 blocked). While remote, there's also a > possibility of IP hijacking or spoofing - more likely when you're just > talking about port scanning logs, less likely when you're talking about > fully functional TCP connections. > > I'm surprised the author didn't try to do any self-verification (or > state as such) before writing an article defaming another party. > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
