Hello Ludi, > But if spamcop.net is still intact, how can someone grab bl.spamcop.net?
it does not matter if spamcop servers are up and running, the problem is that the responsible dns-servers do not answer with the spamcop servers' ips anymore. Now the ip of a website belonging to a domain broker is shown, so nobody is asking spamcop servers anymore. That company doesn't know about spamcop's interals and thus their nameserver is configured to return 91.195.240.87 for all dns queries, no matter which subdomain of spamcop.net you are asked for. Given the ip 1.2.3.4 - if postfix is configured to query the spamcop blacklist then a dns query like this is issued: [gerry@noc ~]$ dig 4.3.2.1.bl.spamcop.net [...] ;; ANSWER SECTION: 4.3.2.1.bl.spamcop.net. 300 IN A 91.195.240.87 Under normal conditions you would get something like the following, if the ip is listed with spamcop: 4.3.2.1.bl.spamcop.net. 300 IN A 127.0.0.1 If it's not listed no ip is returned, but as I explained above every query gets an ip now. So every ip is interpreted to be a spam source. An exception are configurations that explicitly check that a certain ip is returned, but most configurations don't do that. > That must be something different in my understanding. Like an error, hacking > attempt or DNS mixup. There is no error, hacking or mixup. Open spamcop.net in your browser and read the text at the bottom: "This Domain Name Has Expired - Renewal Instructions" So it seems they have forgotten to pay the renewal fee in time. If it worked for you all day long then your dns server still might be caching the old spamcop ips. Open a terminal and try the example above, the number 300 there is the ttl (time to live), which is the time in seconds your dns resolver will return that ip without quering the official dns servers. Otherwise this would be a geodns implementation that returnes different ips according to your location. But given the current ttl is only 300 (5 minutes) we would have gotten different ips by now if they had been changed. As of now the issue has not been solved, the same ip is returned: [gerry@noc ~]$ dig +short @DNS5.NAME-SERVICES.COM spamcop.net 91.195.240.87 Best regards Gerald
