On 24.07.2008 22:33 CE(S)T, Yves Goergen wrote:
I'm forwarding this issue to the Hetzner support team now. It seems that
some other customers have the same problem.
I had to keep telling them that it's their fault or at least not mine,
they finally confirmed me that one node in their load-bala
From: "Yves Goergen" <[EMAIL PROTECTED]>
Sent: Friday, 2008, July 25 13:39
On 25.07.2008 21:43 CE(S)T, mouss wrote:
BTW. do we have numbers on how many ISPs did update their bind
implementations (or have "safe" workarounds) after the recent bug
disclosure?
According to a Heise.de article, i
On 25.07.2008 21:43 CE(S)T, mouss wrote:
BTW. do we have numbers on how many ISPs did update their bind
implementations (or have "safe" workarounds) after the recent bug
disclosure?
According to a Heise.de article, in Austria 2/3 of all ISPs did not yet
patch their recursive DNS servers. In U
Matthias Leisi wrote:
jdow schrieb:
| (And if you're running an "'ix" operating system - why aren't you
running a
| DNS server. That's one of the first "hairy chested 'ix things" I ever
Since operating a sizeable DNS infrastructure, I came to prefer to
people using a shared/common/ISP-provided
On 20.07.2008 16:18 CE(S)T, Yet Another Ninja wrote:
This could be a DNS problem returning a .2 (positive response) for all
queries.
I have done some further tests and it seems that one of the four
nameservers (the .100.100) sometimes returns NXDOMAIN and sometimes
127.0.0.255, which obviousl
Yves Goergen wrote:
On 24.07.2008 08:32 CE(S)T, Matt Kettler wrote:
Matthias Leisi wrote:
Since many mailservers will query the same DNS-related information (eg
DNSxL lookups on widely-used mailservers like eg from Yahoo, or from
the
same botnets), traffic savings through caching are _conside
On Thursday 24 July 2008 22:33:25 Yves Goergen wrote:
> I'm forwarding this issue to the Hetzner support team now. It seems that
> some other customers have the same problem.
hetzner dns is broken since forver. as well as their dhcp and their swicthes
and don't get me started. just don't us
On 24.07.2008 08:32 CE(S)T, Matt Kettler wrote:
Matthias Leisi wrote:
Since many mailservers will query the same DNS-related information (eg
DNSxL lookups on widely-used mailservers like eg from Yahoo, or from the
same botnets), traffic savings through caching are _considerable_.
True, but you
Matthias Leisi wrote:
jdow schrieb:
| (And if you're running an "'ix" operating system - why aren't you
running a
| DNS server. That's one of the first "hairy chested 'ix things" I ever
Since operating a sizeable DNS infrastructure, I came to prefer to
people using a shared/common/ISP-provided
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
jdow schrieb:
| (And if you're running an "'ix" operating system - why aren't you
running a
| DNS server. That's one of the first "hairy chested 'ix things" I ever
Since operating a sizeable DNS infrastructure, I came to prefer to
people using a sh
From: "Yves Goergen" <[EMAIL PROTECTED]>
Sent: Wednesday, 2008, July 23 15:24
On 23.07.2008 19:28 CE(S)T, jdow wrote:
Since you are experiencing a DNS problem and there is an exploit
for the Kaminsky DNS bug that was fixed in a massive multi-vendor
roll out, are you patched or are you sure you
On 23.07.2008 19:28 CE(S)T, jdow wrote:
Since you are experiencing a DNS problem and there is an exploit
for the Kaminsky DNS bug that was fixed in a massive multi-vendor
roll out, are you patched or are you sure you are not getting your
DNS spoofed?
I'm not running a DNS server.
--
Yves Goerg
jdow wrote:
From: "Yves Goergen" <[EMAIL PROTECTED]>
Sent: Wednesday, 2008, July 23 09:05
On 23.07.2008 10:03 CE(S)T, Dirk Bonengel wrote:
Just a thought, but could you install a local nameserver (bind9) to
act as a caching nameserver?
AFAIK, at least in Debian you just need to 'apt-get insta
From: "Yves Goergen" <[EMAIL PROTECTED]>
Sent: Wednesday, 2008, July 23 09:05
On 23.07.2008 10:03 CE(S)T, Dirk Bonengel wrote:
Just a thought, but could you install a local nameserver (bind9) to act
as a caching nameserver?
AFAIK, at least in Debian you just need to 'apt-get install' bind.
De
On 23.07.2008 10:03 CE(S)T, Dirk Bonengel wrote:
Just a thought, but could you install a local nameserver (bind9) to act
as a caching nameserver?
AFAIK, at least in Debian you just need to 'apt-get install' bind.
Default config is OK
This is Debian 3.1, it's pretty likely to be out of date. I'
Thank you for the explanation of the output.
Basically it says the same as the host command before, if I understand
this right, and doesn't explain the observed SA behaviour.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
Visit my web laboratory at http://beta.unclassified.de
On 21.07.2008 23:36 CE(S)T, Karsten Bräckelmann wrote:
OK, I told you to check previously received mail for the same broken
URIBL hit pattern. So you could just have a look at the X-Spam headers
using your MUA. Probably the easiest method anyway, just to spot a few
other mails showing the same pa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yves Goergen schrieb:
|> $ dig @213.133.100.100 unclassified.de.multi.uribl.com A
|
| ; <<>> DiG 9.2.4 <<>> @213.133.100.100 unclassified.de.multi.uribl.com A
| ;; global options: printcmd
| ;; Got answer:
| ;; ->>HEADER<<- opcode: QUERY, status: N
On 22.07.2008 06:28 CE(S)T, Dallas Engelken wrote:
Every Hetzner customer using the same DNS by default? Yeah, that indeed
looks like these DNS servers are being blocked by the BL operators (see
my previous post). Most likely not only URIBL, but every major BL out
there...
No, there are those N
Karsten Bräckelmann wrote:
On Mon, 2008-07-21 at 23:17 +0200, Matthias Leisi wrote:
Yves Goergen schrieb:
What do you mean? My mail server uses the DNS servers of the computing
centre. What SpamAssassin does, I don't know. The IP addresses are:
The same as everyone else..
Yves Goergen wrote:
On 21.07.2008 22:10 CE(S)T, mouss wrote:
view source (CTRL-U) and copy-paste to a file on your server. then run
# spamassassin -t < message.eml
Look through each single message from all my folders that I have
received within the last two weeks, view the source, copy it int
On Mon, 2008-07-21 at 23:17 +0200, Matthias Leisi wrote:
> Yves Goergen schrieb:
> > What do you mean? My mail server uses the DNS servers of the computing
> > centre. What SpamAssassin does, I don't know. The IP addresses are:
The same as everyone else... Sic.
> > # cat /etc/resolv.conf
> > n
On Mon, 2008-07-21 at 21:50 +0200, Yves Goergen wrote:
> On 20.07.2008 22:42 CE(S)T, Karsten Bräckelmann wrote:
> > Run such a message through 'spamassassin' again, to see what it reports
> > *now*. Do you still see these strange, multiple URIBL hits?
> > spamassassin < message > out
>
> It st
Yves Goergen schrieb:
# cat /etc/resolv.conf
nameserver 213.133.100.100
nameserver 213.133.99.99
nameserver 213.133.98.98
nameserver 213.133.98.97
Ah, Hetzner. I had a lot less problems since I started to run my own:
main:~> cat /etc/resolv.conf
nameserver 127.0.0.1
#nameserver 213.133.100.1
On 21.07.2008 22:10 CE(S)T, mouss wrote:
view source (CTRL-U) and copy-paste to a file on your server. then run
# spamassassin -t < message.eml
Look through each single message from all my folders that I have
received within the last two weeks, view the source, copy it into a
file, upload it
Yves Goergen wrote:
On 20.07.2008 22:42 CE(S)T, Karsten Bräckelmann wrote:
Run such a message through 'spamassassin' again, to see what it reports
*now*. Do you still see these strange, multiple URIBL hits?
spamassassin < message > out
It still reports that.
Also, check other email (incl
On 20.07.2008 16:18 CE(S)T, Yet Another Ninja wrote:
This could be a DNS problem returning a .2 (positive response) for all
queries.
what DNS are you using for your queries?
What do you mean? My mail server uses the DNS servers of the computing
centre. What SpamAssassin does, I don't know. T
On 20.07.2008 22:42 CE(S)T, Karsten Bräckelmann wrote:
Run such a message through 'spamassassin' again, to see what it reports
*now*. Do you still see these strange, multiple URIBL hits?
spamassassin < message > out
It still reports that.
Also, check other email (including spam!) for mult
This could be a DNS problem returning a .2 (positive response) for all
queries.
what DNS are you using for your queries?
On 7/20/2008 4:03 PM, Yves Goergen wrote:
Hello,
I just received an e-mail with the following report:
X-Spam-Report: Content analysis details:
0.0 URIBL_RED
On Mon, 21 Jul 2008, mouss wrote:
Duane Hill wrote:
On Sun, 20 Jul 2008, Yves Goergen wrote:
On 20.07.2008 17:10 CE(S)T, mouss wrote:
on the host running SA, try
$ host 1.0.0.127.zen.spamhaus.org
It says:
1.0.0.127.zen.spamhaus.org does not exist (Authoritative answer)
The server is loca
Duane Hill wrote:
On Sun, 20 Jul 2008, Yves Goergen wrote:
On 20.07.2008 17:10 CE(S)T, mouss wrote:
on the host running SA, try
$ host 1.0.0.127.zen.spamhaus.org
It says:
1.0.0.127.zen.spamhaus.org does not exist (Authoritative answer)
The server is located in a well-known computing centre
On Sun, 2008-07-20 at 22:21 +0200, Yves Goergen wrote:
> Correct. My fault. I've looked through the e-mails that I have received
> today and that contain my quoted signature. All of them I could find
> from today have this issue. All messages from today that contain the
> link show the same 3 m
On 20.07.2008 20:54 CE(S)T, Duane Hill wrote:
smtpgate# host 2.0.0.127.zen.spamhaus.org
2.0.0.127.zen.spamhaus.org has address 127.0.0.10
2.0.0.127.zen.spamhaus.org has address 127.0.0.4
2.0.0.127.zen.spamhaus.org has address 127.0.0.2
Same here, for whatever it's worth.
--
Yves Go
On 20.07.2008 20:21 CE(S)T, Karsten Bräckelmann wrote:
On Sun, 2008-07-20 at 20:07 +0200, Yves Goergen wrote:
On 20.07.2008 16:39 CE(S)T, Karsten Bräckelmann wrote:
Bad DNS response? That probably would explain why the domain ended up on
RED, GRAY and BLACK. See above. Do you see hits like thes
On Sun, 20 Jul 2008, Yves Goergen wrote:
On 20.07.2008 17:10 CE(S)T, mouss wrote:
on the host running SA, try
$ host 1.0.0.127.zen.spamhaus.org
It says:
1.0.0.127.zen.spamhaus.org does not exist (Authoritative answer)
The server is located in a well-known computing centre in Nuremberg, Germ
On Sun, 2008-07-20 at 20:07 +0200, Yves Goergen wrote:
> On 20.07.2008 16:39 CE(S)T, Karsten Bräckelmann wrote:
> > It strikes me as odd that the URI should be listed in all these BLs. DNS
> > hiccup?
>
> Maybe.
>
> > Bad DNS response? That probably would explain why the domain ended up on
> > RE
On 20.07.2008 16:39 CE(S)T, Karsten Bräckelmann wrote:
It strikes me as odd that the URI should be listed in all these BLs. DNS
hiccup?
Maybe.
Bad DNS response? That probably would explain why the domain ended up on
RED, GRAY and BLACK. See above. Do you see hits like these with other
mail, t
On 20.07.2008 17:10 CE(S)T, mouss wrote:
on the host running SA, try
$ host 1.0.0.127.zen.spamhaus.org
It says:
1.0.0.127.zen.spamhaus.org does not exist (Authoritative answer)
The server is located in a well-known computing centre in Nuremberg,
Germany. I assume they know how to handle DNS
Yves Goergen wrote:
[snip]
The message is a reply to a message from me. It contains my text quoted,
complete with my previous signature that also has the link to
http://unclassified.de. I was a bit surprised about the high spam score
of 5.0 and looked at the report. It says that "unclassified.
On Sun, 2008-07-20 at 16:03 +0200, Yves Goergen wrote:
> Hello,
>
> I just received an e-mail with the following report:
>
> > X-Spam-Report: Content analysis details:
> > 0.0 URIBL_RED Contains an URL listed in the URIBL redlist
> > [URIs: unclassified.de]
> > 0.2 URIBL_
Hello,
I just received an e-mail with the following report:
X-Spam-Report: Content analysis details:
0.0 URIBL_RED Contains an URL listed in the URIBL redlist
[URIs: unclassified.de]
0.2 URIBL_GREY Contains an URL listed in the URIBL greylist
41 matches
Mail list logo
