Hi, On Tue, 21 Sep 2004 02:16:58 -0700 "jdow" <[EMAIL PROTECTED]> wrote:
> Apache is using a DoS tool as a blacklist? > > Send email from your ISP to [EMAIL PROTECTED] and watch the > results. They say one email to that address is sufficient to cause > the entire relay path to be marked as spammers. You missed a part (http://dsbl.org/faq-help#testmessage): "How should a DSBL listme mail be formatted? In order to avoid false positives DSBL email needs to be formatted in a special way, indicating the reason the mail is listed (so the admin can fix the problem) and the email address the sender uses: DSBL LISTME: <transport> <input ip> <cookie> <details> DSBL END <transport> should be 'smtp', 'formmail', 'socks', etc. (without the quotes). <input ip> is the IP address that is being tested (for the purpose of determining multihop). <cookie> is the token the tester requested by contacting cookie.dsbl.org. <details> should be the details for the transport, i.e. the SMTP envelope for smtp, or the URL for formmail. In order to prevent malicious users from getting email list servers onto DSBL these headers have to occur on the beginning of the line and need to start within the first 6 lines of the message." Mail sent to listme that isn't formatted properly only gets the server listed on unconfirmed.dsbl.org. If you block mail based on that, then yes, you're an idiot. But grouse.mail.pas.earthlink.net is listed in singlehop (list.dsbl.org) which apparently has higher standards for listing. A quick check of http://dsbl.org/listing?ip=207.217.120.116 shows earthlink's server being listed for being a single-hop open relays and insecure formmail scripts. Looks like earthlink relays for o1.com users; you may want to ask DSBL how trusted their reporter 'salsbury' is. If Earthlink isn't supposed to relay mail for o1.com users, then Earthlink is operating an open relay and should be listed, otherwise the DSBL reporter 'salsbury' needs a severe whacking with a cluebat and loss of reporting privileges. Have you considered talking to Earthlink or DSBL directly rather than grousing about ASF mail admins? The problem is bigger than just Apache's use of list.dsbl.org. Since the first of the year I've seen 181 rejections of mostly broadband client machines (zombies) due to list.dsbl.org with no obvious FPs. YMMV. -- Bob
