X-Junk-Score:   0 []
X-Cloudmark-Score:   0 []
Return-Path: <jeglin@4pi.com>
Received: from mx.4pi.com ([24.172.19.59] verified)
  by mail.stalker.com (CommuniGate Pro SMTP 5.2.2)
  with ESMTP id 44338859 for SIMS@mail.stalker.com; Tue, 29 Apr 2008 14:44:35 -0700
Received-SPF: none
 receiver=mail.stalker.com; client-ip=24.172.19.59; envelope-from=jeglin@4pi.com
Received: from [192.168.9.138] (unknown [24.172.19.62])
	by mx.4pi.com (Postfix) with ESMTP id 1D16B3A7F778
	for <SIMS@mail.stalker.com>; Tue, 29 Apr 2008 17:43:06 -0400 (EDT)
Mime-Version: 1.0
Message-Id: <p06240818c43d406edcc4@[192.168.9.138]>
In-Reply-To: <list-44337897@mail.stalker.com>
References: <list-44337897@mail.stalker.com>
Date: Tue, 29 Apr 2008 17:41:03 -0400
To: "SIMS Discussions" <SIMS@mail.stalker.com>
From: Stefan Jeglinski <jeglin@4pi.com>
Subject: Re: postfix and zen vs sbl-xbl
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

>What do you get if you do a DNS lookup, i.e. 'dig 
>17.165.202.64.zen.spamhaus.org'  in a terminal session?


;; QUESTION SECTION:
;17.165.202.64.zen.spamhaus.org.        IN      A

;; ANSWER SECTION:
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.92
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.93
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.94
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.95
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.90
17.165.202.64.zen.spamhaus.org. 300 IN  A       209.86.66.91


So.... an A record is being returned, but none are the expected 
answer (either 127.0.0.2-11 or nothing). According to the postfix 
docs, if I do not specify, for example, reject_rbl_client 
zen.spamhaus.org=127.0.0.2, I will get a reject if any A record is 
returned.

But what are those A records? Ah-ha - barefruit, the bastards. 
Because I'm using an earthlink upstream resolver.


>The other possibility is that you may be forwarding your DNS queries 
>to a server that plays games with them.

<snip>

I would say this may be what is happening. I used to run djbdns on my 
Linux box but that's fallen by the wayside at the moment with OSX. 
Looks like I might need to return.

>You may get around ISP DNS injection by specifying the Spamhaus 
>return codes in your postfix config:
>
>smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org=127.0.0.2,
>    reject_rbl_client zen.spamhaus.org=127.0.0.4,
>    reject_rbl_client zen.spamhaus.org=127.0.0.5,
>    reject_rbl_client zen.spamhaus.org=127.0.0.10,
>    reject_rbl_client zen.spamhaus.org=127.0.0.11
>
>Otherwise, reject_rbl_client will catch on any answer from the DNS 
>query, and since DNS injection is done to inject bogus A records 
>pointing at real IP's, it will make reject_rbl_client catch if you 
>don't specify the lookup result.

Yep, there you go. Haven't tried it yet, but I will bet that's what's going on.

Bill, you are still a lifesaver. My roughly 5-yr-old (?) offer of 
dinner and a beer in the RTP NC area if you ever make it here is 
still good!


Stefan Jeglinski