On Wed, 14 Apr 2004, Jeremy Kister wrote:
telling them they were mistaken. Finding no documentation on how they deem networks "dynamic" or "static" I changed my rDNS scheme from ppp-64-115-x-x to 64-115-x-x Note to all: "ppp" in no way signifies dial-up; we run ppp over almost every circuit we have -- from dialup to OC12, to Ethernet and ATM.
I think you'll find it's pretty commonly assumed (not just by certain DNSBLs) that "script generated" DNS is dynamic. Prepending it with ppp- makes the assumption seem to be even more of a slam dunk. Just to pick an example, dummy-smtpd assumes that any host that matches /\d{1,3}.\d{1,3}.\d{1,3}/ is "dynamic host with with script-generated rDNS name". I think the feeling is, "if you care enough about the system that it should be a legitimate mail server, it ought to have 'unique' rDNS." rDNS matching what it HELO's as is nice too.
I also stated how all of our network was scanned twice a day for open-relay mail servers. Being a bigish ISP, we are _huge_ on our abuse policies, and our abuse bucket [usually] has only memories of tumbleweed blowing by.
Irrelevant. Unless you're doing full port scans, you're not going to find the open proxies. Open relays are old school for spamming. Open and stealth proxies are the current methods. Are you looking for HTTP Connect proxies on 65506, 6588, 48669, etc.? How about the socks5 proxy on 64.115.63.248:35762, which BTW is static-64-115-63-248.isp.broadviewnet.net.
2. that to prevent further hysteria, I had changed the reverse dns from ppp-64-115-x-x to static-64-115-x-x and dynamic-64-115-x-x, respectively.
That's better than the original. Would you really expect people in today's spam overrun climate to accept email from a system identified as ppp-64-115-x-x.isp.broadviewnet.net? I don't know about you, but that just screams dialup to me. 64-115-x-x.isp.broadviewnet.net isn't much better.
3. their blindness was very unprofessional, deeming SORBS a Worthless Project ran by Ignorant Half-Wits
Your thinking that won't change the minds of thousands of systems blocking millions of spams with their list.
As of this date I have not received a response from anyone at sorbs, and do not expect one. Our support crew is overwhelmed with upset customers who cant send email to their associates. Our only response to them is that we have tried to resolve the issue, but could not, and that the remote ISP should stop using sorbs.
Did it occur to you to setup reverse DNS to match forward DNS? Are these customers running DNS that says "our MX records are 64-115-x-x.isp.broadviewnet.net and 64-115-x-y.isp.broadviewnet.net"? I really doubt it. Having them smarthost their mail through your server (it's not 64-115-x-x.isp.broadviewnet.net too, is it?) would also be a no-brainer immediate solution until you can work things out with SORBS. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________