Working with Spamhaus
Jon Lewis
jlewis at lewis.org
Thu Jul 30 02:56:08 UTC 2015
On Wed, 29 Jul 2015, Bob Evans wrote:
> I see that point - however, spamhaus has become a haus-hold word these
> days and everyone runs into these issues....its not malware or bots we
> block from a network level blackhole. Yet it is basic network operations
> these days to have to deal with someone complaining about their hacked
> mail server is now fixed yet they cant get mail.
If their mail server was SBL'd due to being compromised by spammers, they
likely can't send mail / get remote mail delivered. They should still be
able to "get mail", i.e. receive mail.
> We usually tell them the quickest way is to address spamhaus to get it
> removed and in parallel also move the mail server to a new IP and change
> the dns and rDNS to the new one. It gets us out of having to help with
> these RBL issues.
That (moving them to another IP) should really be a last resort if the
DNSBL(s) they're on are not responsive to being told the issue has been
resolved. Moving them without having resolved the issue would be even
worse, as it'll make it look like you're complicit with the spammer who
compromised the server (since you're helping them get around the DNSBLs).
I did that once that I can remember, when one of $work's main SMTP servers
was blocked by AOL, and when we reached out to AOL to ask why, their
response was basically "Someone from our postmaster group will let you
know why we're blocking you. It'll be at least a week before they can get
to your ticket."
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the NANOG
mailing list