Use RBLs? ORDB.org blacklisting all IP addresses

Discussion in 'NZ Computing' started by cobs, Mar 27, 2008.

  1. cobs

    cobs Guest

    If you're responsible for mail anywhere and wondering why it's a little
    quiet, from:
    http://isc.sans.org/diary.html?storyid=4198&rss

    ---

    ORDB.org blacklisting all IP addresses
    Published: 2008-03-26,
    Last Updated: 2008-03-26 17:22:35 UTC
    by Raul Siles (Version: 1)
    0 comment(s)

    Since yesterday, March 25 (I started to see it around 8:00am EST),
    ORDB.org - one of the old SPAM blacklist databases - started to
    blacklist (or block ;)) all IP addresses. As a result, all mail servers
    using an SPAM filtering solution that still references ORDB
    (relays.ordb.org) started to immediately block all incoming e-mails. I
    got some reports into my personal e-mail yesterday, that finally got
    fixed by my provider today.

    Although ORDB.org was shut down on December 18, 2006, yesterday they
    changed their behaviour, and instead of timing out, they are blocking
    all IP addresses, that is, every e-mail server queried is being reported
    as an open relay. If your mail infrastructure uses ORDB, the sender will
    get a message like this one (this is an example blacklisting the Gmail
    servers):

    Technical details of permanent failure:
    PERM_FAILURE: SMTP Error (state 13): 550-Message rejected because
    ag-out-0708.google.com [72.14.246.240]:20081 is
    550-blacklisted at relays.ordb.org see ordb.org was shut down on
    December 18,
    550 2006. Please remove from your mailserver.

    E-mail administrators (if you have not been notified yet by users not
    getting a single e-mail during the last 24 hours), please, check that
    your SPAM filtering solution is not querying ORDB!

    (...and there are lots of them using ORDB by default)

    The real reason behind this active behaviour change is not clear yet.
    --
    Raul Siles
    cobs, Mar 27, 2008
    #1
    1. Advertising

  2. cobs

    Dave Doe Guest

    In article <47eb755c$>, says...
    > If you're responsible for mail anywhere and wondering why it's a little
    > quiet, from:
    > http://isc.sans.org/diary.html?storyid=4198&rss

    <snip>

    Thanks for the heads up on that. I don't use ORDB, I use spamhaus's
    zen.spamhaus.org RBL.

    Wondering if you or anyone else knows:
    a) if ORDB might be better? (than spamhaus)
    and
    b) if spamhaus gets any RBL data from the ORDB (which would obviously be
    real' bad).

    --
    Duncan
    Dave Doe, Mar 28, 2008
    #2
    1. Advertising

  3. cobs

    Puddle Guest

    Dave Doe wrote:
    > In article <47eb755c$>, says...
    >> If you're responsible for mail anywhere and wondering why it's a little
    >> quiet, from:
    >> http://isc.sans.org/diary.html?storyid=4198&rss

    > <snip>
    >
    > Thanks for the heads up on that. I don't use ORDB, I use spamhaus's
    > zen.spamhaus.org RBL.
    >
    > Wondering if you or anyone else knows:
    > a) if ORDB might be better? (than spamhaus)
    > and


    Huh? well using ordb will definitely eliminate spam better than spamhaus :)

    > b) if spamhaus gets any RBL data from the ORDB (which would obviously be
    > real' bad).
    >


    No it doesn't.
    Puddle, Mar 28, 2008
    #3
  4. cobs

    Tony Guest

    > E-mail administrators (if you have not been notified yet by users not
    > getting a single e-mail during the last 24 hours), please, check that
    > your SPAM filtering solution is not querying ORDB!
    >
    > (...and there are lots of them using ORDB by default)
    >
    > The real reason behind this active behaviour change is not clear yet.
    > --
    > Raul Siles


    The scary thing is it shows all the unmaintained servers out there. I
    saw two customers have this problem. People don't seem to get it, if you
    don't actively maintain a server (no matter what o/s it runs) it will
    normally quickly become insecure.
    Tony, Mar 28, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. NIST.org
    Replies:
    8
    Views:
    717
  2. the loner

    blacklisting

    the loner, Jan 23, 2006, in forum: Computer Support
    Replies:
    6
    Views:
    411
    Plato
    Jan 24, 2006
  3. Blacklisting - 510 Software Group

    , Dec 5, 2007, in forum: Computer Support
    Replies:
    6
    Views:
    1,816
    Mike Easter
    Dec 6, 2007
  4. Blacklisting Companies

    , Dec 6, 2007, in forum: Computer Support
    Replies:
    13
    Views:
    913
    Blinky the Shark
    Dec 7, 2007
  5. bnt
    Replies:
    2
    Views:
    846
Loading...

Share This Page