[plug] Client listed on SORBS database
Daniel Pittman
daniel at rimspace.net
Wed Sep 30 18:13:46 WST 2009
"Jon Miller" <jlmiller at mmtnetworks.com.au> writes:
> I have a client that has gotten itself listed on the sorbs database as a
> vulnerable / hacked server.
>
> Is there any test I can run to see if this is true.
http://whatismyipaddress.com/staticpages/index.php/is-my-ip-address-blacklisted
That will cover a good deal more than just SORBS, which will be helpful:
a genuinely spam-spending or compromised machine will end up on a lot of these
things in pretty short order.
> How do I get them off the list?
That depends entirely on the list; some of them have removal policies
published on the site, others simply remove the entry after sufficient time
without a recurring offense.
I don't know about SORBS; see their website to find out.
> Their server is a Debian v4 with postfix.
That makes no difference.
> Is there anything I can look for with tshark or any other analyser?
Not specifically with regards DNS RBLs, other than something local that is the
equivalent of the website I suggest above. Um, I think. It really wasn't
clear what you were expecting that you could look at with tshark or in Postfix
that might make a difference here...
Daniel
--
✣ Daniel Pittman ✉ daniel at rimspace.net ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
Looking for work? Love Perl? In Melbourne, Australia? We are hiring.
More information about the plug
mailing list