[plug] Client listed on SORBS database

Daniel Pittman daniel at rimspace.net
Wed Sep 30 18:13:46 WST 2009

"Jon Miller" <jlmiller at mmtnetworks.com.au> writes:

> I have a client that has gotten itself listed on the sorbs database as a
> vulnerable / hacked server.
> Is there any test I can run to see if this is true.


That will cover a good deal more than just SORBS, which will be helpful:
a genuinely spam-spending or compromised machine will end up on a lot of these
things in pretty short order.

> How do I get them off the list?

That depends entirely on the list; some of them have removal policies
published on the site, others simply remove the entry after sufficient time
without a recurring offense.

I don't know about SORBS; see their website to find out.

> Their server is a Debian v4 with postfix.

That makes no difference.

> Is there anything I can look for with tshark or any other analyser?

Not specifically with regards DNS RBLs, other than something local that is the
equivalent of the website I suggest above.  Um, I think.  It really wasn't
clear what you were expecting that you could look at with tshark or in Postfix
that might make a difference here...

✣ Daniel Pittman            ✉ daniel at rimspace.net            ☎ +61 401 155 707
               ♽ made with 100 percent post-consumer electrons
   Looking for work?  Love Perl?  In Melbourne, Australia?  We are hiring.

More information about the plug mailing list