dnsbl – Don't fear the penguin

Τι κάνεις όταν θέλεις να δεχτείς mail από κάποιο IP που είναι listed σε κάποια dnsbl και δε μπορείς να το βγάλεις;

Το κάνεις whitelist στον mail server ή στο antispam software που χρησιμοποιείς..

Κι αν το whitelisting δε δουλεύει ή δεν έχεις τον έλεγχο τους;

Τότε κάνεις bypass το dnsbl listing, γιατί έχεις έλεγχο του DNS server που χρησιμοποιούνε!

Εστω ότι το listed IP είναι το 193.194.195.196, και είναι listed στην bl.spamcop.net.

$ host 196.195.194.193.bl.spamcop.net
196.195.194.193.bl.spamcop.net has address 127.0.0.2

Φτιάχνεις ένα κενό zone file στον DNS σαν το παρακάτω

$ cat etc/noblacklist.zone

$TTL 86400
;
;name   addr-cl SOA     Origin  Person in charge
;
@       IN      SOA     localhost.  root.localhost. (
                        2008011600   ; Serial
                        21600        ; Refresh 6 hours
                        3600         ; Retry 1 hours
                        3600000      ; Expire 41 days 16 hours
                        172800     ) ; Minimum 2 days
                                IN      NS      localhost.

Στο etc/named.conf του bind δηλώνεις το παρακάτω:

zone "195.194.193.bl.spamcop.net" {
                type master;
                file "/etc/noblacklist.zone";
};

Κάνεις reconfig στο bind και ως δια μαγείας ..δεν είσαι πλεον listed

$ host 196.195.194.193.bl.spamcop.net
Host 196.195.194.193.bl.spamcop.net not found: 3(NXDOMAIN)

follow me on twitter

RT @hsoc: Merry Christmas @hellasdirect 🎅🎄 https://t.co/V7xxbjw9YS 8 months ago

RT @bad_packets: It's not DNS There's no way it's DNS It was DNS twitter.com/BleepinCompute… 1 year ago

RT @PowerDNS_Bert: Dear EU: Cyber security is important, but please don’t #RuinTheRoot by regulating the non-essential entities that run th… 1 year ago

RT @_argp: BugTraq Shutdown, end of an era: "At this time, resources for the BugTraq mailing list have not been prioritized, and this will… 1 year ago

RT @jpmens: IT WASN’T DNS twitter.com/atoonk/status/… 1 year ago

RT @fanf: “For the first time, nginx is in use by more web-facing computers than any other web server, including Apache” https://t.co/rscQy… 1 year ago

RT @skaragiannis: In case you missed it https://t.co/X3FUqYZYqZ 2 years ago

RT @QuinnyPig: The best part about this question is that (aside from the third answer's "single digit millisecond latency") I can make it d… 2 years ago

RT @ripencc: Today, at 15:35, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now ru… 2 years ago

RT @hellasdirect: Sotiris Tsimbonis, our infrastructure and automation lead, has been with us from day 1. Today, we are proud to see him ex… 2 years ago

Follow @stsimb

Linux Weekly News

[$] The growing image-processor unpleasantness

There was a time when care had to be taking when buying hardware if the goal was to run Linux on it. The situation has improved considerably in recent decades, and unsupported hardware is more the exception than the rule. That has, for many years, been especially true of Intel hardware; that company has made a point of ensuring that its offerings work with L […]

corbet

LibreOffice 7.4 Community released

The Document Foundation has announced the release of LibreOffice 7.4 Community, which is the community-supported version of the open-source office suite. Version 7.4 comes with new features for the suite as a whole (WebP and EMZ/WMZ support, ...), the Writer word-processor (better change tracking and hyphenation settings, ...), the Calc spreadsheet (16K colu […]

jake

Krita 5.1.0 released

Version 5.1.0 of the Krita painting program is out. "Krita 5.1 comes with a ton of smaller improvements and technical polish. This release sees updates to usability across the board, improved file format handling, and a whole lot of changes to the selection and fill tools."

corbet

Julia 1.8 released

Version 1.8 of the Julia language has been released. Changes include typed globals, a new default thread scheduler, some new profiling tools, and more.

corbet

Security updates for Thursday

Security updates have been issued by Debian (chromium, epiphany-browser, freecad, and schroot), Fedora (freeciv, microcode_ctl, qemu, and rsync), Oracle (httpd), SUSE (aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins, bluez, curl, gnu […]

jake

[$] LWN.net Weekly Edition for August 18, 2022

The LWN.net Weekly Edition for August 18, 2022 is available.

corbet

[$] Tornado Cash and collateral damage

On August 8, the US government sanctioned the Tornado Cash cryptocurrency mixer for money laundering. The sanction means that no US citizen or company can interact with Tornado Cash in any way, all assets of the organization are to be reported so that they can be seized, and more. But at the core of Tornado Cash is a chunk of open-source code for "smart […]

jake

Three big stable kernel updates

The massive 5.19.2 (1,157 patches), 5.18.18 (1,094 patches), and 5.15.61 (778 patches) stable updates have been released; each contains a lot of important fixes.

corbet

Security updates for Wednesday

Security updates have been issued by Debian (epiphany-browser, net-snmp, webkit2gtk, and wpewebkit), Fedora (python-yara and yara), Red Hat (kernel and kpatch-patch), SUSE (ceph, compat-openssl098, java-1_8_0-openjdk, kernel, python-Twisted, rsync, and webkit2gtk3), and Ubuntu (pyjwt and unbound).

corbet

[$] From late-bound arguments to deferred computation, part 1

Back in November, we looked at a Python proposal to have function arguments with defaults that get evaluated when the function is called, rather than when it is defined. The article suggested that the discussion surrounding the proposal was likely to continue on for a ways—which it did—but it had died down by the end of last year. That all changed in mid-Jun […]

jake

	Michail στη Ελληνικά ή Αγγλικά;
	adamo στη Ελληνικά ή Αγγλικά;
	Michail στη Ελληνικά ή Αγγλικά;
	Michail στη Ελληνικά ή Αγγλικά;
	cvi going distribute… στη version control for important…
	bilias στη It’s a girl!
	Sotiris Tsimbonis στη It’s a girl!
	kioan στη It’s a girl!
	kzorba στη It’s a girl!
	Sotiris Tsimbonis στη It’s a girl!

Ετικέτα: dnsbl

Re: Why DNS blacklists don’t work for IPv6 networks

locally bypass dnsbl listing