blackhole.securitysage.com

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

blackhole.securitysage.com

Zbigniew Szalbot-9
Hello,

Apologies as this is not really postfix-related but does any one know
how to access securitysage.com and see their (un)blocking policy?

554 5.7.1 Service unavailable; Client host [max.cyfronet.com] blocked using
     blackhole.securitysage.com (in reply to RCPT TO command)

I am seeing more and more sites using this RBL but I have no idea
why/how I got into this blacklist. Many thanks!

--
Zbigniew Szalbot
www.lc-words.com
Reply | Threaded
Open this post in threaded view
|

Re: blackhole.securitysage.com

Sahil Tandon
Zbigniew Szalbot <[hidden email]> wrote:
                                                                             
> Apologies as this is not really postfix-related but does any one know how
> to access securitysage.com and see their (un)blocking policy?
>
> 554 5.7.1 Service unavailable; Client host [max.cyfronet.com] blocked using
>     blackhole.securitysage.com (in reply to RCPT TO command)

I do not think this RBL is being maintained, so perhaps this other postmaster
is using an outdated local zone?  You should try contacting him/her directly.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: blackhole.securitysage.com

Bill Cole-3
In reply to this post by Zbigniew Szalbot-9
At 5:24 PM +0200 5/26/08, Zbigniew Szalbot wrote:

>Hello,
>
>Apologies as this is not really postfix-related but does any one
>know how to access securitysage.com and see their (un)blocking
>policy?
>
>554 5.7.1 Service unavailable; Client host [max.cyfronet.com] blocked using
>     blackhole.securitysage.com (in reply to RCPT TO command)
>
>I am seeing more and more sites using this RBL but I have no idea
>why/how I got into this blacklist. Many thanks!


You must be sending mail to some carelessly administered sites.

The SecuritySage  list has had availability issues for over a year
and has a history of inexplicable transient false positives. The
securitysage.com domain was reported to have expired last March
although is was apparently redeemed before being lost altogether.
Currently, www.securitysage.com is a CNAME for securitysage.com,
which is resolving to 127.0.0.1. I have seen reports that
securitysage.com seemed to have a wildcard pointing into NetSol
space, but it isn't there today.


Al Iverson (the best public tracker of DNSBL status and performance)
seems to have been convinced that the list was dead last October:
http://www.dnsbl.com/2007/10/status-of-blackholesecuritysagecom-down.html

And the SpamAssassin maintainers pulled it from the default rules
around the same time:

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5672

The successor company to SecuritySage is SSO and they have a very
incomplete description of the list at
http://www.sso.ca/resources/rhsbl.html with a contact address that
might work.






--
Bill Cole                                  
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: blackhole.securitysage.com

Michael J Wise
In reply to this post by Zbigniew Szalbot-9
On May 26, 2008, at 8:24 AM, Zbigniew Szalbot wrote:

> I am seeing more and more sites using this RBL but I have no idea  
> why/how I got into this blacklist. Many thanks!

You're not on their blacklist.
Their blacklist effectively no longer exists.
And yet it does.
Perhaps it has joined the ranks of the DNSBL UnDead....

Looks like they moved their domain hosting to Network Solutions, which  
has a wildcard policy, and ...

            $ host 15.85.14.85.blackhole.securitysage.com
        15.85.14.85.blackhole.securitysage.com has address 205.178.189.131

Note the lack of a 127.0.0.X -style response.

            $ host 2.0.0.127.blackhole.securitysage.com.
        2.0.0.127.blackhole.securitysage.com has address 205.178.189.131

Note the PRESENCE of a response for 127.0.0.2....

            $ host securitysage.com
        securitysage.com has address 205.178.189.131

Thank you, so much, Network Solutions.

Looks like the Sage needs to go back to school as a sophomore. IMHO.

Aloha mai Nai`a!
--
"Please have your Internet License             http://kapu.net/~mjwise/
   and Usenet Registration handy..."

Reply | Threaded
Open this post in threaded view
|

Re: blackhole.securitysage.com

Bill Cole-3
At 10:41 AM -0700 5/26/08, Michael J Wise wrote:

>On May 26, 2008, at 8:24 AM, Zbigniew Szalbot wrote:
>
>>I am seeing more and more sites using this RBL but I have no idea
>>why/how I got into this blacklist. Many thanks!
>
>You're not on their blacklist.
>Their blacklist effectively no longer exists.
>And yet it does.
>Perhaps it has joined the ranks of the DNSBL UnDead....
>
>Looks like they moved their domain hosting to Network Solutions,
>which has a wildcard policy, and ...
>
>    $ host 15.85.14.85.blackhole.securitysage.com
> 15.85.14.85.blackhole.securitysage.com has address 205.178.189.131

Interesting. I get a NXDOMAIN. Both authoritative servers for
securitysage.com are giving NXDOMAIN responses for random hosts in
the zone. Are you using a broken resolver that tells you lies when it
should be giving you NXDOMAIN?


Since the zone *was* a RHSBL, reversed-octet IP's are not what one
would look up anyway. Not that it really matters at this point....


>Note the lack of a 127.0.0.X -style response.
>
>    $ host 2.0.0.127.blackhole.securitysage.com.
> 2.0.0.127.blackhole.securitysage.com has address 205.178.189.131
>
>Note the PRESENCE of a response for 127.0.0.2....
>
>    $ host securitysage.com
> securitysage.com has address 205.178.189.131
>
>Thank you, so much, Network Solutions.
>
>Looks like the Sage needs to go back to school as a sophomore. IMHO.

Looks like that might well be true about whoever manages your DNS resolver...


--
Bill Cole                                  
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: blackhole.securitysage.com

Michael J Wise
On May 26, 2008, at 11:09 AM, Bill Cole wrote:

> At 10:41 AM -0700 5/26/08, Michael J Wise wrote:
>> On May 26, 2008, at 8:24 AM, Zbigniew Szalbot wrote:
>>
>>> I am seeing more and more sites using this RBL but I have no idea  
>>> why/how I got into this blacklist. Many thanks!
>>
>> You're not on their blacklist.
>> Their blacklist effectively no longer exists.
>> And yet it does.
>> Perhaps it has joined the ranks of the DNSBL UnDead....
>>
>> Looks like they moved their domain hosting to Network Solutions,  
>> which has a wildcard policy, and ...
>>
>>    $ host 15.85.14.85.blackhole.securitysage.com
>> 15.85.14.85.blackhole.securitysage.com has address 205.178.189.131
>
> Interesting. I get a NXDOMAIN. Both authoritative servers for  
> securitysage.com are giving NXDOMAIN responses for random hosts in  
> the zone.

There was more details, but there was also an A record returned.
Oh, and on some items, it helped to add a ".", as follows:

            $ host 15.85.14.85.blackhole.securitysage.com.
        15.85.14.85.blackhole.securitysage.com has address 205.178.189.131
        Host 15.85.14.85.blackhole.securitysage.com.chn.comcast.net not  
found: 3(NXDOMAIN)

> Are you using a broken resolver that tells you lies when it should  
> be giving you NXDOMAIN?

Currently, I defer to Comcast in that regard.

> Since the zone *was* a RHSBL, ...

Difficult for us to tell at this point in time, since all the main  
website says is, "Coming Soon".

        <http://blocklist.securitysage.com/>

> Not that it really matters at this point....

Yeah, it's kinda moot since some people are using it as a DNSBL, based  
on the results of the OP.

Aloha mai Nai`a!
--
"Please have your Internet License             http://kapu.net/~mjwise/
   and Usenet Registration handy..."

Reply | Threaded
Open this post in threaded view
|

Re: blackhole.securitysage.com

Bill Cole-3
At 11:27 AM -0700 5/26/08, Michael J Wise wrote:

>On May 26, 2008, at 11:09 AM, Bill Cole wrote:
>
>>At 10:41 AM -0700 5/26/08, Michael J Wise wrote:
>>>On May 26, 2008, at 8:24 AM, Zbigniew Szalbot wrote:
>>>
>>>>I am seeing more and more sites using this RBL but I have no idea
>>>>why/how I got into this blacklist. Many thanks!
>>>
>>>You're not on their blacklist.
>>>Their blacklist effectively no longer exists.
>>>And yet it does.
>>>Perhaps it has joined the ranks of the DNSBL UnDead....
>>>
>>>Looks like they moved their domain hosting to Network Solutions,
>>>which has a wildcard policy, and ...
>>>
>>>    $ host 15.85.14.85.blackhole.securitysage.com
>>> 15.85.14.85.blackhole.securitysage.com has address 205.178.189.131
>>
>>Interesting. I get a NXDOMAIN. Both authoritative servers for
>>securitysage.com are giving NXDOMAIN responses for random hosts in
>>the zone.
>
>There was more details, but there was also an A record returned.
>Oh, and on some items, it helped to add a ".", as follows:
>
>    $ host 15.85.14.85.blackhole.securitysage.com.
> 15.85.14.85.blackhole.securitysage.com has address 205.178.189.131
> Host 15.85.14.85.blackhole.securitysage.com.chn.comcast.net
>not found: 3(NXDOMAIN)
>
>>Are you using a broken resolver that tells you lies when it should
>>be giving you NXDOMAIN?
>
>Currently, I defer to Comcast in that regard.

So, yes.

You cannot trust Comcast to do your DNS resolution. They lie.

  dig @a.gtld-servers.net securitysage.com ns

; <<>> DiG 9.3.4 <<>> @a.gtld-servers.net securitysage.com ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23746
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;securitysage.com.              IN      NS

;; ANSWER SECTION:
securitysage.com.       172800  IN      NS      ns1.mydyndns.org.
securitysage.com.       172800  IN      NS      ns2.mydyndns.org.

;; Query time: 75 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon May 26 14:29:56 2008
;; MSG SIZE  rcvd: 82


>>Since the zone *was* a RHSBL, ...
>
>Difficult for us to tell at this point in time, since all the main
>website says is, "Coming Soon".
>
> <http://blocklist.securitysage.com/>


1. There's no logical reason to expect a webserver using that hostname.
2. Honest DNS says that name does not resolve.

; <<>> DiG 9.3.4 <<>> @ns1.mydyndns.org blocklist.securitysage.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33005
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;blocklist.securitysage.com.    IN      A

;; AUTHORITY SECTION:
securitysage.com.       1800    IN      SOA     ns1.mydyndns.org.
zone-admin.dyndns.com. 2007100509 10800 1800 604800 1800

;; Query time: 48 msec
;; SERVER: 63.208.196.92#53(63.208.196.92)
;; WHEN: Mon May 26 14:34:53 2008
;; MSG SIZE  rcvd: 114


>>Not that it really matters at this point....
>
>Yeah, it's kinda moot since some people are using it as a DNSBL,
>based on the results of the OP.

A RHSBL is arguably a subclass of DNSBL.

The OP's error message actually supported the conjecture of the list
being used as a RHSBL, since it referenced a domain name and not an
IP address.





--
Bill Cole                                  
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: blackhole.securitysage.com

mouss-2
In reply to this post by Zbigniew Szalbot-9
Zbigniew Szalbot wrote:

> Hello,
>
> Apologies as this is not really postfix-related but does any one know
> how to access securitysage.com and see their (un)blocking policy?
>
> 554 5.7.1 Service unavailable; Client host [max.cyfronet.com] blocked
> using
>     blackhole.securitysage.com (in reply to RCPT TO command)
>
> I am seeing more and more sites using this RBL but I have no idea
> why/how I got into this blacklist. Many thanks!
>

Zed's dead, baby.

funnily enough, the -fr debian list seems to use it in their
policyd-weight, the result of which is random blocking (I don't thing
Robert ever wanted this!).