Re: Blacklisting (postfix rbl) - recent issue with blackhole.securitysage.com
On Fri, Mar 16, 2007 at 01:56:14AM +0100, Robert Hensel wrote:
> >>>Mar 14 11:01:03 hostname postfix/smtpd[28035]: NOQUEUE: reject: RCPT
> >>>
> >>>from hostname[ip]: 554 5.7.1 Service unavailable; Client host
> >>
> >>>[hostname] blocked using blackhole.securitysage.com;
> >>>from=<address@addresss.com> to=<address@address.com> proto=ESMTP
> >>>helo=<hostname>
> >>>
> >
> >It is quite useless to paste (sections of) logfiles, while munging most
> >of it. I could have come up with this line myself. The most important
> >part has been munged as well: the connecting IP address which has been
> >checked against the blackhole.securitysage.com rbl.
> >
> Since it is clearly an issue that is not related to a specific host,
> since multiple systems (inbound and servers) had the same problem I do
> not find it usefull or necessary to disclose that information. Also see
> the email below I received from securitysage (can also be found on the
> wiki link):
of course the client IP is essential information - how else are we, who
you have asked for help, to check whether it IS actually listed in any
RBLs?
munging the recipient address is OK, that is privacy-sensitive
information, but revealing the client IP a) doesn't infringe anyone's
privacy (because it doesn't identify an individual) and b) is essential
for diagnostic purposes.
craig
--
craig sanders <cas@taz.net.au>
BOFH excuse #187: Reformatting Page. Wait...
Reply to: