I think this TTL issue is relatively trivial and I would like to not see too long threads about it here, so after this message, I can talk to people privately about it but I prefer not to flood this list about this specific issue for now. So I would appreciate reply's about this to be off-list. On Wed, Jul 26, 2006 at 09:50:25PM +0000, Andy Smith wrote: > On Thu, Jul 27, 2006 at 12:13:57AM +0300, Juha-Matti Tapio wrote: > > And if TTL is not a listing criteria, it therefore is > > propably never the sole delisting criteria. > http://strugglers.net/~andy/tmp/sorbs-demands-high-ttl-for-delisting.txt > This IP space, and many others, are not delisted solely because of > their DNS PTR record's TTL. SORBS has no place enforcing arbitrary > rules on DNS TTL, and that is why I no longer use it to outright > reject email. I think the message you link to gives pretty well specified options where TTL check is not the sole criteria nor even necessary. [Quoting from it:] : (2) Have your DNS data modified so that the listed IP address has a : clearly non-dynamic rDNS. We suggest that you include the keyword : "static" on this name, to avoid future listings. Also, insure that the : TTL is set to no less than 43200 seconds (we recommend 86400). [...] Sorbs claimed that your address was listed because the reverse looked like a dynamic one. This delisting option number 2 requires that both the reverse has to be changed to a non-dynamic one _and_ that the TTL must be high enough to look convincing. Therefore in this scenario TTL is not the _sole_ delisting criteria, but it is only there to make the primary delisting criteria more trustworthy. : - or - : (3) Ask your ISP to get in touch with SORBS with the list of dynamic : and static IP allocations within its network, so that our DUHL list : can be updated. Note that many large ISPs do this periodically to : reduce the inconvenience to its users. In this case, the communication : must come from a RIR contact for the affected IP space. And since Sorbs promises to give this option number three, did your ISP use it? Did the RIR contact do this? Because this option does not seem to demand high TTL at all. I assume this is intentional from Sorbs part and not just an accidental omission. The word of a RIR-contact does mean a lot. So again the TTL criteria is not a _sole_ delisting criteria. Also note that if you adjust your DNS configuration properly, you may be able to use the automated delisting facility at https://www.dnsbl.sorbs.net/scgi-bin/dulexclusions This facility can allow you to quickly delist IP addresses under your control without intervention of SORBS' staff. > My users get false positives and then I have to tell them that the > ISP of the person sending the mail applied a TTL that is too low in > the opinion of SORBS, then I need to explain what DNS TTL is about. > And after all that when they ask "Okay so why is that bad?" there > really isn't a good answer other than some paranoid stance regarding > people changing their RDNS while SORBS looks and then changing it > back later (WTF???) I cannot advocate a position I find ridiculous, > much less spend a lot of time doing so. I do have kind of a hard time understanding why anyone would refuse to raise the TTL while they have anyway decided to choose option number two and change their reverse name to something real. For the admin the biggest hurdle is to just open up the DNS zone and start editing it, not the individual changes. Just to sidestep a bit since you mentioned users. I assume you are talking about the host that got listed. How many mail users do you host on an ADSL line and what kind of experiences have you had with it? ADSL does have kind of bad reputation for servers (at least mine has almost daily network problems) and I would propably not be brave enough to use it for such purpose, but I would be interested to know about your environment. Don't you get too many blocked outbound messages for having 'adsl' in your reverse name?
Attachment:
signature.asc
Description: Digital signature