[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Blacklisting (postfix rbl) - recent issue with blackhole.securitysage.com

Rejo Zenger wrote:
++ 15/03/07 20:34 +0100 - Robert Hensel (Hensel Hosting):
http://wiki.openrbl.org/wiki/Blackhole.securitysage.com). Now it seems 
weird that if the rbl host is unreachable Postfix decides to simply take 
that as a "ah well, just block everything then", or maybe something else 
was going on?
As far as I know, this is not default behaviour of Postfix. In other
words, Postfix does not behave like this or you may have configured
Postfix to behave like this.
Postfix is not configured in any strange way here, and you're right; as far as I'm aware it does indeed not act like this when an rbl host is down (which is something I haven't seen much anyway), of course this raises the question again to which extend 3th parties influence the behaviour of mailservers. I'm pretty interested in what happened at securitysage (quite an established blacklist if I'm not mistaken), if it wasn't really "down" and was blacklisting all clients that would make this a bigger issue from my point of view.
Mar 14 11:01:03 hostname postfix/smtpd[28035]: NOQUEUE: reject: RCPT 
>from hostname[ip]: 554 5.7.1 Service unavailable; Client host 
[hostname] blocked using blackhole.securitysage.com; 
from=<address@addresss.com> to=<address@address.com> proto=ESMTP 
It is quite useless to paste (sections of) logfiles, while munging most
of it. I could have come up with this line myself. The most important
part has been munged as well: the connecting IP address which has been
checked against the blackhole.securitysage.com rbl.
Since it is clearly an issue that is not related to a specific host, since multiple systems (inbound and servers) had the same problem I do not find it usefull or necessary to disclose that information. Also see the email below I received from securitysage (can also be found on the wiki link):



We have received e-mails from you telling us that some specific domains are blacklisted using blackhole.securitysage.com. None of your domains are blacklisted. Our RHSBL server stopped responding last night and we have worked starting at 6:00 AM local time to fix this issue. We figured out it was a DNS problem and it has been fixed since 9:00 AM.

Because it was a DNS issue it will take 4 to 24, maximum 48 hours to replicate the changes that we made to all DNS servers in the world.

We apologize for the inconvenience and we want to assure you that we are doing our best to prevent this from happening in the future.

We appreciate your patience and your understanding.

Best regards,


Tech Support Team

SecuritySage Inc.

Best regards,

Reply to: