Getting a list of .bid IP's
-
Tried to add the Zen Spamhaus list and got what I originally got when I tried it.
Says it cannot resolve zen.spamhaus.org and I can't resolve it with ping or any other tool.
-
@veldthui said in Getting a list of .bid IP's:
185.207.36.201
why not just block all of Turkey ;)
What comes out of their other than crap? ;) Just use pfblocker so some of those spam countries can not even talk to your mail server..
Do you do business with anyone in Turkey?
That IP is on a billion freaking blacklists
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a185.207.36.201&run=toolpage
If your mail server can not talk to black lists maybe you should be fixing that...
-
Along with what johnpoz is saying, I would never run a mail server without zen.spamhaus :) Plus there are a few others that will really help in limiting spam.... I would also move away from Exchange into something postfix based like Zimbra.
-
Zen does not appear to be active. Tried looking it up on the DNS and says it is down.
Moving away from Exchange is not an option as there too much money spent on it to simply ditch it. Others have help pay for this as well. As I said with the Edge Server IP block lists can be used but again it cost more license fees for what is basically a relay just to filter spam. If I can filter most of the spam then I am happy.
-
@veldthui said in Getting a list of .bid IP's:
Zen does not appear to be active.
Zen is not down, you query it with a reverse ptr like so:
56.234.122.212.zen.spamhaus.orgThen the response tells the mail server if its listed in the zen database based on the IP in the answer (ie: 127.0.0.11)
https://www.spamhaus.org/zen/ -
;; QUESTION SECTION:
;201.36.207.185.zen.spamhaus.org. IN A;; ANSWER SECTION:
201.36.207.185.zen.spamhaus.org. 60 IN A 127.0.0.3Yup there is your IP you posted which .3 mean
"Direct snowshoe spam sources detected via automation"What does your exchange box use for dns? You can not be using say google or something - they not going to allow that to work..
-
Ah thanks for explaining how the spamhaus works. No my exchange server uses the local DNS on my domain controller. When it can't find an answer it will forward which now goes to pfSense and out from there.
-
@veldthui said in Getting a list of .bid IP's:
now goes to pfSense and out from there.
And pfsense is resolving - or is pfsense set to forward?
Do a simple dig or nslookup - do you get an answer from zen.spamhaus.org? if not you need to figure out where the dns is breaking down..
But for example if I ask google the same question I get back
$ dig @8.8.8.8 201.36.207.185.zen.spamhaus.org ; <<>> DiG 9.12.3-P1 <<>> @8.8.8.8 201.36.207.185.zen.spamhaus.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48738 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;201.36.207.185.zen.spamhaus.org. IN A ;; AUTHORITY SECTION: zen.spamhaus.org. 9 IN SOA need.to.know.only. hostmaster.spamhaus.org. 1901082102 3600 600 432000 10 ;; Query time: 59 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Jan 08 15:02:55 Central Standard Time 2019 ;; MSG SIZE rcvd: 124Because they do not allow it to work that way.. You need to be asking them directly, if you need to forward vs resolving your stuff - then you could setup a conditional forwarder for spamhaus so that you ask their ns directly.
-
pfSense is doing the resolving. I was querying spamhaus wrong so my bad there.
However I have added Alienvault to my IP block list and have not had any spam for the last two days. Still getting stuff from my webserver provider from the control panel but working on that now. -
@veldthui said in Getting a list of .bid IP's:
and have not had any spam for the last two days.
Music to my ears :)
