rbl

/Tag:rbl

DNS Black List / RBL Checking in Python

Following on from performing basic DNS Lookups in Python, it’s relatively trivial to begin testing DNS Block Lists/Real Time Black Lists for blocked mail server IP addresses. To assist in preventing spam, a number of public and private RBLs are available. These track the IP addresses of mail servers that are known to produce spam, thus allowing recipient mail servers to deny delivery from known spammers. RBLs operate over DNS. In order to test a RBL, a DNS query is made. As an example, zen.spamhaus.org is a popular RBL. If I wanted to test IP address 148.251.196.147 against the zen.spamhaus.org blocklist, I would reverse the octets in the IP address and then append ‘.zen.spamhaus.org’, i.e. 147.196.251.148.zen.spamhaus.org. I then perform an ‘A’ record lookup on said host: root@w:~/tmp# host -t a 147.196.251.148.zen.spamhaus.org Host 147.196.251.148.zen.spamhaus.org not found: 3(NXDOMAIN) Excellent. IP 148.251.196.147 was not found in zen.spamhaus.org. NXDOMAIN is returned. Now, to take a known spammer’s IP: 144.76.252.9: […]

By | November 22nd, 2014|Python|2 Comments

Open relay mail server fail

After my near fail with a potential phone malware infection, the only thing that could top my week was an actual fail! I managed it in style by managing to publicly expose an open mail relay – talk about basics 101! I’ve been traveling pretty extensively over the last 6 months and frequently find myself on connections where port 25 outbound (SMTP) is blocked. So I’m sitting in an internet cafe in south Peru, on a connection sporting something like 64kbit down and 5kbit up. I’ve just beaten my worst latency record with a ping time of about 5 seconds to 8.8.8.8. I have 4 items sitting in my outbox and I’m wondering if they’re not going because the port is blocked, there’s an issue with my mail server, or whether they’re about to go at any minute but just can’t make it past the huge connection latency. (In case you were wondering, I’m just setting up my excuses!) Eventually some debugging with netcat and tcpdump lead me to confirm that port 25 is blocked. No problem, it’s my personal mail server after all, I’ll just set up a proxy listener on port 2525. With a one liner to execute simpleproxy, my mails start leaving and all is good. I daemonize simpleproxy for later and go and do something else. […]

By | July 14th, 2014|Security Consultant|0 Comments