SORBS.NET - email RBL issues

Published: 2010-10-07
Last Updated: 2010-10-07 18:51:01 UTC
by Rob VandenBrink (Version: 1)
16 comment(s)

The email RBL service at sorbs.net seems to be having issues.  Christopher alerted us to the issue yesterday around 4pm EST - his servers were blocking all inbound mail from google and yahoo based on the sorbs database.  At the time we ran  a few queries, it seemed to be more of a database problem than an actual blocklist entry.  Since then it seems to have gotten worse, the main sorbs.net website is down as well. 

Two points:

1/ Tactically, if you are using sorbs.net to filter your email, you probably will want to temporarily modify your configs until they are back and in good health

2/ Strategically, putting all your eggs in one basket for anything in IT is not great.  Always architect core services so that they'll work if one component or another fails - everything breaks sometime, that's just life in IT.  Personally, I don't put a lot of faith in RBL services, but if I do use them for a client, normally I'll configure several of them (or at least 2), or even better, use the input from the RBL as only one factor in the "is it spam?" question that we need to ask for every inbound email. 

************** UPDATE ******************

It looks like this service was under a DDOS attack, they expect to be fully back in a few hours (as of 2:45-ish EST)

*******************************************

=============== Rob VandenBrink Metafore ===================

 

Keywords: RBL sorbsnet
16 comment(s)

Comments

Which "sorbs" are we speaking about. My mail servers are not blocking any more than usual from au.sorbs.net
We have experienced a DDoS attack today which was 'smart' we have mitigated it so the site is now operational if a user waits about 10-15 seconds for the response.

We have had reports that we have a database corruption, there is no evidence of that but to be safe we have emptied the DNS zone files and the rsync files until we can check the database for any possible errors. We expect this to be complete within 24 hours.

Michelle
We had several IPs in our static block getting rejected for being on the Dynamic IP lust (dul.dnsbl.sorbs.net), and more started getting rejected for being on smtp.dnsbl.sorbs.net, but they all seem clear at the moment.

Having multiple RBLs in use is fine, but if an RBL has problems in a way that causes incorrect rejections then it doesn't matter if you use just one, unless as said it is only one factor in the decision - but a lot of configs will reject if ANY RBL gives a rejection.
Same for us, we have been rejected by duhl since yesterday 20:00 CET with our entire network (static one, for sure).
We seem to be cleared for an hour by now, lets see if we get listed again if the zone files get filled up.
Horrible failure, thousands of mails have been rejected. Can't imagine what trouble this has brought to the big service systems like gmail, who have been affected as well.
Yeah, same here. Our company cannot email suppliers anymore!
The problem we experienced was that 127.0.0.1 was listed in smtp.dnsbl.sorbs.net (and the aggregate zone). This was causing sendmail all sorts of problems.
The problem we experienced was that 127.0.0.1 was listed in smtp.dnsbl.sorbs.net (and the aggregate zone). This was causing sendmail all sorts of problems.
Problem located (not the 127.0.0.1 issue) and is being resolved. More of an update when we locate the originating cause, but it appears the migration from SORBS1 to SORBS2 was to blame for the actual listing problems.
Problem located. Historical entries were migrated as current (historical is not identical to 'previously delisted' but the effect is the same.)

Database export still suspended whilst the problem is corrected.

I expect normal operations to resume within a few hours.

Michelle
between this incident, SORBS removal process, their dead-slow website and self-signed SSL cert - I dropped their service, plenty of other RDNSBLs to use out there.

Diary Archives