At 01:49 PM 11/28/00 -0600, Bob Tanner <tanner at real-time.com> wrote: >I think ORBS is wacked! > >They have RSS'd lists.securityfocus.com [207.126.127.68], which I believe is >BUGTRAQ, right? > >Nov 28 13:20:38 enchanter sendmail[6094]: eASJKci06094: ruleset=check_rcpt, >arg1=<tanner at real-time.com>, relay=pub3.rc.vix.com [204.152.186.34], >reject=553 >5.3.0 <tanner at real-time.com>... Open spam relay at 204.152.186.34 - see >http://www.orbs.org > >Yet, going to ORBS web site I get the following: > >Database Check - 204.152.186.3 > >204.152.186.3 is not in the main automated open relay database ORBS doesn't just list open relays -- it also lists networks who refuse to be tested. Refusal can be in the form of a request not to be probed or by simply blocking ORBS. In this case, there is an ongoing spat between ORBS and bugtraq's provider, Above.net. When you query ORBS you can tell whether a listing is due to an open relay or another condition by the value returned. 127.0.0.2 is for open relays, .3 is a manual entry, and .4 is untestable. This is the output for the IP in question: Query for 34.186.152.204.relays.orbs.org type=255 class=1 34.186.152.204.relays.orbs.org TXT (Text Field) untestable - above.net has multiple open relays and has blocked the ORBS tester. 34.186.152.204.relays.orbs.org A (Address) 127.0.0.4 <====< MAPS is in Above.net IP space so their IPs are also listed in ORBS. -- Mike, the guy down in Northfield who just subscribed today and is already delurking.