I'm using NextDNS with DNS Rebinding on. It claims to be blocking DNS rebinding from both Spamhaus and Spamcop. MW logs show both as working anyway. Does Mailwasher use some local IP address? Anyone have an explanation?
Thanks
Origin spam triggers dns rebinding block
-
rusticdogru
Post
Re: Origin spam triggers dns rebinding block
Do the MailWasher logs show results coming in both True and False ? If MW can't get a connection it probably logs it just as a False result.
MailWasher also keeps a cache of results, under Settings >> Spam Tools >> Origin of Spam >> Options >> there is a slider there for how many days worth of results to keep, it will check this cache first.
MailWasher also keeps a cache of results, under Settings >> Spam Tools >> Origin of Spam >> Options >> there is a slider there for how many days worth of results to keep, it will check this cache first.
- steveshank
- Mystified Moa
Post
So, why does NextDNS believe that both spamcop and spamhaus are supplying Local ip addresses? My question is this: Is Mailwasher using a local address when it checks, not First Alert, but spamhaus and spamcop for some reason? First Alert is not doing this and does not have the conflict with NextDNS.
Re: Origin spam triggers dns rebinding block
Mailwasher logs show both true and false. These seem to be working whether blocked or not. What is supposed to be blocked, is a request from a dns server for a LOCAL address. The theory for blocking these is that there is no reason for us to request local addresses from an external dns server. This trick is used by malware to attack our routers and move through our local network.rusticdog wrote: ↑Wed Dec 30, 2020 2:02 pmDo the MailWasher logs show results coming in both True and False ? If MW can't get a connection it probably logs it just as a False result.
MailWasher also keeps a cache of results, under Settings >> Spam Tools >> Origin of Spam >> Options >> there is a slider there for how many days worth of results to keep, it will check this cache first.
So, why does NextDNS believe that both spamcop and spamhaus are supplying Local ip addresses? My question is this: Is Mailwasher using a local address when it checks, not First Alert, but spamhaus and spamcop for some reason? First Alert is not doing this and does not have the conflict with NextDNS.
-
rusticdogru
Post
Re: Origin spam triggers dns rebinding block
No MailWasher doesn't use a local, but the response code is in the format of 127.0.x.x which could be triggering things.
Here's a list of the 12.7.0.x.x replies that you can typically get https://www.spamhaus.org/faq/section/DNSBL%20Usage#200
Here's a list of the 12.7.0.x.x replies that you can typically get https://www.spamhaus.org/faq/section/DNSBL%20Usage#200
- steveshank
- Mystified Moa
Post
Re: Origin spam triggers dns rebinding block
Thanks. I've added both spamhaus and spamcop to my allow list in nextdns. It weirded me out getting hundreds of dns rebinding attacks.rusticdog wrote: ↑Thu Dec 31, 2020 12:51 pmNo MailWasher doesn't use a local, but the response code is in the format of 127.0.x.x which could be triggering things.
Here's a list of the 12.7.0.x.x replies that you can typically get https://www.spamhaus.org/faq/section/DNSBL%20Usage#200