As part of any defense against the constant onslaught of spam most system administrators make use of DNS blacklist site such as spamhaus.org and spamcop.net. In fact, usually you use several sites in your dns blacklist to make sure you block as much spam as possible.

When good cops go bad

Yesterday, after about 12:00, our server stopped delivering mail. At first, being a Friday, we thought it was just a slow day but after an hour or so we knew something was wrong. A quick look in the log files revealed the following messages:

554 Service unavailable; Client host [xx.xx.xx.xx] blocked using relays.ordb.org; ordb.org was shut down on December 18, 2006. Please remove from your mailserver.;

A visit to google for this blacklist site revealed that they had decided to shut down in 2006, which is ok with me, but then they decided this month to start to reject all mail to force admins to change their configurations to files. Simply removing the site from the list solved the problem.

This seems like a really irresponsible move on their part. Why not simple just fail on dns lookup for their server or something like that? That way mail would still be delivered and they would suffer no ill effect. In the past we have removed sites when the dns look up fails. This way the system was updated and no mail was lost.

What is more annoying is that I know few system admins who will check there blacklist config on a regular basis. Every now and then they may look for better sites to add but hardly ever will they visit a blacklist provider on a regular basis to see if there is any interesting news. It just seems very irresponsible to me. If I was in the US I would sue! It effectively resulted in a denial of service attack.