Friday, October 28, 2011

Spam filter blacklists and ISP DNS

This is something that i discovered a long time ago, however every once in a while i forget it's an issue and it bites me in the ass. If you implement a DNS Blacklist (DNSBL/RBL) or URL Blacklist (URIBL/URLBL), you better make sure that the DNS servers your mail server and/or spam software use are not trying to be smarter than they are.

I had a client where we recently deployed an exchange server on-site. Everything was tested and working fine, then the next day they inform us that all of their emails are going to their junk folders. So i pull up the logs, and sure enough every email is either getting caught in the DNS Blacklist or URI DNS Blacklist. The culprit in this case was Roadrunner's DNS servers.

During my investigation i sent a mostly blank email from Outlook through my Gmail account to see what it would do. Based on the debug logs, i found that (as it should) the spam filter (GFI MailEssentials in this case) extracted multiple URLs from my email. Most of them were nonsense (references to Microsoft classes), but one of them was causing the issue. The spam software had found that www.w3.org is listed on a SPAM URI Blacklist (multi.surbl.org) and so the message was deemed to be spam.

A little closer investigation found the following when looking it up:

> www.w3.org.multi.surbl.org
Server:  UnKnown
Address:  ::1

Non-authoritative answer:
Name:    www.w3.org.multi.surbl.org
Address:  204.232.137.207

As some of you may know w3.org are the people in charge of the standards for the web, so obviously their site is legitimate. As some of you may also note, DNS Blacklists are supposed to respond with localhost IPs (127.0.0.0/8), not a routable address. Sure enough, if you browse to that IP returned, you get a Roadrunner search page. This could be considered partially the fault of GFI for accepting it even though it's not a localhost address, but i'll blame Roadrunner in this case.

The solution for the client was of course to change their DNS servers to something else and clear the cache. I don't know how Roadrunner (and i know they're not the only one) can be so naive to think that they can just send people to a search page when they're being stupid, but hopefully this will save someone a headache.
at No comments:

Tuesday, October 18, 2011

Adtran Total Access Console Wiring

So Adtran has a series of CSUs and Channel banks under the Total Access line that do not have the "modern" DB9 for accessing the console. As far as i can tell, this involves anything under the Total Access 600 series (600R, 604, 608, 612, 616, 624). I needed to get into one today but found that it only has an RJ45 "Craft" port, and none of my DB9/RJ45 adapters and cable combinations worked. I also found that the internet is plain wrong, and none of their solutions worked correctly, so i took it upon myself to figure it out. Note that the manual indicates that this is a proprietary adapter, however they were kind enough to give the pinouts of the unit itself.

Basically if you don't care about flow control, you can set it up pretty easily with just 3 wires. To make my life easy, i did this with a section of Cat5e and two RJ45 keystones, but you can easily adapt this to be an inline cable or something else.

The first thing i did was map out how my RJ45 to DB9 adapter was wired. I believe this is pretty standard (i checked a few of mine), but you may have to pull yours apart to make sure. In the table NC means not connected and i'm assuming that you are using EIA/TIA-568B for wiring.

DB9 PinRJ45 PinCat5e Color
1NC 
23Green/White
36Green
48Brown/White
55Blue/White
6NC 
77Brown
81Orange/White
9NC 


The next step was to make the adapter to work for this proprietary Craft port. I took the two keystones and a small length of Cat5e and did the following:

  1. Punch in one end as EIA/TIA-568B (Orange/White, Orange, Green/White, etc.)
  2. Punch in the other end as follows:
    Keystone PinKeystone ColorCable Color
    1Orange/WhiteBlue/White
    3Green/WhiteGreen/White
    5Blue/WhiteGreen

At this point use any straight-thru cable to go from the keystone to your adapter, and to the unit, and you should be done. Note that this is a basic implementation and does not provide flow control, so you will need to disable that. The settings you would want to use are 9600/1/none/none (baud/stop/parity/flow). Also note that this cable can't be reversed, the side terminated normally should plug into the Adtran.

In case anybody is interested, Pin 1 is the Ground, and Pins 3/5 are Transmit and Receive. In this case, the RJ45 Craft port on the Adtran uses 3 for RX and 5 for TX, so you have to swap those around for the sending side. Pins 2 and 8 are used for Flow Control which i did not wire in. Pins 4 and 6 are DTR (Data Terminal Ready) and CD (Carrier Detect) which i also left unattached.


Update: Here is how you would make it if you want to use a pre-made Cisco console cable (one of the teal RJ45 to DB9 ones). Still terminate the first keystone with EIA/TIA-568B, then use this pinout for the second one:

Keystone PinKeystone ColorCable Color
1Green/WhiteBlue/White
3GreenGreen/White
5BlueOrange/White

at No comments:
Subscribe to: Posts (Atom)