Spamhaus under major dDOS
Late last night I, and a number of other folks, received mail from Spamhaus informing us of a major denial of service attack against their servers. The attack is so bad that the website and main mailserver is currently offline.
DNS services, including rsync and the mirrors, are up and running.
Spamhaus is working to bring the mailserver and website back up, and are hoping to have it up later today.
If there are any critical or particularly urgent SBL issues today, contact your ESP delivery team. The folks who were contacted do have an email address for urgent issues. This is not an address for routine queries, however, and most listees are going to have to wait until normal services are restored to have their listing addressed.
If there is something particularly urgent and your ESP or delivery team does not have a contact address, you can contact me an I can see what I can do.
UPDATE: Most of the IPs people have sent me are actually XBL/CBL listings. But right now the CBL webserver is responding slowly due to the DOS.
If you want to look up a listing without using the Spamhaus website you can use the “host” or “dig” command line tools. To do this reverse the digits in the IP address and append zen.spamhaus.org on the end.
So for the IP 10.11.12.13 you would query 184.108.40.206.zen.spamhaus.org
admin:~ laura$ host 220.127.116.11.zen.spamhaus.org
18.104.22.168.zen.spamhaus.org has address 127.0.0.4
admin:~ laura$ dig 22.214.171.124.zen.spamhaus.org
<<>> DiG 9.7.6-P1 <<>> 126.96.36.199.zen.spamhaus.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22991
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 22, ADDITIONAL: 0
;; QUESTION SECTION:
; 188.8.131.52.zen.spamhaus.org. IN A
;; ANSWER SECTION:
184.108.40.206.zen.spamhaus.org. 900 IN A 127.0.0.4
A return of 127.0.0.2 is a SBL listing.
A return of 127.0.0.4 is a XBL listing