[BALUG-Admin] Spamtraps and http://www.uceprotect.net/en/rblcheck.php?ipr=96.86.170.229

[Rick Moen]

I wrote:

>   What does it mean to be listed at the UCEPROTECT-Level 1?
>   It means abusive activity was seen from IP 96.86.170.229 directly within
>   the last 7 days.
> 
>   Concrete allegation:
>   IP 96.86.170.229 tried to deliver mail to spamtraps.

Progress:  UCEPROTECT-Level 1 (and all other UCEPROTECT) DNSBLs no
longer list 96.86.170.229 .  This is reassuring!  It would be quite bad
if we had unknown spamtraps on the subscriber rosters.  I'm still a bit 
worried, in that it's troubling that at least one (allegedly) was _on_
the roster(s), raising (as I said) the troubling question of whether
there is a vulnerability permitting subscribing users without three-way
handshake confirmation.

Michael, I hope you will get around to confirming that the local config
to add a nonce (or whatever it's called) to the subscription POST data
is in place.  That is non-default.


https://multirbl.valli.org/dnsbl-lookup/96.86.170.229.html now shows a
subset of six out of the (if memory serves) nine recently showing.

Vexingly, the postmaster.rfc-clueless.org one for FQDN balug.org (and
thus for lists.balug.org) is still there, although I asked removal.
I _hope_ this means that removel request is still pending.


Michael, I would still appreciate your attention to the remaining 
entries on https://multirbl.valli.org/dnsbl-lookup/96.86.170.229.html .
Some, such as SORBs, really ought to be addressed by the system
siteadmin.  (Again, for SORBS, create a SORBS login.)