rbl.orbitrbl.com – Dead

Posted on by No Comments ↓

If you’re currently using rbl.orbitrbl.com for spam blocking or filtering, you should probably remove it from your configuration immediately.

Luckily this DNSBL was not widely used, and is not part of a default MDaemon configuration, so most MDaemon administrators will not need to take any action. If you do have MDaemon configured to use it, you’re currently seeing either timeouts or errors, and shortly you will find a majority of inbound mail will be flagged as spam.

Mark Jeftovic of EasyDNS recently posted the following to the mailop mailing list.

As some of you may know, we recently took over ZoneEdit.com and it’s customer base.

We’ve found a domain on the system: rbl.orbitrbl.com which is delegated to zoneedit nameservers, broken (it is not allowed to zone transfer from it’s designated master), unresponsive (account owner is not answering email, has an address in Sri Lanka and no telephone number), is using excessive queries (~ >500M queries per day on a “free dns” domain) and attracting repeated, multiple DDoS attacks.

As such, we will be wildcarding this zone and setting a long TTL fairly soon.

If you’re actually using this RBL in your MTAs, now’s a good time to stop. (this RBL is broken on 5 out of it’s 6 delegated nameservers across 3 separate providers).

I’d like to thank Mark for giving everyone advanced warning.

Mail stuck in Inbound queue on MDaemon 14.0.1?

Posted on by No Comments ↓

Are you seeing mail getting stuck in the Inbound Queue since upgrading to MDaemon 14.0.1?

There’s a few options:

  • Upgrade 14.0.2. This leaves your email stuck in the queue in the mean time, but I’m assured it will not be longNow available for download.
  • Downgrade to MDaemon 14.0.0. However, this leaves you exposed to the recently patched security vulnerability so I wouldn’t recommend it.
  • Under Setup | Preferences | Miscellaneous, uncheck the option for “Apply Content & Spam Filters to list mail before cracking individual copies”. This is functional, however, it will break archiving, and any per-recipient content filtering rules you have, so be sure to revert this option after Alt-N releases a patch.
  • Disable mailing lists. Since this only causes issues when you have active mailing lists, if you can temporarily disable your mailing lists, it will allow mail to flow until this is resolved.

If you do use the workaround, delete any remaining lock (.LCK) files from the \MDaemon\Queues\Inbound directory to get messages flowing again.

UPDATE: Literally the first email I received after clicking on “Post” was that MDaemon 14.0.2 has been released and is available for download now!

MDaemon security vulnerability (MD051314)

Posted on by No Comments ↓

The announcement from Alt-N is as follows:

MDaemon 14.0.1 fixes a critical security vulnerability in WorldClient. Versions going back to 13.0.0 are affected, so we’ve also released updates for them (13.6.3, 13.5.3, and 13.0.6).

More information and download links can be found here:
http://www.altn.com/Support/SecurityUpdate/MD051314_MDaemon_EN/

If you’re running MDaemon 13 or MDaemon 14 of any flavour, update to 14.0.1 if you’re upgrade protection permits, or if not, upgrade to 13.6.3, 13.5.3, 13.0.6 as soon as possible.