Illegal IPs

Discussion in 'Mail Chat' started by coolbeans, Jul 26, 2012.

  1. coolbeans

    coolbeans New Member

    Joined:
    Apr 23, 2012
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    In front of computer
    So, I got a dedi through seedhost.eu recently with a /27 and the range of IPs deliver, but spam assassin gives anything sent off them an instant 3.4 score for "RCVD_ILLEGAL_IP Received: contains illegal IP address".

    Paid just over $55 for that block of 32 IPs x_x Anyone else have issues with providers issuing IPs like this?

    Maybe there was fine print I failed to read, but sucks that providers can charge you for these IPs...:goodnight:
     
    coolbeans, Jul 26, 2012
    #1
  2. DaMadHatter

    DaMadHatter Active Member

    Joined:
    Mar 1, 2011
    Messages:
    722
    Likes Received:
    51
    Trophy Points:
    28
    Location:
    In the Void
    First time I have heard of something like that.

    However, little surprises me anymore now-a-days.

    :(
     
    DaMadHatter, Jul 26, 2012
    #2
  3. JohnFarrell

    JohnFarrell VIP

    Joined:
    Apr 13, 2011
    Messages:
    828
    Likes Received:
    35
    Trophy Points:
    0
    I'm guessing here, but it might be space that ARIN, RIPE, whoever historically held on to and then released because of IP depletion. If that's the case then someone needs to update their sa ruleset.
     
    JohnFarrell, Jul 26, 2012
    #3
  4. Jers81

    Jers81 VIP

    Joined:
    Apr 2, 2011
    Messages:
    98
    Likes Received:
    13
    Trophy Points:
    18
    Jers81, Jul 26, 2012
    #4
  5. DaMadHatter

    DaMadHatter Active Member

    Joined:
    Mar 1, 2011
    Messages:
    722
    Likes Received:
    51
    Trophy Points:
    28
    Location:
    In the Void
    JF actually makes a good point.

    It could be that the source IP's being cited by the O.P. are from a reclaimed range that was flagged as hijacked/zombies/defunct company. They then went back into the IP pool and given to a new ISP. Those are then reassigned, and not all of the DB's are updated. Especially if Haus or some BL has them as a "do not route" or alike.

    That said, we would need more details, assuming the source ISP actually knows the scoop or history.
     
    DaMadHatter, Jul 26, 2012
    #5
  6. coolbeans

    coolbeans New Member

    Joined:
    Apr 23, 2012
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    In front of computer
    The /27 they gave me is in this range: 5.135.x.x

    I'm not much of a networking guy but that doesn't appear to fall within this:

    0/8 Reserved
    1/8 Unallocated
    2/8 Unallocated
    7/8 Live allocation - US DoD
    127/8 Loopback range (excepting localhost 127.0.0/24)
    223/8 Unallocated
    224/4 Multicast

    WTF
     
    coolbeans, Jul 26, 2012
    #6
  7. JohnFarrell

    JohnFarrell VIP

    Joined:
    Apr 13, 2011
    Messages:
    828
    Likes Received:
    35
    Trophy Points:
    0
    There's more space that's considered bad, illegal, non-routable than that. Give me a few minutes and I'll see if I can find something.

    EDIT:

    It appears to have been allocated a little over a year and half ago and it doesn't appear on the SH do not route list.

    http://community.logmein.com/t5/Hamachi/Hamachi-and-the-5-0-0-0-8-netblock/td-p/55826 <= appears that some device used that space when it was unallocated like jackasses and it caused problems for it's users.

    Based on some older posts about spamassassin that predate the RIPE allocation people recommended blocking that /8. It does appear to me at least that's the issue (really really old sa rules). There's not much you or anyone can do about that.

    Probably not what you wanted to hear, but at least it's not something you did wrong.
     
    Last edited: Jul 26, 2012
    JohnFarrell, Jul 26, 2012
    #7

Share This Page