Few months ago i periodically get into like 10 spam block lists. The problem remains.
I’ve build passive TAP monitoring to find some evidence and i can see nearly no unencrypted email traffic or other heavy traffic from my network at all. Instead i saw a lot of DNS requests.
They’re generated by turris router periodically running:
sh -c busybox nslookup some_ip_address
Like 10 times a second.
Is this built in functionality from turris security project?
Can I get into blocklists because of running a lot of DNS requests?
Does anyone see this behavior too?
thanks
Look at this topic. There is described a procedure how to disable DNS listening on Internet interface.
https://forum.test.turris.cz/t/opened-port-53-is-problem/2462/7
Opened DNS service on WAN interface can be abused. Maybe this is the reason why you are in spam black list.
Thank you very much. I’ve checked my connection with online dns server check tool and i indeed have DNS server exposed.
That’s not all. I’ve been reported as having insecure socks proxy in DroneBL database. This is probably due the emulated proxy services.
I’ve once used IRC client and i was probably scanned for ports while connecting. I’m not sure if this could got me into some of the blacklists.