-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Heya List
I currently run a VPS which hosts both my mailserver and my tor relay / exit.
Recently I sent an email from this mailserver and had it bounce back. It seems the receiving mailserver subscribes to the spambot list CBL (http://cbl.abuseat.org) and denied it because my IP address was on that list. It's on that list since at some point a botnet talking through tor to its C&C server used my exit node to do so - The C&C server has since been replaced with a sinkhole. That was logged, my server was deemed infected and bam, I'm blacklisted.
The site that did the blacklisting kindly has a good description of what happended (including the sinkhole IP address) and allowed an automatic delisting. I'm able to update my exit policy so it doesn't happen again, however I'd like a somewhat more proactive approach.
So my question is - Does anyone know of a publicly available list of sinkholes created for botnets? If such a list exists I can dynamically update either my exit policy or firewall appropriately. Has anyone implemented such a system already?
(obviosuly this only works for sinkholed botnets - but if anyone knows how to stop all botnets I'm all ears....)
Cheers
Ramo