I don't have a false positive mailbox to skim.
I run Mail Avenger, which lets me run shell scripts
[...]
I run Spam Assassin. If SA thinks the mail is spam,
SMTP rejects it rather than saving it or deciding to
reject it later and having to send a bounce. That
for me, there's one problem
The solution for people on dynamic addresses (typically with some
generic and non-matching PTR record, though I haven't checked yours) is
likely to relay out through your ISP's mail server.
because of the way the DNS is put together, PTR records cannot be relied upon.
ownership of the DNS
The solution for people on dynamic addresses (typically with some
generic and non-matching PTR record, though I haven't checked yours) is
likely to relay out through your ISP's mail server.
because of the way the DNS is put together, PTR records cannot be relied upon.
ownership of the DNS
// rfc 2317 allows arbitrary cidrs to be delegated. so far,
// i've always been able to get reverse mappings set up
// for static addresses.
I think you've been lucky, or have been dealing with better ISPs.
Apart from my home ADSL line, I share a commercial SDSL with
some folks. We've got a /123
Charles Forsyth wrote:
this is all reminiscent of the nonsense of RFC1413
I think that people are finally ready to accept the fact that packets on the outdoor highway do not disclose the
intentions of their senders and that they contain no meaningful information about the identity of their
the problem is that spf only validates that the sender is an
allowed sender. this is ineffective against backscatter
attacks. i've gotten as many as 500 backscatter spam in 4 hrs.
so this is a significant issue for me.
So you're blocking mail from forsyth in order
to block spam bounces from
So you're blocking mail from forsyth in order
to block spam bounces from ?
I already told you how I solved this when it
happened to me, and it has been 100% effective
your solution for backscatter is a good one. but
how does it do against non backscatter? this
is also a significant
On 13-May-08, at 4:17 AM, erik quanstrom wrote:
what's a better idea. having an extra 6400 spam emails
is the problem. how to i solve this without using spamhaus?
I use Greylisting [1], and it's been really effective. No false
positives (so far), and 0 to 2 spam messages a day. All this
I use Greylisting [1], and it's been really effective. No false
positives (so far), and 0 to 2 spam messages a day. All this for a
mild ~15 minute delay on genuine emails (but only for the first time).
sites like plan9.bell-labs.com tend not resend email with prec. bulk
even when given a
your solution for backscatter is a good one. but
how does it do against non backscatter? this
is also a significant problem. generally 100
messages per day for me.
content-based filtering works fine for me.
am i an idiot for objecting to this?
i never said you were an idiot.
i said
your solution for backscatter is a good one. but
how does it do against non backscatter? this
is also a significant problem. generally 100
messages per day for me.
content-based filtering works fine for me.
how do you maintain content-based filtering without
spending time on it on a
On Tue, May 13, 2008 at 4:07 PM, erik quanstrom [EMAIL PROTECTED] wrote:
at work we have a barracuda box which seems to
be completely content based. it's false positive
rate is significant. so you actually need to skim
up to a hundred questionable messages per week.
more trouble than
please don't, or at least check spf before spamhaus.
the quality of their data is at best questionable,
and there is no (usable) way to correct it.
: re: [9fans] /n/sources/patch/spamhaus
From: Charles Forsyth [EMAIL PROTECTED]
Date: Mon, 12 May 2008 21:56:46 +0100
what leads you to say spamhaus's data is questionable?
well, i'm now on the list for the simple reason that i got a different
cable modem, which prompted a new IP address.
Failure).
The symptom was:
Mon May 12 21:57:03 BST 2008 connect to net!quanstro.net:
554 5.7.1 rejected: spamhaus: sh policy
=== 2/ (message/rfc822) [inline]
To: [EMAIL PROTECTED]
Subject: re: [9fans] /n/sources/patch/spamhaus
From: Charles Forsyth [EMAIL PROTECTED]
Date: Mon, 12 May 2008
// Althrought I'd like it to be different, blacklists are quite effective
// blocking spam. It's the best solution as long as we continue using SMTP.
This entirely depends how you prioritize things. If best and effective
are measured on what percentage of spam emails get blocked, yes,
services
please don't, or at least check spf before spamhaus.
the quality of their data is at best questionable,
and there is no (usable) way to correct it.
the problem is that spf only validates that the sender is an
allowed sender. this is ineffective against backscatter
attacks. i've gotten as
The botnets have ruined the sandbox forever.
On 5/12/2008 18:34, Charles Forsyth wrote:
well, i'm now on the list for the simple reason that i got a different
cable modem, which prompted a new IP address.
The solution for people on dynamic addresses (typically with some
generic and
18 matches
Mail list logo
