HAM from their IP blocks over 3
years ago. Seems like they’ve turned a corner.
192.227.128.0/17
198.23.128.0/17
172.245.0.0/16
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
Looking at my spam block statistics, not a single IP I’ve reported to SoftLayer
over the last two years has been shut down. Is there any reason I shouldn’t
just block all their allocations and save myself some effort?
--
Jo Rhett
Net Consonance : net philanthropy to improve open source
On Oct 5, 2015, at 7:36 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
> Am 06.10.2015 um 04:33 schrieb Jo Rhett:
>> Looking at my spam block statistics, not a single IP I’ve reported to
>> SoftLayer over the last two years has been shut down. Is there any
>> reason
, and while it is capable it’s more than 15 clicks and manual hand
editing to send a report. The two key combinations was far easier to use.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
Team
I’m blocking 64.4.0.0/18 on all MX targets now, aren’t you?
--
Jo Rhett
+1 (415) 999-1798
Skype: jorhett
Net Consonance : net philanthropy to improve open source and internet projects.
one provides a place to report a spam
sent by Yahoo.
Nutshell: Yahoo no longer accepts spam reports. I am therefore blocking Yahoo
on every mail gateway for which I have control, and listing them in the Pink
Providers blacklist effective immediately.
--
Jo Rhett
+1 (415) 999-1798
Skype: jorhett
that we persistently get more spam from their
netblocks, because they are actively avoiding dealing with it.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
scores, but
that's because years of personal experience demonstrated near-zero value. As
I have it configured today it works well without having to mark anything ;-)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other
randomness
On Dec 19, 2009, at 9:23 AM, RobertH wrote:
you know, with all the duking it out on the list over some methods
and such,
where is Jo Rhett when you need him?
he was always short and to the point...
:-)
Eh? Whut? (in the manner of someone woken from sleep)
--
Jo Rhett
Net Consonance
looking at 3.3 carefully but nothing stands out.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
valid e-mail with
no text in it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
compile SA
rules, a package is created for the installed binaries. I don't see
the point myself since all the installed files are in a SA specific
directory.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Thiago Henrique
Network Administration
Digirati Networks
K8 Networks
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
: can't find symbol
command failed! at /usr/local/bin/sa-compile line 279, $fh line 3509.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
posted to it. Even non-
members can
read it all in archives.
He is acted as is common and expected. Others who, like you, don't
want private copies set Reply-To.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
of backscatter, Benny.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
sends
backscatter because he doesn't like the behavior, even though he could
easily configure his mailer so that when people hit reply it does what
he wants it to.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
several times now? I don't
understand why this thread continues.
Jo Rhett wrote:
On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote:
then stop cc me
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
tests=FM_FAKE_HELO_VERIZON,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass
the nature of the problem.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
anything that appears to be from the private network
that actually directly reaches my mail server. The mail server has no
ability to actually route a packet to that private network, so this is
clearly a forgery.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
On Jun 20, 2008, at 1:13 PM, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
irrelevant in scope)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
an IP
address which should never reach it?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
the
nature of the question.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
a forged IP
and I don't trust it.
why to accept connecctions from anything but host B ?
Because it's a public mail server which gets legitimate mail
connections from all over the world.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
. Is there a reason
not to do this?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
;-) This is why I want to avoid explicitly telling SA to
trust something it shouldn't if I can.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
reading the code it implies that maybe I should make
internal_networks explicitly defined (right now its implicit and
thus ==
trusted_networks) to be smaller than trusted networks. This will
probably solve my SPF problem
Because it's a public mail server which gets legitimate mail
connections from all over the world.
I mean, why to accept connections from anything other?
I don't understand your question. My only answer you quoted above.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy
the header address instead of
the envelope address.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
internal hosts cannot connect to the mail server directly. Any
10.x address that does connect to the mailserver is guaranteed to be a
spammer.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
are you defining external in this context? What prevents
me from trusting an external hosts?
I don't actually have any internal hosts -- no NAT, no firewall,
it's all outside. There's hosts I trust, but none that aren't external.
--
Jo Rhett
Net Consonance : consonant endings by net
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated
on
an internal rfc1918 network and routed through a trusted host.
On Jun 20, 2008, at 10:37 AM, Benny Pedersen wrote:
netconsonance.com. IN TXT v=spf1 ip4:64.13.134.178 ip4
On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted
host
Henrik K wrote:
Matt, you should know better. ;) It's
to the e-mail. If you read the
description of trusted hosts, that's clearly what the rule is meant to
do.
trusted_hosts should mean no, we really truly trust this host and
want everything it gives us
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
of hackery (although appreciate the
help) is kindof nonsense :-(
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
number of 10.x packets make their way to
our hosts.
belt-and-suspenders: Even if it's unlikely for a 10.x packet to reach
the host, why should I trust it?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
? Minimal requirement, minimal risk...
How exactly are these things not the way they should be?
If you mean something else, please explain.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
would think I'm doing it wrong?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
internal_networks to be less than trusted
hosts... that would likely fix it. But before I go configure it all
wrong tell me why this would be bad.
(no MX relays in our environment at all)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Obviously, putting 10/8 into the published SPF record makes no sense
at all, nor does adding 10/8 to the trusted_networks.
So... how can I say I trust Host B so much that I don't want to go
any farther for SPF checks?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy
that this was a lark.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
to be addressed to the same user as it's addressed from.
You've presented good logic for acceping mail from self to self. But
you haven't explained by using the AWL for mail from self to self is
better than not having it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open
make it an
option. I for one would turn it off since it would not improve
things here.
You are the first person to say so. Can you explain why?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 22, 2008, at 7:29 AM, Jonas Eckerman wrote:
Jo Rhett wrote:
I'm not -- my Treo delivers mail directly to my mail server. From
DHCP-assigned addresses all over the world. I enjoy travel ;-)
Then I guess you use authenticated SMTP for that.
The easiest way to handle this probably
is a hack much
like disabling a firewall and I won't do it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
, which includes the user's saved SMTP AUTH passwords.
Like I said, SA has saved our butt each time it happened. I wouldn't
say that without it having happened multiple times...
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 21, 2008, at 1:08 PM, mouss wrote:
I read every document on their website, and saw zero mentions of
this feature.
if you can't find the docs that others have read, and still accuse
them of lack of research, there is a word for this: ridiculous.
Jo Rhett wrote:
There's nothing
.
FYI: again, not affiliated and we're not using it either. But the
product is very well designed and it's a lot more clever/useful than
anything you're comparing it to.
I compare it to BarricadeMX and as I said, I think it is not so
clever.
Personal opinion.
Regards,
JP
--
Jo Rhett
Net
to do when an
unknown mail server contacts you is different in the approach.
greylist effectiveness is down to less than 10% effective at this
point, because the botnets know to retry now.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 20, 2008, at 10:51 AM, mouss wrote:
Jo Rhett wrote:
mouss, please do a little research
I did. I may get things wrong, and would be pleased to get
corrected. so please share your knowledge.
All I'm saying is that you're comparing what they are doing to things
which are not similar
?
tools/check_whitelist
Where can I find this? It's not in the Mail-SpamAssassin tarfile...
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Jo Rhett wrote:
Matt, how can I possibly get you to move past this unfounded
assumption that my trust path is broken and focus on the real
problem? The trust path is not broken, it's just fine.
On May 20, 2008, at 5:47 PM, Matt Kettler wrote:
Ok, then the AWL code is *SEVERELY* bugged
breaking our internal auth schemes, but I will be doing so.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 7, 2008, at 9:17 AM, mouss wrote:
what if he comes back later to the same MX, again and again (AFAIK,
this is the case with qmail)? mail will be lost.
snarky comment
Good. Time for qmail to die ;-)
/snarky comment
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy
not true with even some basic
reading. This clearly indicates a lack of research.
I accept your accusation about my research IF you can please point me
to a document on FSL's website which addresses slowing down TCP
sessions. I can't find it.
--
Jo Rhett
Net Consonance : consonant endings
statements about products you haven't researched.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
see them so that someone else reading the thread will know that
this isn't the overall impression of the list
you'd better take time learning what research is.
now we're down to insults. *plonk*
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other
read what's right
in front of them, not even asking that they search around. Your
insults are irrelevant to the topic here, and I won't put up with it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
the
responses. Bots already deal with slow replies, it's non-effective.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 21, 2008, at 1:44 PM, mouss wrote:
Good. Time for qmail to die ;-)
start by updating the RFCs.
The RFCs are, and have always been clear on how MX records are
supposed to be used.
Are you just a nonsense machine? The SA list's personal eliza run
through the borker?
--
Jo
On May 3, 2008, at 7:59 PM, Matt Kettler wrote:
Have you tried running one of the forged messages, and an actual
legitimate message through SA manually with the -D flag to see
what the trusted and untrusted hosts are, as SA sees it?
Yes. Many times. That's not the point of this thread.
I
Let's focus this on specific technical details:
1. How does AWL deal with forgery (other than by saving a /16 of the
source IP)
2. How can I easily see the AWL database for a given destination
address?
mouss, please do a little research before you go online attacking
people. Your statements about what work and don't have no backup, and
go against all existing evidence today, and yet you're blasting them
for lack of serious study. Try to do some yourself.
On May 19, 2008, at 11:46 AM,
On May 19, 2008, at 2:05 PM, Benny Pedersen wrote:
On Mon, May 19, 2008 20:18, Ralf Hildebrandt wrote:
To be fair (I'm testing it right now): It's easy to get running.
Right now the Tarpit and slowdown features cannot be had in Postfix,
so I'm giving it a spin.
give longer greylist times will
On May 19, 2008, at 11:43 PM, Koopmann, Jan-Peter wrote:
So yes: If their main benefit is tarpitting etc. then I agree it
probably is not worth the money or discussion.
Why is everyone willing to skip doing 5 minutes of research?
Mailchannels idea may not work for you. But it's worth doing
over self-self
messages. It seems too easy to forge, and no gain in doing so.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
sender. A few of my messages came from my other
accounts, many others (in the same spam run) came from people I
didn't know with the same lhs.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Apr 21, 2008, at 10:46 PM, Bob Proulx wrote:
Jo Rhett wrote:
Bob Proulx wrote:
Who to forge? The answer is Everyone! Any address that can be
You're going out of your way to miss the point. That's hard work
It is you who are missing the point. When spammers generate mail
from
.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
messages are equally magic
to SA, and it will never distinguish mail you sent as compared to
mail an outsider forged as you.
Yes, it knows the localhost received header is valid. Basics of SA
setup 101. Now can we return to the topic?
--
Jo Rhett
Net Consonance : consonant endings by net
Matt Kettler wrote:
There's
nothing in trusted networks, I don't trust anything...
Jo, that's impossible in spamassasin. You cannot have an empty trust, it
doesn't make any logical sense, and would cause spamassassin to fail
miserably.
I should rather have said trust is only localhost.
If
John Hardin wrote:
I'm only suggesting bypassing SA for mail that originates on the local
network and is destined to the local network.
No. I don't trust every user who can authenticate to this host to run
active anti-virus on their hosts. I scan all mail, everywhere.
And again, this
Bob Proulx wrote:
Who to forge? The answer is Everyone! Any address that can be
obtained from a spam-virus infected PC and any address that can be
harvested from a web page. Forge them all. They are (mostly) valid
email addresses and will pass sender verification. Send To: and From:
all of
Justin Mason wrote:
hmm, I'm not sure. It depends on your trusted_networks setting.
try running spamassassin -D and see what it logs...
I'm sorry -- feeling dense, how is this supposed to help? From the
headers quoted below you know what spamassassin is seeing. There's
nothing in
.
Easy to forge, but who to forge? Hard for a spammer to know who I
correspond with frequently. Myself is the only one a spammer could
guess.
Again, not debating its merits just the implementation.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other
at netconsonance.com
X-Spam-Flag: NO
X-Spam-Score: -0.72
X-Spam-Level:
X-Spam-Status: No, score=-0.72 tagged_above=-999 required=3.8
tests=[ALL_TRUSTED=-1.44, AWL=0.720]
From: Jo Rhett [EMAIL PROTECTED]
Subject: test awl
Date: 01 Apr 2008 13:14:00 -0700
To: [EMAIL PROTECTED]
X-Mailer: ChatterEmail
in having every possible mail account need
a setting like this manually inserted. That's why I'm asking about a
fix in the module...
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
in the module.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Received header
and goes to the previous one. That's why I asked the question about
which IP is used.
This is usually true, but forging your own address is trivial.
yep, but ip should still limit the problem very much
I agree.
--
Jo Rhett
Net Consonance : consonant endings by net
, reduce
the TTL on that record.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Mar 28, 2008, at 6:21 PM, Theo Van Dinter wrote:
On Fri, Mar 28, 2008 at 06:09:03PM -0700, Jo Rhett wrote:
I think that mail from self to self should be ignored by the AWL.
(it's harder to forged mail from a regular correspondent, so this
makes AWL more useful)
If you know the mail is from
. This is usually true, but forging your own address is
trivial.
On Mar 28, 2008, at 6:48 PM, Benny Pedersen wrote:
On Sat, March 29, 2008 02:09, Jo Rhett wrote:
I send myself a lot of email from my phone. So AWL properly scores
me well.
and the sender ip with a fuss of /16
I just got a piece
-Spam-Flag: NO
X-Spam-Score: -0.72
X-Spam-Level:
X-Spam-Status: No, score=-0.72 tagged_above=-999 required=3.8
tests=[ALL_TRUSTED=-1.44, AWL=0.720]
From: Jo Rhett [EMAIL PROTECTED]
Subject: test awl
Date: 01 Apr 2008 13:14:00 -0700
To: [EMAIL PROTECTED]
X-Mailer: ChatterEmail+ for Treo 6xx/700p
the reports to yourself first.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
correspondent, so this
makes AWL more useful)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
with Amavis/SA processes that much mail PER HOUR without
breaking a sweat. No MTA-level RBLs.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
force you to use their mail servers.
Some other data providers are now doing transparent proxy on outbound
e-mail. In short, the user can't always control that.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
means that the user will never know that their session
was intercepted.
Yes, this means man-in-the-middle is trivial. No kidding. Beat up
the mail client creators.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
, etc etc.
As more and more people do more and more of their e-mail from hand-
held devices, this problem only gets worse.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Sep 23, 2007, at 5:17 PM, Michael Scheidell wrote:
Anyone have an answer that isn't obvious?
I already said I can't put it on the proxy.
No, you didn't. You mentioned that as an option.
And stop being rude to people who answer the question you asked.
--
Jo Rhett
Net Consonance
://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
else I missed?
Any solutions other then take the proxy server out and replace it with
the SpamAssassin/MTA combo?
--
Jo Rhett
Net Consonance ... net philanthropy, open source and other randomness
and bayes are stored in MySQL
tables.
It seems to mostly help when it drops the message into a file for
clamav to scan.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
]:10024
Filtering the localhost generated mails.
But I donno if it's the right approach.
Any help appreciated
Cheers
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
of that module.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
way to (a) snap into sendmail without using a
separate front-end scanner and (b) had useful end-user tools for
managing spam controls.
That said, it does white/black/etc listing in its own databases, not
the SA ones, etc etc. So research it.
--
Jo Rhett
Net Consonance : consonant endings
more IO-intensive.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
1 - 100 of 277 matches
Mail list logo