John Summerfield schrieb: > Götz Reinicke wrote: >> Hi, >> >> I hope, somewone can point me into the right direction. >> >> Recently I added two blacklist-checks to our sendmail config: spamhaus >> zen and the list from the german computer magazin IX. > > First. an important distinction. These are not _blacklists_, they are > _blocklists_. You can use those lists to blacklist people.
I used this term: http://en.wikipedia.org/wiki/DNSBL; o.k. spamhaus.org speaks os "Block List" http://www.spamhaus.org/sbl/index.lasso and this page talks about DNS-Based blacklisting: http://www.technoids.org/dnsbl.html I think that's not that importend; next time, I'll use only the abbreviation DNSBL ;-) > > IP addresses get on the lists because people allege they get spam from > those sources. I suspect that they're mostly infected with malware and > 0wn3d by someone else. Yes, I did know that, but e.g. spamhaus.org/zen uses also "Policy Block List" - http://www.spamhaus.org/pbl/ - which block whole providers(!) ip ranges; e.g. 1und1.de, eplus-UMTS-Dialup IP ranges, arcor.de. And in this case it dosen't matter which IP you have out of this ranges. >> >> The good news: Spam has been about 70%-80%, now it is about 20%-30%. The >> bad news: A lot of our users have problems sendig mails from there dial >> up DSL or mobile phone network connections. I'v looked up there IPs and >> all where on the Black lists or the PBL from spamhaus. So was my Arcor >> IP last night :-) > > I'm not assuming anything about your users; their computers might be > infected and be out of their control, or they might have inherited the > bad reputation from someone else. In _your_ position, I'd assume > (without telling users it's their fault) that they are in need of a > safety check. I do assume that they're on the block list for good reason. The concerned computers including my own are save regarding firewall/antivirus-software and updates. The problem has been the PBL from spamhaus and not the SBLs ... >> >> The information from spamhaus is, to use SMTP Authentification >> (http://www.spamhaus.org/pbl/query/PBL042952). >> >> I thought, we do use TLS and smtp auth already, so I thought, users >> allowed to log in will be allowd to send. But I got the errormessage >> using Thunderbird 2, that our mailserver didn't support STARTTLS in >> combination with EHLO. > > My first suggestion is to require your Windows users to download and run > Microsoft's malicious software removal tool. > > You should also require them to not use administrator accounts for > everyday work. > > AV software is good too (but I don't use it[1]) > > My next suggestion is to send your email via your Internet Access > Provider's mail gateway. > > Your users' computers also needs to be configured to send mail through a > specific server rather than direct. > > There are network administrators who block IP addresses just because > they're used for dynamic IP. > > As far as possible, do not use Outlook, Outlook Express or Internet > Explorer. Instead, use Thunderbird and Firefox, or Seamonkey. Regardless > of how good the MS offerings are, viruses are mostly written to target > them, and don't work with the alternatives. > Thanks for the suggestions, which are mostly applied allready. We are an university with about 1.000 Users and some of your tips can be realised others can't. My problem was the fact, that sendmail checks the DNSBL faster than the authentification (which workde for about 4 years smoothly), so they where blocked by the PBL from spamhaus. (Without the PBL check everything was O.K. - so ...) Sendmail has a feature, which is used (and is disabled by default in my Redhat installation) in such situations: http://www.sendmail.org/m4/anti_spam.html -> FEATURE(`delay_checks'). Uncomment, rebuild sendmail.cf, restart sendmail -> everything is o.k. again. (And I have working DNSBL-checks now :-) ) /Götz -- Götz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail [EMAIL PROTECTED] Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Geschäftsführer: Prof. Thomas Schadt _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
