RE: [swinog] UCEProtect Blacklist -- join the club
Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Everyone is going crazy about security, so you're likely to see a proliferation of providers offering to maintain blacklists, who will do it badly. There is already plenty of such lists - I don't think the number is likely to grow a awful lot. Much better would be to let the users determine what is spam and what is not, getting the ISP out of the role of having to play judge on a topic they don't master. Nah, leave the spam-filtering to us :-) The user and the ISP both have better things to do. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
On Wed, 2007-11-07 at 10:54 +0100, Per Jessen wrote: commercial Nah, leave the spam-filtering to us :-) The user and the ISP both have better things to do. /commercial :-D - Dan ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
Per Jessen wrote: Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Uh, sorry - I overlooked that you said shared. Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
I'm far ahead of you -- I already knew all this, and have done all the right steps. The server uses strictly SMTP_AUTH; it has not been compromised beyond the account details of the spammer being circulated. The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. Instead, they have offered to set up a SMART host for me, but that hasn't happened yet. Perhaps this would be a good insurance line -- insuring against Rufmord from all these neighbourhood network grannies. But I somehow feel that dealing with the insurance Bürokraten would be worse than dealing with these issues by finding ways to protect from SPAM that don't involve hiring a bunch of self-appointed busybodies to strategically misinterpret actions and blackmail money out of people who add value by creating arbitrary sets of losers. Are we talking about mature individuals here? The ETH should know better than to be using such people anyway -- I have informed them of the problem. Charles -Original Message- From: Per Jessen [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 12:03 PM To: swinog@lists.swinog.ch Subject: RE: [swinog] UCEProtect Blacklist -- join the club Per Jessen wrote: Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Uh, sorry - I overlooked that you said shared. Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist -- join the club
Hello Charles Charles Buckley wrote: The ETH should know better than to be using such people anyway -- I have informed them of the problem. At ETH Zurich it depends to which subdomain you are sending e-mail, because some departments run their own mail server with their own policies. But I guess most others depend on the mail service provided from Informatikdienste (ID). I once had a chance to attend a presentation of their mail setup (especialy the mx hosts with the spam and virus filtering) and therefore I know that they are using a few DNS Blacklists to drop mail at the smtp communication. But I don't remember which. Contacting the postmaster at ethz.ch should help. bye Fabian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
On Wed, 2007-11-07 at 12:29 +0100, Charles Buckley wrote: The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. As ISP you don't have to pay a fee for delisting at SORBS. Simply mail to [EMAIL PROTECTED] and tell them your ASN. Without ASN your mail will be dropped. Cheerio - Dan ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. Everyone is going crazy about security, so you're likely to see a proliferation of providers offering to maintain blacklists, who will do it badly. Much better would be to let the users determine what is spam and what is not, getting the ISP out of the role of having to play judge on a topic they don't master. -Original Message- From: Per Jessen [mailto:[EMAIL PROTECTED] Sent: Saturday, November 03, 2007 4:54 PM To: swinog@lists.swinog.ch Subject: Re: [swinog] UCEProtect Blacklist Xaver Aerni wrote: Wy is unproffesional, UCEprotect is blocking AS I think this isn't proffesional. Actually, UCEprotect is not blocking anything. They only provide the means for other people to do so. Anyone who uses UCEprotect level3 have been duly warned. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog