Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.
On Fri, 8 Nov 2019 09:32:21 +0100 Matus UHLAR - fantomas wrote: > >> On 06.11.19 14:33, Mark London wrote: > >> >I was able to successfully add rules for spamrats and gbudb. > >> >Does anyone have experience with those? > > >On Thu, 7 Nov 2019 19:22:09 +0100 Matus UHLAR - fantomas wrote: > >> bad experience iirc. > >> > >> https://mail-archives.apache.org/mod_mbox/spamassassin-users/200904.mbox/<20090408151911.GA21449%40fantomas.sk> > >> > > On 07.11.19 18:54, RW wrote: > >This suggests you weren't using it correctly. A blocklist that > >contains dynamic IP addresses should be last-external. > > I wasn't using is at all, and those IP addresses were not dynamic... Then you are presumably referring to the spamrats dynamic address list, dyna.spamrats.com, rather than the spam.spamrats.com list mentioned in the original post.
Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.
On 06.11.19 14:33, Mark London wrote: >I was able to successfully add rules for spamrats and gbudb. Does >anyone have experience with those? On Thu, 7 Nov 2019 19:22:09 +0100 Matus UHLAR - fantomas wrote: bad experience iirc. https://mail-archives.apache.org/mod_mbox/spamassassin-users/200904.mbox/<20090408151911.GA21449%40fantomas.sk> On 07.11.19 18:54, RW wrote: This suggests you weren't using it correctly. A blocklist that contains dynamic IP addresses should be last-external. I wasn't using is at all, and those IP addresses were not dynamic... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. REALITY.SYS corrupted. Press any key to reboot Universe.
Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.
On Thu, 7 Nov 2019 19:22:09 +0100 Matus UHLAR - fantomas wrote: > On 06.11.19 14:33, Mark London wrote: > >I was able to successfully add rules for spamrats and gbudb. Does > >anyone have experience with those? > > bad experience iirc. > > https://mail-archives.apache.org/mod_mbox/spamassassin-users/200904.mbox/<20090408151911.GA21449%40fantomas.sk> This suggests you weren't using it correctly. A blocklist that contains dynamic IP addresses should be last-external.
Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.
On Wed, 6 Nov 2019, Mark London wrote: Hi - We got several hours of spam from the IP address 103.136.41.36 in India. Tarpit 'em. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The philosophy of gun control: Teenagers are roaring through town at 90MPH, where the speed limit is 25. Your solution is to lower the speed limit to 20. -- Sam Cohen --- 2 days until The 81st anniversary of Kristallnacht - disarmament enables genocide
Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.
On 06.11.19 14:33, Mark London wrote: I was able to successfully add rules for spamrats and gbudb. Does anyone have experience with those? bad experience iirc. https://mail-archives.apache.org/mod_mbox/spamassassin-users/200904.mbox/<20090408151911.GA21449%40fantomas.sk> -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site.
Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.
On 6 Nov 2019, at 14:33, Mark London wrote: Hi - We got several hours of spam from the IP address 103.136.41.36 in India.When I did a Multi-RBL check, the ip address was in the following databases: bl.emailbasura.org That one has been dead for years, and recently started "listing" the whole IPv4 space after the domain was re-registered by a domain speculator. You shouldn't even think of using it. Note that most if not all of the public multi-rbl check facilities get things wrong from time to time, and you should always use them for screening only, NOT for authoritative information. For example, somehow a few very popular sites learned of my private blacklist and I found out by a large volume of queries that I had no desire to ever answer. I tried asking the ones I could identify nicely to stop, but some ignored me. It eventually it got bad enough that I started answering them with pathological replies, listing the entire world but also including long-lived authoritative NS records that pointed at the loopback and TEST-NET. It helped a little... The point is simply that you should always check a DNSBL via a resolver that you control and that doesn't make a large volume of DNSBL queries to free DNSBLs. dnsbl.sorbs.net dns.spfbl.net spam.spamrats.com truncate.gbudb.net I think sorbs.net is a paid for service. Nope. Unless you are a very heavy user, it's free. At least I tried adding rules, but they weren't triggered. Are you sure that you're adding them correctly? I was able to successfully add rules for spamrats and gbudb. Does anyone have experience with those? Not really. I'm pretty sure that SpamRats is well-intentioned and honestly run, but I can't speak to their overall usefulness. I don't recall hearing of gbudb before this. After about 3 hours, the IP address finally appeared in barracudacentra.org, which spamassassin uses. Given the amount of traffic we were receiving, I'm surprised it didn't show up sooner on the other RBLs. Maybe you're special? :) -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.
fwiw - this has been blacklisted at invaluement for days. --Rob McEwen, invaluement.com On 11/6/2019 2:33 PM, Mark London wrote: Hi - We got several hours of spam from the IP address 103.136.41.36 in India. When I did a Multi-RBL check, the ip address was in the following databases: bl.emailbasura.org dnsbl.sorbs.net dns.spfbl.net spam.spamrats.com truncate.gbudb.net I think sorbs.net is a paid for service. At least I tried adding rules, but they weren't triggered. I was able to successfully add rules for spamrats and gbudb. Does anyone have experience with those? After about 3 hours, the IP address finally appeared in barracudacentra.org, which spamassassin uses. Given the amount of traffic we were receiving, I'm surprised it didn't show up sooner on the other RBLs. Thanks. - Mark -- Rob McEwen https://www.invaluement.com
Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.
Mark London skrev den 2019-11-06 20:33: Given the amount of traffic we were receiving, I'm surprised it didn't show up sooner on the other RBLs. maybe greylist all ips that is not on dnswl at all, say greylist 4 days, near to postfix default queue life time :=) reduce need for more sleeping rbls
Bombard by spam source in India that wasn't in any RBL used by spamassassin.
Hi - We got several hours of spam from the IP address 103.136.41.36 in India.When I did a Multi-RBL check, the ip address was in the following databases: bl.emailbasura.org dnsbl.sorbs.net dns.spfbl.net spam.spamrats.com truncate.gbudb.net I think sorbs.net is a paid for service. At least I tried adding rules, but they weren't triggered. I was able to successfully add rules for spamrats and gbudb. Does anyone have experience with those? After about 3 hours, the IP address finally appeared in barracudacentra.org, which spamassassin uses. Given the amount of traffic we were receiving, I'm surprised it didn't show up sooner on the other RBLs. Thanks. - Mark