Re: SORBS bites the dust
Arvid Picciani wrote: Michael Grant wrote: Unless I've missed a message... this is the 100th reply to this thread. This has to be one of the longest threads I've seen on this list in years. Shows there is much to discuss on this matter. Isn't there a generic spam related mailing list? There are many. -- J.D. Falk Return Path Inc http://www.returnpath.net/
RE: SORBS bites the dust
Any examples of such active lists? I suspect a few of us would be interested. -Original Message- From: J.D. Falk [mailto:jdfalk-li...@cybernothing.org] Sent: Thursday, 2 July 2009 4:54 AM To: users@spamassassin.apache.org Subject: Re: SORBS bites the dust Arvid Picciani wrote: Michael Grant wrote: Unless I've missed a message... this is the 100th reply to this thread. This has to be one of the longest threads I've seen on this list in years. Shows there is much to discuss on this matter. Isn't there a generic spam related mailing list? There are many. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: SORBS bites the dust
On Fri, 2009-06-26 at 21:06 -0400, Charles Gregory wrote: On Fri, 26 Jun 2009, LuKreme wrote: See, it all comes down to what you think 'legitimate' is. The recipient wants the e-mail. DUH. That's not my definition at all The very reason for my posting. You need not repeat yourself. . it's not even the definition of any mailadmin I've ever met. We reject mail users *want* all the time. It's our job. There is some mileage in that. Inappropriate use by staff mailing massive, unnecessary attachments around is once such policy. The recipients may well *want* these - but policies are often in place to limit them. That got a genuine laugh Sounds like something out of the BOFH series. Nope, sometimes people WANT email that is laden down with malware, viruses, executable files, web bugs, or other things that compromise the security of not just themselves, but of others. Yep - I've had users call up asking why they have not had a email with a file attachment they are expecting. You tell them It has a virus or It is not company policy to accept executable files by email but do they stop there. Oh no. They get the sender to try and forward it via Hotmail or to a webmail account. When that blocks it too, you see the sender try again - this time zipping it up and crap. So yes - there are occasions when mailadmins block mail that recipients want and it is correct to do so. The thread has drifted and seems to be starting to take on the roll of the Oxford English Dictionary of IT related Words. Legitimate mail? Just what is it? One man's legitimate is another man's illegitimate. One man's spam is another man's ham. I apply a simple formula. Legitimate mail comes from mail servers running on static IP's. These will not fall in a range assigned as Dynamic. They will not be listed in the PBL. The connecting IP will have - as a minimum - a PTR record. The contents of which I'm not fussed about - it just needs to exist. That will have me at least happy to 'listen' to what that server has to say before making a decision on the mail it is sending. I've dealt with small African businesses out in the bush operating mail servers over miles of knackered telephone lines on modems, and even they can manage to satisfy such basic requirements. If any other mail admin is not capable of doing this then I don't want a connection from them (I probably would not want them working for my organisation either - not if I relied on email for my business). Email has some similarities to snail mail. The onus is on the sender to ship it correctly and NOT on the recipient. The sender must package and address it correctly, put the right postage on it, and send it from the correct place if you want delivery attempted on time or at all. You would not expect your snail mail to be collected from a trash can and delivered, you would use a defined mail box or post office. Legitimate mail to me comes from a legitimate server as above. It's content will then be; 1. A reply to a mail we have sent 2. An order, enquiry or quote 3. A staff message or memo 4. A request for help There may be a few others, but legitimate mail will not generally be; 1. Someone trying to sell us something 2. Notifications of 'Special Offers' 3. Catch up mails from people we once bought a pencil from 4. From gmail, yahoo or hotmail. By far all I ever see from these providers is Spam. If someone really does *not* have access to any other form of email they can pick up the phone and call us and we can exempt them. I've yet to find a legitimate business use any of them as their primary email provider. Postini customers are also pushing their luck with the way the sending server never sends a 'QUIT' on the end of the session. This kind of sloppy crap is a different story but is mentioned to show that even so called professional email organisations can be sloppy and not do things as they should. Finally - and this is the point where it is specifically relevant to Spamassassin - it won't trip a set score in SA. There is no need for legitimate mail to score high with SA. That's my take on it and it works for us. We get the odd gripe from managers called 'Steve' and 'Barry' that they have not had the 200 meg of pictures from the weekend party. You know the kind - the self important 'rules are not relevant to me' kind. It is usually sufficient to remind them of the acceptable usage policy and that we are overstaffed.
Re: SORBS bites the dust
Unless I've missed a message... this is the 100th reply to this thread. This has to be one of the longest threads I've seen on this list in years. I have to say I have issues with your definition of legit mail. Many people do send mail to other people out of the blue for legit reasons other than having some previous relation with that person. 4. From gmail, yahoo or hotmail. These sites do provide an important service for people. Not everyone is tech savy to get their own domain name. If everyone had to use their ISP's domain name, think of the mess each time you change your ISP. But in general, there is definitely a grey area about what is and what isn't legit email and I have to say that spamassassin does do a pretty decent job much of the time sorting it out.
Re: SORBS bites the dust
Michael Grant wrote: Unless I've missed a message... this is the 100th reply to this thread. This has to be one of the longest threads I've seen on this list in years. Shows there is much to discuss on this matter. Isn't there a generic spam related mailing list?
Re: SORBS bites the dust
On 6/27/2009 10:55 AM, Arvid Picciani wrote: Michael Grant wrote: Unless I've missed a message... this is the 100th reply to this thread. This has to be one of the longest threads I've seen on this list in years. Shows there is much to discuss on this matter. Isn't there a generic spam related mailing list? spam-l.com
Re: SORBS bites the dust
On Sat, 2009-06-27 at 10:59 +0200, Yet Another Ninja wrote: On 6/27/2009 10:55 AM, Arvid Picciani wrote: Michael Grant wrote: Unless I've missed a message... this is the 100th reply to this thread. This has to be one of the longest threads I've seen on this list in years. Shows there is much to discuss on this matter. Isn't there a generic spam related mailing list? spam-l.com NANAE ?
Re: SORBS bites the dust
Quoting LuKreme krem...@kreme.com: On 25-Jun-2009, at 16:01, John Rudd wrote: People who complain that the PBL is blocking things that aren't spam kind of don't get the point of the PBL. The PBL's definition means that it will block non-spam. It should also block a lot of spam, but the fact that it will block ham is not an indictment of the PBL. It just means that people who complain about that fact don't understand the PBL. If only more people understood this. Thanks for the post John, you summarized it very well. If anyone ever whines about the PBL again, please repost. John Ruud's post needs to be in the faq. jp -- Simple compliance is a hacker's best friend @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com
Re: SORBS bites the dust
On 6/26/2009 4:07 PM, Jack Pepper wrote: Quoting LuKreme krem...@kreme.com: On 25-Jun-2009, at 16:01, John Rudd wrote: People who complain that the PBL is blocking things that aren't spam kind of don't get the point of the PBL. The PBL's definition means that it will block non-spam. It should also block a lot of spam, but the fact that it will block ham is not an indictment of the PBL. It just means that people who complain about that fact don't understand the PBL. If only more people understood this. Thanks for the post John, you summarized it very well. If anyone ever whines about the PBL again, please repost. John Ruud's post needs to be in the faq. http://www.spamhaus.org/pbl/index.lasso The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges.
Re: SORBS bites the dust
On 6/26/2009 4:18 PM, Charles Gregory wrote: These people are not without 'other solutions'. But they are making the best of a bad one. Is this enough to warrant down-scoring the PBL? I no longer think so. But just so we're clear, just because an ISP says that they have a 'policy' does not mean we can brush off the attempts by people to bypass being *stuck* with those ISP's as not really being 'legitimate'. There are always exceptions. what you do is your choice. your MTA or SA or whatever give you the choice to implement *your* policy. should we really keep on beating the dead horse, even in Spam-L .-) (that was for ChrisH .-)
Re: SORBS bites the dust
On Thu, 25 Jun 2009, LuKreme wrote: If only more people understood this. Thanks for the post John, you summarized it very well. If anyone ever whines about the PBL again, please repost. On 26.06.09 10:18, Charles Gregory wrote: Firstly, my thanks to all who commented. Based upon the weight of this information, I have upgraded my MTA to full 'zen' RBL checking. However, I would like to point out that there is a class of 'poor' internet users who want to send mail legitimately directly from their dynamic IP. These are people who either want to send more mail than their ISP's outgoing server permits, or wish to avoid additional fees from their ISP. Technically, yes, they are trying to get 'around' the policies of their ISP. But (by most notewrothy example) if they are outside the area for DSL service and *must* use the local cable high speed, and the cable company's pricing policy presumes that any sender of large volumes of mail simply 'must' be a commercial venture, immediately doubling the cost of the home internet connection to a 'business' one, then the operator of a small club mailing list may have no choice but to try and send their mail directly. Oddly enough, these users are often able to buy a static IP for a reasonable surcharge, so that they don't have issues with Dynamic IP blocklists, but then they can still run into the PBL if their cable company has sent in their IP ranges... These people are not without 'other solutions'. But they are making the best of a bad one. Is this enough to warrant down-scoring the PBL? I no longer think so. But just so we're clear, just because an ISP says that they have a 'policy' does not mean we can brush off the attempts by people to bypass being *stuck* with those ISP's as not really being 'legitimate'. There are always exceptions. Imho, the important question is, why such home user wants to send large amounts of mail, if (s)he can't find any (free) hosting that will allow him to do that, and, the main question, if (s)he pays enough to the provider, who in such case shares the rick of blacklisting in case of real spam outbreak. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Re: SORBS bites the dust
On Fri, 26 Jun 2009, Yet Another Ninja wrote: what you do is your choice. (nod) I've already made my choice clear, and would advocate the same for anyone else. My argument was only that we should not create a false sense of confidence that we will 'never' see legitimate mail come from a PBL-listed IP just because of the 'policy' basis. Some policies are just plain stupid. LOL But yeah, let's trashcan this one. I say again, thanks. - Charles
Re: SORBS bites the dust
On Fri, 26 Jun 2009, Matus UHLAR - fantomas wrote: Imho, the important question is, why such home user wants to send large amounts of mail Keep in mind, the definition of 'large' may be arbitrarily SMALL for some ISP's Maybe just 100 recipients. if (s)he can't find any (free) hosting . The club starts off with a mailing list of 50 members, on their Outlook Express addressbook. It grows over the years. It's 'easier' to just keep sending mail the same way. Normally, the ISP just adjusts the limit, but if they can't, or want to charge ridiculous money, then the user looks for the next easiest way to get the mail out. Use the 'packaged' mail server on their computer. Minimal learning curve, same usage, no changes to addresses, etc, etc. Yes, as I said, there are other solutions. Personally, when a list gets bigger than 100 people, I want to get it onto a Yahoo Group or other free list server so that I don't have to *manage* it. But for simple users whose lists have just *grown* I can see the possibility. (shrug) Advocated? No. Just aware and avoiding any sense of false confidence that the PBL is any more secure from inaccurate listings (taking care in this case to NOT atrbitrarily define the choices of the ISP as 'accurate' for all their users). But I think we were done here, weren't we? LOL - Charles
Re: SORBS bites the dust
Charles Gregory wrote: There are always exceptions. Those can send me (postmaster@) a mail (without beeing blocked) asking for whitelisting. The reject message contains a link explaining how to do that.
Re: SORBS bites the dust
On 26-Jun-2009, at 08:18, Charles Gregory wrote: On Thu, 25 Jun 2009, LuKreme wrote: If only more people understood this. Thanks for the post John, you summarized it very well. If anyone ever whines about the PBL again, please repost. Firstly, my thanks to all who commented. Based upon the weight of this information, I have upgraded my MTA to full 'zen' RBL checking. However, I would like to point out that there is a class of 'poor' internet users who want to send mail legitimately directly from their dynamic IP. These are people who either want to send more mail than their ISP's outgoing server permits, or wish to avoid additional fees from their ISP. Too bad. I will not accept mail from them. I have numerous checks in place to prevent users on dynamic IPs sending mail to me. Technically, yes, they are trying to get 'around' the policies of their ISP. But (by most notewrothy example) if they are outside the area for DSL service and *must* use the local cable high speed, and the cable company's pricing policy presumes that any sender of large volumes of mail simply 'must' be a commercial venture, immediately doubling the cost of the home internet connection to a 'business' one, then the operator of a small club mailing list may have no choice but to try and send their mail directly. Nope, there are other choices. You can use any mailserver to send your mail. that's what submission is for. You cannot use your dynamic connection as a mailserver because if you do, the majority of admins will assume you are a spammer. These people are not without 'other solutions'. But they are making the best of a bad one. Is this enough to warrant down-scoring the PBL? Not in my opinion. And for me, PBL is not a score, it is a flat-out blacklist with an instant rejection before the DATA phase of the SMTP transaction. I no longer think so. But just so we're clear, just because an ISP says that they have a 'policy' does not mean we can brush off the attempts by people to bypass being *stuck* with those ISP's as not really being 'legitimate'. There are always exceptions. No. There are NO circumstances under which it is OK for someone on a PBL (or non-PBL dynamic) connection to send email DIRECTLY to my mailserver. -- Well boys, we got three engines out, we got more holes in us than a horse trader's mule, the radio is gone and we're leaking fuel and if we was flying any lower why we'd need sleigh bells on this thing... but we got one little budge on those Roosskies. At this height why they might harpoon us but they dang sure ain't gonna spot us on no radar screen!
Re: SORBS bites the dust
On 26-Jun-2009, at 08:55, Charles Gregory wrote: we should not create a false sense of confidence that we will 'never' see legitimate mail come from a PBL-listed IP Yes, we will *never* see legitimate mail from a PBL-listed IP. See, it all comes down to what you think 'legitimate' is. According to my 'legitimate' it is definitionally impossible for legitimate mail to come to my mailserver from a PBL listed IP. -- Satan oscillate my metallic sonatas
Re: SORBS bites the dust
On Fri, 26 Jun 2009, LuKreme wrote: On 26-Jun-2009, at 08:55, Charles Gregory wrote: we should not create a false sense of confidence that we will 'never' see legitimate mail come from a PBL-listed IP Yes, we will *never* see legitimate mail from a PBL-listed IP. See, it all comes down to what you think 'legitimate' is. The recipient wants the e-mail. DUH. A common, simple definition, and in terms of warning people about the imperfections of *any* blocklist, it is the one that MATTERS. This does not mean you have a bad policy. Nor does it mean that the people breaking their ISP's policy necessarily deserve to be given special treatment. It means only that you are misleading people to make them think that they will never have *wanted* mail blocked by PBL. It has already happened. Will happen again. It is no different than some poor schmuck setting up their hosting and discovering they are in a spam-infested IP block. Doesn't mean their mail is 'not legitimate' because our policy agrees with spamhaus and blocks that whole range. Just means they are SOL. :) Legitimate. If you're so hung up on the word, you can HAVE it. I don't care. It's the *meaning* that matters. Not the *word*. My appeal is to not confuse people who have a broader colloquial understanding of the word. If someone is setting up their own mail filter, they should know what to expect. And what they should expect is to occasionally see someone complain about not being able to *receive* their 'legitimate' (by all common uses of the word) *wanted* e-mail because of PBL or some other list. You are, of course, welcome to argue with your users over the 'legitimacy' of the e-mail being sent to them. :) - Charles
Re: SORBS bites the dust
On 26-Jun-2009, at 14:54, Charles Gregory wrote: On Fri, 26 Jun 2009, LuKreme wrote: On 26-Jun-2009, at 08:55, Charles Gregory wrote: we should not create a false sense of confidence that we will 'never' see legitimate mail come from a PBL-listed IP Yes, we will *never* see legitimate mail from a PBL-listed IP. See, it all comes down to what you think 'legitimate' is. The recipient wants the e-mail. DUH. That's not my definition at all; it's not even the definition of any mailadmin I've ever met. We reject mail users *want* all the time. It's our job. A common, simple definition, and in terms of warning people about the imperfections of *any* blocklist, it is the one that MATTERS. Nope, sometimes people WANT email that is laden down with malware, viruses, executable files, web bugs, or other things that compromise the security of not just themselves, but of others. Just because the recipient WANTS it does not make it legitimate. Users also WANT to send 50MB (or 3GB) attachments via email. This does not mean you have a bad policy. Nor does it mean that the people breaking their ISP's policy necessarily deserve to be given special treatment. It means only that you are misleading people to make them think that they will never have *wanted* mail blocked by PBL. *wanted* mail is blocked all the time. What I say is that once a mail is received by the server, it is never discarded; before I accept it though, I will reject all sorts of mail for all sorts of reasons. People are free to get their emil elsewhere. Most people find that 'elsewhere' means hundreds of more spam messages every single day. I had one domain that was briefly hosted somewhere else. Their incoming mail jumped from ~200 messages a day to nearly 2,000 messages a day. They were completely overwhelmed with the mass of spam to the point that their Outlook Database on their windows machines was overwhelmed and corrupted itself. They lost all their email over the last three years. Fortunately for them, I had not deleted the maildirs off my server's backups, so they were able to move their domain back and recover almost all their mail. It has already happened. Will happen again. It is no different than some poor schmuck setting up their hosting and discovering they are in a spam-infested IP block. Doesn't mean their mail is 'not legitimate' because our policy agrees with spamhaus and blocks that whole range. Again, you have a differing opinion of legitimate than I do. I don't care. It's the *meaning* that matters. Not the *word*. Fine, then, the meaning. Your meaning is *wanted* and my meaning is mail from a verifiable source with a verifiable (fixed) IP, correct rDNS that is authorized to send mail and does not appear in the zen RBL. It also has to helo with a legitimate hostname and the rDNS cannot contain strings like 'pool' or 'dynamic' or 'dialup'. -- I have a love child who sends me hate mail
Re: SORBS bites the dust
On Fri, 26 Jun 2009 16:23:22 -0600 LuKreme krem...@kreme.com wrote: That's not my definition at all; it's not even the definition of any mailadmin I've ever met. We reject mail users *want* all the time. It's our job. ... Just because the recipient WANTS it does not make it legitimate. ... Fine, then, the meaning. Your meaning is *wanted* and my meaning is mail from a verifiable source with a verifiable (fixed) IP, correct rDNS that is authorized to send mail and does not appear in the zen RBL. It also has to helo with a legitimate hostname and the rDNS cannot contain strings like 'pool' or 'dynamic' or 'dialup'. Hmmm, does Godwin's law apply to comparison with the Soup-Nazi?
Re: SORBS bites the dust
On Fri, Jun 26, 2009 at 15:23, LuKremekrem...@kreme.com wrote: On 26-Jun-2009, at 14:54, Charles Gregory wrote: I don't care. It's the *meaning* that matters. Not the *word*. Fine, then, the meaning. Your meaning is *wanted* and my meaning is mail from a verifiable source with a verifiable (fixed) IP, correct rDNS that is authorized to send mail and does not appear in the zen RBL. It also has to helo with a legitimate hostname and the rDNS cannot contain strings like 'pool' or 'dynamic' or 'dialup'. It seems to me that this is legitimate messages vs legitimate hosts. Each mail admin, and organization, has to determine the cost of deciding how to handle the signal to noise ratio generated by different classes of hostss. When a given single host is submitting a high ratio of spam+viruses+phishing+etc. vs legitimate messages, at what point is the cost of accepting its messages no longer justified in order to obtain those legitimate messages? That's the question that motivates implementing Spam/Open-Relay/etc. type black holes at the SMTP level. PBL is similar, except that you're not considering a single host, you're considering an entire class of hosts (dynamic hosts, end client hosts, etc.), whose individual submission rates might be quite low, because they're being leveraged by a well run/configured botnet. But, the question is still the same: what is the value of accepting message submissions directly from those hosts, compared to the cost of doing so? Obviously my site targets dynamic hosts quite aggressively (we utilize both the PBL and the Botnet plugin). We've had VERY few complaints about Botnet. We've had ONE complaint about the PBL since we started using it (the minute it became available). Yet, implementing these measures significantly altered our spam/virus/etc. load. We feel the cost/benefit analysis doesn't justify letting those sites have direct access to our SMTP prompts. And, I say that as a site with LOTS of vocal don't block ANY of our mail!!! users. We don't have the most cooperative of user bases (we have users who have blocked our effort to save disk space by routinely cleaning old messages out of trash folders ... because they use their trash folder to store important messages *boggle*). Yet, we didn't get push back, nor a wide base of complaint, about this issue. It sounds like Charles' user base and cost/benefit analysis is different, and that's fine. But my point here is: legitimate isn't just something that varies from mail-admin to mail-admin, and user to user, it's also a difference in whether you're talking about messages vs submitting hosts. Blocking a host as being illegitimate doesn't mean it submits 0 legitimate messages. It means it doesn't submit enough legitimate messages to justify the number of illegitimate messages it is sending (or is likely to send, based upon whatever reputation/policy got it black listed). Just as with the definition of the PBL, the site admin needs to understand that block lists are about legitimate hosts, not legitimate messages.
Re: SORBS bites the dust
Am 2009-06-25 08:56:00, schrieb Matus UHLAR - fantomas: Why not? I do that and intentionally - I don't like receiving spam from companies that don't accept complaints... Hihi... [ '/etc/courier/bofh' ]- badfrom @hotmail.com badfrom @hotmail.de badfrom @hotmail.fr badfrom @live.com badfrom @live.de badfrom @live.fr badfrom @msn.com badfrom @facebookmail.com badfrom @facebook.com badfrom @badoo.com badfrom @email.dm2decisionmaker.com badfrom @mail.ustc.edu.cn badfrom @superhappypanda.com badfrom @pixelatedresource.com badfrom @perceivearound.com badfrom @mms.metropcs.net badfrom @thekidbase.com badfrom @familyfunmedia.com badfrom @sjwater.com badfrom @boatbibble.com badfrom @studiogazzara.it badfrom @spb.solidworks.ru badfrom @notesay.com badfrom @greatyarnmarket.com badfrom @newmediapoint.com badfrom @mymainserver.com badfrom @elixis.cccampaigns.com badfrom @lists.lifechangersusa.org badfrom @.cccampaigns.com badfrom @emv.com badfrom @.emv2.com This list is for ANY E-Mails on tamay-dogan.net because I have gotten OVER 12000 spams a day. Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ c/o Vertriebsp. KabelBW http://www.flexray4linux.org/ Blumenstrasse 2 Jabber linux4miche...@jabber.ccc.de 77694 Kehl/Germany IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ #328449886Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature
Re: SORBS bites the dust
On Fri, 26 Jun 2009, LuKreme wrote: See, it all comes down to what you think 'legitimate' is. The recipient wants the e-mail. DUH. That's not my definition at all The very reason for my posting. You need not repeat yourself. . it's not even the definition of any mailadmin I've ever met. We reject mail users *want* all the time. It's our job. That got a genuine laugh Sounds like something out of the BOFH series. Nope, sometimes people WANT email that is laden down with malware, viruses, executable files, web bugs, or other things that compromise the security of not just themselves, but of others. ROFLMAO - Now you're twisting the definition of WANT? Excuse me, my BS threshold just got exceeded. I'm outta here! -C
Re: SORBS bites the dust
On Fri, 26 Jun 2009, John Rudd wrote: It sounds like Charles' user base and cost/benefit analysis is different, and that's fine. Actually no, it's not. I arrive at the same cost/benefit analysis and have instituted the same general policy - I block all hosts on PBL. Thought I made that part clear. But my point here is: legitimate isn't just something that varies from mail-admin to mail-admin, and user to user, it's also a difference in whether you're talking about messages vs submitting hosts. Blocking a host as being illegitimate doesn't mean it submits 0 legitimate messages. It means it doesn't submit enough legitimate messages to justify the number of illegitimate messages it is sending (or is likely to send, based upon whatever reputation/policy got it black listed). (Charles nods enthusiastically) Exactly. It's the distinction between whether a filter to block all references to a specific brand of drug blocks a medical discussion about the drug. The filter has enforced the policy perfectly, but the *intent* to only block drug *ads* has led to a false positive. Likewise, the intent to block spammers by marking their hosts as illegitimate also blocks legitimate senders who have ended up in the IP block where they don't legitimatey belong. They are not in a legitimate place, but that doesn't stop them from *trying* to send legitimate messages. Thanks John! - C
Re: SORBS bites the dust
On Thu, 2009-06-25 at 09:16 +1000, Res wrote: On Wed, 24 Jun 2009, rich...@buzzhost.co.uk wrote: This is wrong. if you have evidence, show it. if not, stop spreading rumours. I have delisted an IP in the past, and I have been watching people trying to delist a block but without clues on how to do it... I have to agree with Mouss here. I've not tried with Sorbs but I used to get a ton of calls at Barracuda because people had ended up on their 'reputation' list. Charming calls in fact, often describe sexual acts my mother was alleged to perform in the vicinity of the devil. You agree with him but have never had to do it? Thats akin to trolling since you admit you speak without knowing first hand, I speak from first hand, and I wont lose any sleep over some ignorant clown who calls me a liar, however, any respect I had for that person is now out the window, I have no doubt that there might be 'spammer safe havens' that they have refused to de-list without payment, but they never demanded it from us, 2006 I think it was when one of our key servers got listed, once they were happy that we dealt with the (virus infected windows) customer, all was good, Matthew created us a login on their site so that we could see all the headers for any complaints, and deal with them promptly like we always did once we knew who they were. I agree with the point that getting delisted is probably not that difficult - but yes, as far as sorbs has gone I've not had to try. Therefore I related similar experience but appreciate that is not exact. Personally I have mixed views on charging for delisting. In some instances it would be appropriate and I would not dismiss it out of hand. Certainly for repeat offenders I think it would be highly desirable. I don't recall saying you were a liar anywhere and I'm glad you are not going to loose any sleep. I don't tend to loose sleep over people having hissy fits, throwing their toys out of their prams and suggesting people are 'trolls' because they don't like the opinions of others.
Re: SORBS bites the dust
On Wed, June 24, 2009 13:59, Per Jessen wrote: Blacklisting a large and serious hosting provider is just not serious and very bad for business. Benny Pedersen wrote: http://rfc-ignorant.org/tools/lookup.php?domain=yahoo.com http://rfc-ignorant.org/tools/lookup.php?domain=hotmail.com http://rfc-ignorant.org/tools/lookup.php?domain=gmail.com http://rfc-ignorant.org/tools/lookup.php?domain=aol.com http://rfc-ignorant.org/tools/lookup.php?domain=live.com you think WE block them ?, no thay block them self and users that use such domains dont know On 24.06.09 19:00, Per Jessen wrote: 1) I dunno who 'WE' are in this context. Please enlighten me. 2) I didn't include free email providers in my list of large and serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. 3) I wouldn't refer to rfc-ignorant as a blacklist - nobody with half a brain would block email just because of RFC ignorance on the part of the sender. Why not? I do that and intentionally - I don't like receiving spam from companies that don't accept complaints... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good.
Re: SORBS bites the dust
On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: Personally I have mixed views on charging for delisting. In some instances it would be appropriate and I would not dismiss it out of hand. Certainly for repeat offenders I think it would be highly desirable. Agreed, its one wya to make the admin team get off their ass. I don't recall saying you were a liar anywhere and I'm glad you are not Not you, Mouss implied it. hissy fits, throwing their toys out of their prams and suggesting people are 'trolls' because they don't like the opinions of others. if you jump on a bandwagon without first hand experience, thats *exactly* what you are, if you had experienced it first hand of course you become an authority on the subject in your your case, and your opinion matters as factual, but you by your own admission, you have not, and last I checked guilt by association was not a crime in modernised civil countries :) -- Res -Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
On Thu, 2009-06-25 at 17:41 +1000, Res wrote: if you jump on a bandwagon without first hand experience, thats *exactly* what you are, if you had experienced it first hand of course you become an authority on the subject in your your case, and your opinion matters as factual, but you by your own admission, you have not, and last I checked guilt by association was not a crime in modernised civil countries :) Indeed. I can only apologise for any offence or 'trolling'.
Re: SORBS bites the dust
On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: On Thu, 2009-06-25 at 17:41 +1000, Res wrote: if you jump on a bandwagon without first hand experience, thats *exactly* what you are, if you had experienced it first hand of course you become an authority on the subject in your your case, and your opinion matters as factual, but you by your own admission, you have not, and last I checked guilt by association was not a crime in modernised civil countries :) Indeed. I can only apologise for any offence or 'trolling'. LOL your a joke, you send this on list, yet send me a private email calling me a wanker.. LOL dont bother replying :) -- Res -Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
On Thu, 2009-06-25 at 18:24 +1000, Res wrote: On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: On Thu, 2009-06-25 at 17:41 +1000, Res wrote: if you jump on a bandwagon without first hand experience, thats *exactly* what you are, if you had experienced it first hand of course you become an authority on the subject in your your case, and your opinion matters as factual, but you by your own admission, you have not, and last I checked guilt by association was not a crime in modernised civil countries :) Indeed. I can only apologise for any offence or 'trolling'. LOL your a joke, you send this on list, yet send me a private email calling me a wanker.. LOL dont bother replying :) 4 things; 1. It's 'You're' a joke - not 'your' a joke 2. You could always try setting up your Mickey Mouse 'blocked using dnsbl.lan' restriction so it works properly LOL. 3. The day I give a shit about what an Australian spammer thinks of me, will be the day hell freezes over. 4. If that cap fits dude - wear it. *plonk*
Re: SORBS bites the dust
rich...@buzzhost.co.uk wrote: On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote: Benny Pedersen wrote: 2) I didn't include free email providers in my list of large and serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. My special award goes to 1and1. I get *so much* spam from their 'customers' that I block all of their ranges. I've come across many others who do the same. Really? Well, I can't afford that sort of thing, my customers would get up and leave pretty quickly. I guess when you are bottom feeding in the Hosting marketplace spammers will make use of your facilities. I think spammers will make use of whatever facilities they can get hold of, even if it's only until they're shut down by the hosting company. /Per Jessen, Zürich
Re: SORBS bites the dust
Matus UHLAR - fantomas wrote: On Wed, June 24, 2009 13:59, Per Jessen wrote: 3) I wouldn't refer to rfc-ignorant as a blacklist - nobody with half a brain would block email just because of RFC ignorance on the part of the sender. Why not? I do that and intentionally - I don't like receiving spam from companies that don't accept complaints... Why not?? - because you thereby block thousands of perfectly legitimate and non-spamming companies and individuals who happen to have a mail-admin who is a bit slow. Using rfc-ignorant for scoring is fine, but not for blocking. /Per Jessen, Zürich
Re: SORBS bites the dust
Arvid Picciani wrote: serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. whats the issue with hetzner? I'm a customer so i'd be very interested in any spam issue not beeing processed by them. There is no issue with Hetzner. Read my posting: Blacklisting a large and serious hosting provider is just not serious and very bad for business. /Per Jessen, Zürich
Re: SORBS bites the dust
On Thu, 2009-06-25 at 11:39 +0200, Per Jessen wrote: rich...@buzzhost.co.uk wrote: On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote: Benny Pedersen wrote: 2) I didn't include free email providers in my list of large and serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. My special award goes to 1and1. I get *so much* spam from their 'customers' that I block all of their ranges. I've come across many others who do the same. Really? Well, I can't afford that sort of thing, my customers would get up and leave pretty quickly. I have found the opposite to be true. When I have pointed out to my customers that using 1and1 is going to give *them* issues with deliverability of *their* email, they are often keen to find another provider. No small business wants the hassle of their mail getting dropped silently on the floor because of the provider they are with and it's a buyers market. I guess when you are bottom feeding in the Hosting marketplace spammers will make use of your facilities. I think spammers will make use of whatever facilities they can get hold of, even if it's only until they're shut down by the hosting company. Sure as eggs is eggs they will. It's relatively easy to block dynamic ranges and bots with confidence - this makes it attractive to look for 'cheap' hosts that off 'trials' to stage mailouts - and 1and1 fit that bill nicely. /Per Jessen, Zürich
Re: SORBS bites the dust
rich...@buzzhost.co.uk wrote: On Thu, 2009-06-25 at 11:39 +0200, Per Jessen wrote: rich...@buzzhost.co.uk wrote: On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote: Benny Pedersen wrote: 2) I didn't include free email providers in my list of large and serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. My special award goes to 1and1. I get *so much* spam from their 'customers' that I block all of their ranges. I've come across many others who do the same. Really? Well, I can't afford that sort of thing, my customers would get up and leave pretty quickly. I have found the opposite to be true. When I have pointed out to my customers that using 1and1 is going to give *them* issues with deliverability of *their* email, they are often keen to find another provider. No small business wants the hassle of their mail getting dropped silently on the floor because of the provider they are with and it's a buyers market. None of my customers _use_ 1and1 themselves (afaik), but they may very well be communicating with other legitimate businesses hosted by 1and or 1und1 (same company), which is why I can't just block 1and1. /Per Jessen, Zürich
Re: SORBS bites the dust
Matus UHLAR - fantomas wrote: On Wed, June 24, 2009 13:59, Per Jessen wrote: 3) I wouldn't refer to rfc-ignorant as a blacklist - nobody with half a brain would block email just because of RFC ignorance on the part of the sender. Why not? I do that and intentionally - I don't like receiving spam from companies that don't accept complaints... On 25.06.09 11:42, Per Jessen wrote: Why not?? - because you thereby block thousands of perfectly legitimate perfectly incompetent? and non-spamming companies and individuals who happen to have a mail-admin who is a bit slow. I wouldn't call not having abuse contact for years a bit slow especially for cases I warned the admin. Using rfc-ignorant for scoring is fine, but not for blocking. I have a policy of requiring postmaster abuse contact, so refusing ignorants it fine. They still can fix their behavior. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Two words: Windows survives. - Craig Mundie, Microsoft senior strategist So does syphillis. Good thing we have penicillin. - Matthew Alton
Re: SORBS bites the dust
On 25-Jun-2009, at 03:55, rich...@buzzhost.co.uk wrote: On Thu, 2009-06-25 at 11:39 +0200, Per Jessen wrote: rich...@buzzhost.co.uk wrote: On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote: Benny Pedersen wrote: 2) I didn't include free email providers in my list of large and serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. My special award goes to 1and1. I get *so much* spam from their 'customers' that I block all of their ranges. I've come across many others who do the same. Really? Well, I can't afford that sort of thing, my customers would get up and leave pretty quickly. I have found the opposite to be true. When I have pointed out to my customers that using 1and1 is going to give *them* issues with deliverability of *their* email, they are often keen to find another provider. No small business wants the hassle of their mail getting dropped silently on the floor because of the provider they are with and it's a buyers market. Yep. I'm not familiar with 1and1 specifically, but I've been in the position of having to tell someone that if they didn't move their domain and mail to a reliable and non-spam friendly host they were going to have a lot of mail not getting delivered. The most recent one was a friend of a friend who notice that the volume on his mailing- lists had been dropping steadily for months. I checked and his IP block was listed in several RBLs. Once he moved his domain his mailinglist recovered very quickly. It's sort of like a nice store that is in a really bad neighborhood. A lot of people will simply not go there, no matter how great the store is. you want the best access, you move to a nicer neighborhood. -- Bishops move diagonally. That's why they often turn up where the kings don't expect them to be.
Re: SORBS bites the dust
Could this thread be moved to spam-l ? Seems it has little to do with SA
Re: SORBS bites the dust
On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: 1. It's 'You're' a joke - not 'your' a joke Ah the classic sign of someone in defeat, has to nit pick someones grammer 2. You could always try setting up your Mickey Mouse 'blocked using dnsbl.lan' restriction so it works properly LOL. Actually, you were first blocked by a milter because your SPF record contains junk get someone with a clue to set it up for you your internal bloack list blocks this mail servers IP anyway, so pot kettle black, tosser. 3. The day I give a shit about what an Australian spammer thinks of me, will be the day hell freezes over. oh im a spammer now am I, awww poor widdle wicky, go cry to mummy, or tell someone who gives a fuck. -- Res -Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
How long will this go before Godwin's law finally kicks in? Now I'm just watching for the fun of it . Quoting Res r...@ausics.net: On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: 1. It's 'You're' a joke - not 'your' a joke Ah the classic sign of someone in defeat, has to nit pick someones grammer 2. You could always try setting up your Mickey Mouse 'blocked using dnsbl.lan' restriction so it works properly LOL. Actually, you were first blocked by a milter because your SPF record contains junk get someone with a clue to set it up for you your internal bloack list blocks this mail servers IP anyway, so pot kettle black, tosser. 3. The day I give a shit about what an Australian spammer thinks of me, will be the day hell freezes over. oh im a spammer now am I, awww poor widdle wicky, go cry to mummy, or tell someone who gives a fuck. -- Res -Beware of programmers who carry screwdrivers -- Simple compliance is a hacker's best friend @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com
Re: SORBS bites the dust
On Thu, June 25, 2009 15:08, Res wrote: On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: Actually, you were first blocked by a milter because your SPF record contains junk get someone with a clue to set it up for you http://old.openspf.org/wizard.html?mydomain=buzzhost.co.uksubmit=Go! remove ptr also, doom ? :) -Beware of programmers who carry screwdrivers beware of apple that did not want there phones to show comodore 64 games, i can just say nokia connecting people :) -- xpoint
Re: SORBS bites the dust
On 25.06.09 12:38, Yet Another Ninja wrote: Could this thread be moved to spam-l ? Seems it has little to do with SA spam-l was closed iirc ;-) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse
Re: SORBS bites the dust
Jack Pepper wrote: How long will this go before Godwin's law finally kicks in? Now I'm just watching for the fun of it . Yea, this is why when my bosses ask where I get my information I tell them from a closed forum. If they read the adolescent ramblings that got posted on email/spam lists they wouldn't allow us to use half the software we do. DAve Quoting Res r...@ausics.net: On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: 1. It's 'You're' a joke - not 'your' a joke Ah the classic sign of someone in defeat, has to nit pick someones grammer 2. You could always try setting up your Mickey Mouse 'blocked using dnsbl.lan' restriction so it works properly LOL. Actually, you were first blocked by a milter because your SPF record contains junk get someone with a clue to set it up for you your internal bloack list blocks this mail servers IP anyway, so pot kettle black, tosser. 3. The day I give a shit about what an Australian spammer thinks of me, will be the day hell freezes over. oh im a spammer now am I, awww poor widdle wicky, go cry to mummy, or tell someone who gives a fuck. -- Res -Beware of programmers who carry screwdrivers -- Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it. John Quincy Adams http://appleseedinfo.org
Re: SORBS bites the dust
On 6/25/2009 4:12 PM, Matus UHLAR - fantomas wrote: On 25.06.09 12:38, Yet Another Ninja wrote: Could this thread be moved to spam-l ? Seems it has little to do with SA spam-l was closed iirc ;-) yes and no it was taken over and its nice busy http://spam-l.com/mailman/listinfo
Re: SORBS bites the dust
Jack Pepper wrote: How long will this go before Godwin's law finally kicks in? It already did. 1. It's 'You're' a joke - not 'your' a joke Now I'm just watching for the fun of it Try IRC :-P
Re: SORBS bites the dust
DAve wrote: Jack Pepper wrote: How long will this go before Godwin's law finally kicks in? Now I'm just watching for the fun of it . Yea, this is why when my bosses ask where I get my information I tell them from a closed forum. If they read the adolescent ramblings that got posted on email/spam lists they wouldn't allow us to use half the software we do. One of my co-workers was recently talking as if he thought SpamAssassin was some businesslike organization we could negotiate with. I've been tempted to send him this thread. (Not sure what he wanted to negotiate /for/, either.) -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: SORBS bites the dust
On Thu, Jun 25, 2009 at 14:41, moussmo...@ml.netoyen.net wrote: James Wilkinson a écrit : If you mean “IP address that should not have been in the PBL but was”, that’s one thing. It’s a consistent definition, but not very useful for stopping spam. yes, the PBL may list blocks that contain networks which want to send mail directly, and which in principle, should be able to do so. but whatever decision you taéke here is difficult. if you say, I will only block those who I am certain are criminals, then some criminals will get in. I think part of the point, though, is that the PBL isn't _directly_ about stopping spam. The PBL is about stopping portions of the internet from sending email directly to hosts outside off their own organizations. The policy that is the P in PBL is (someone's) policy about who should or shouldn't be sending email directly to the internet at large. The PBL indirectly fights spam by keeping botnets from being able to spew to the internet, and creating choke-points in each organization through which that email will/should flow. But this is an indirect result. There will be plenty of things that the PBL blocks that are NOT spam, but are also not PBL false positives (in the sense that they are listed in the PBL and SHOULD be listed in the PBL, by the definition of what the PBL says it will list). People who complain that the PBL is blocking things that aren't spam kind of don't get the point of the PBL. The PBL's definition means that it will block non-spam. It should also block a lot of spam, but the fact that it will block ham is not an indictment of the PBL. It just means that people who complain about that fact don't understand the PBL. (and, people who block or score against PBL addresses in Received headers, instead of only doing it against direct MTA connections, probably also don't fully get the PBL) Anyway, my point in reply to you is that it's not a difficult stand/decision, as long as you understand what you're getting into. You don't target PBL hosts to block/score spam, you block the PBL hosts to enforce policies about who submits messages to whom. If you agree with that policy concept, it's an easy decision (you use it). If you don't agree with that policy concept, it's an easy decision (you don't use it). If you don't understand the policy concept, and you're just trying to use it to block spam and not block ham then the difficulty is that you're not using the right tool for the task at hand. That's not a difficult decision, that's a difficulty understanding the world in which you operate :-)
Re: SORBS bites the dust
James Wilkinson a écrit : mouss wrote (about the PBL): stop spreading FUD. if you know of false positives, show us so that we see what you exactly mean. a lot of people, including $self, use the PBL at smtp time. As usual, it depends on your definition of “false positive”. fully agreed. I personally find it bad to block any non spamming network. but sometimes, the only reasonable way to do this is via whitelists, and unfortunatley, you can't whitelist unknown senders. so yes, I do block some networks because I think they are too spammy (they may contain legitimate IPs). If you mean “IP address that should not have been in the PBL but was”, that’s one thing. It’s a consistent definition, but not very useful for stopping spam. If you mean “solicited and/or non-bulk email that would have been stopped by the PBL”, then I’ve seen a number of small Indian and Chinese companies who are unaware of a lot of things, including the existence of the PBL and that it’s a Good Thing to send email through a smart host with a consistent IP address and reverse DNS.¹ yes, the PBL may list blocks that contain networks which want to send mail directly, and which in principle, should be able to do so. but whatever decision you taéke here is difficult. if you say, I will only block those who I am certain are criminals, then some criminals will get in. whether you use them or not, lists that put some pressure on ISPs, networks, .. are good, and are necessary. some time ago, open relay was ok. now, you won't here much people saying but I want the freedom to relay... . yes, spammers are making us crazy ;-p Obviously, everyone’s email stream is different. Mine includes a commercially-significant amount of email from small companies in those two countries, and probably doesn’t include email from other countries where this takes place. just to make things clear. while I do use zen, my setup is not what one would call aggressive (I do complain about some networks, but I don't block them. but I do block snowshoe spammers too easily). I do get alien mail from some networks (and not even from Asia!), and while I have thought of comibing checks (x AND y AND z), I found solicited mail that matches every bad thing I wanted to mix in the rule! But by this definition, false positives do occur, and my company’s SpamAssassin installation has to try to handle them. James. ¹ Fortunately, they’re also unaware that signatures should be removed when replying. That, a standard corporate signature including company registration data, a standard domain in each Message-ID that doesn’t appear in public DNS, a few negatively-scored custom rules to detect these, and the AWL mean that once someone has responded to one of our emails, they get automatically whitelisted. So at least existing correspondents don’t get blocked.
Re: SORBS bites the dust
From: Res r...@ausics.net Sent: Thursday, 2009/June/25 06:08 On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: 3. The day I give a shit about what an Australian spammer thinks of me, will be the day hell freezes over. oh im a spammer now am I, awww poor widdle wicky, go cry to mummy, or tell someone who gives a fuck. And, Res, profanity is the effort of a weak mind to express itself. Now all of you pull your keyboard's plug. {^_^}
Re: SORBS bites the dust
On 25-Jun-2009, at 07:08, Res wrote: On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: 1. It's 'You're' a joke - not 'your' a joke Ah the classic sign of someone in defeat, has to nit pick someones grammer NB: it's spelt grammar -- There is a tragic flaw in our precious Constitution, and I don t know what can be done to fix it. This is it: Only nut cases want to be president.
Re: SORBS bites the dust
On 25-Jun-2009, at 15:41, mouss wrote: if you say, I will only block those who I am certain are criminals, then some criminals will get in. s/some/almost all/ -- Battlemage? That's not a profession. It barely qualifies as a hobby. 'Battlemage' is about impressive a title as 'Lord of the Dance'. PAUSE I'm adding Lord of the Dance to my titles.
Re: SORBS bites the dust
On 25-Jun-2009, at 16:01, John Rudd wrote: People who complain that the PBL is blocking things that aren't spam kind of don't get the point of the PBL. The PBL's definition means that it will block non-spam. It should also block a lot of spam, but the fact that it will block ham is not an indictment of the PBL. It just means that people who complain about that fact don't understand the PBL. If only more people understood this. Thanks for the post John, you summarized it very well. If anyone ever whines about the PBL again, please repost. I block the PBL at transaction because even if it's not spam, it is unauthorized mail as defined by the owner of the IP. This means the person on that IP has a legitimate NON-PBL method of sending mail, and if they want to communicate with me, they will use it. -- This is our music from the bachelor's den, the sound of loneliness turned up to ten. A harsh soundtrack from a stagnant waterbed and it sounds just like this. This is the sound of someone losing the plot making out that they're OK when they're not. You're gonna like it, but not a lot. And the chorus goes like this...
Re: SORBS bites the dust
On Thu, 25 Jun 2009, LuKreme wrote: On 25-Jun-2009, at 07:08, Res wrote: On Thu, 25 Jun 2009, rich...@buzzhost.co.uk wrote: 1. It's 'You're' a joke - not 'your' a joke Ah the classic sign of someone in defeat, has to nit pick someones grammer NB: it's spelt grammar yyyaan -- Res -Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
On Tue, Jun 23, 2009 at 02:34:05PM -0400, Charles Gregory wrote: On Tue, 23 Jun 2009, mouss wrote: When I did my research for setting up RBL's, I found old comparisons between RBL's that seemed to indicate that the spamhaus PBL and the spamcop lists had slightly higher levels of flase postives. stop spreading FUD. if you know of false positives, show us so that we see what you exactly mean. It's difficult to find current data. The original document I found, somewhere among old spamassassin wiki/forum files, was a decent comparison of the percentage FP's and FN's for many blocklists, but do you think I can find it now? :) I found *some* stats at http://stats.dnsbl.com which would seem to suggest that the spamcop database is now very accurate. Though I am somewhat hesitant to use spamcop as our own servers once had a brief listing with them (and it wasn't due to spam). Even so their stats all seem to be at least a year old? Still hoping to find something more recent and detailed Lets get serious. The only data you can trust is your _own_. Dont't shoot you and us in the foot by trying to find stats like this. Try them on your feed with logging. Al Iverson has his own way of calculating things. If you look at the some stats they make no sense like uceprotect-3 being near 0% etc.
Re: SORBS bites the dust
On Wed, 2009-06-24 at 00:07 +0200, mouss wrote: Res a écrit : On Tue, 23 Jun 2009, mouss wrote: payment were only needed for spam, not for dul not really :) despite what their site said/says.. its kind of a detterent i think sunno we never paid This is wrong. if you have evidence, show it. if not, stop spreading rumours. I have delisted an IP in the past, and I have been watching people trying to delist a block but without clues on how to do it... I have to agree with Mouss here. I've not tried with Sorbs but I used to get a ton of calls at Barracuda because people had ended up on their 'reputation' list. Charming calls in fact, often describe sexual acts my mother was alleged to perform in the vicinity of the devil. The conversation (typically) You are blocking my email - why? Your IP has been seen to send spam. How do I get delisted? How do you know you have been listed? I had a email message telling me so. What did the mail say? Nothing much - it had a link in it which I clicked on and it took me to Barracudacentral.org. Did you see the link 'Removal Request'? Yes. Did you try it. No. Please go and try it. Is there anything else I can help you with today? CLICK I doubt that Sorbs make it any harder - but I've not had to do it.
Re: SORBS bites the dust
50_scores.cf:score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3 50_scores.cf:score RCVD_IN_SORBS_DUL 0 1.615 0 0.877 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_HTTP 0 0.001 0 0.001 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_MISC 0 0.001 0 0.353 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_SMTP 0 # n=0 n=1 n=2 n=3 50_scores.cf:score RCVD_IN_SORBS_SOCKS 0 0.182 0 0.801 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_WEB 0 1.117 0 0.619 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_ZOMBIE 0 # n=0 n=1 n=2 n=3 On 23.06.09 14:50, Rosenbaum, Larry M. wrote: Notice that the SORBS spam sources list (the one that charged a delisting fee) is not used. I know. It's neither in dnsbl.sorbs.net agregate zone for some time. It was apparently removed indirectly because of the $50 delisting fee. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool.
Re: SORBS bites the dust
On Tue, 23 Jun 2009, mouss wrote: When I did my research for setting up RBL's, I found old comparisons between RBL's that seemed to indicate that the spamhaus PBL and the spamcop lists had slightly higher levels of flase postives. stop spreading FUD. if you know of false positives, show us so that we see what you exactly mean. On 23.06.09 14:34, Charles Gregory wrote: It's difficult to find current data. The original document I found, somewhere among old spamassassin wiki/forum files, was a decent comparison of the percentage FP's and FN's for many blocklists, but do you think I can find it now? :) The only FPs in PBL are IP addresses that don't really fullfill requirement that they should not send mail. E.g. mail that is not dynamic and ISP agrees it may send mail to destinations. I think that in case of yes you want mail from them should not be called a FP when those IPs are dynamic etc. The same applies for sorbs dul ... I found *some* stats at http://stats.dnsbl.com which would seem to suggest that the spamcop database is now very accurate. Though I am somewhat hesitant to use spamcop as our own servers once had a brief listing with them (and it wasn't due to spam). Got more info? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization.
Re: SORBS bites the dust
rich...@buzzhost.co.uk wrote: Some U.K. providers (such as Fasthosts Rackspace(UK)) never seem to get a listing for any of their ranges - which is interesting when you consider they are probably the largest providers of hosting in the UK and that Spamhaus hosts with one of them. Blacklisting a large and serious hosting provider is just not serious and very bad for business. /Per Jessen, Zürich
Re: SORBS bites the dust
On Wed, June 24, 2009 13:59, Per Jessen wrote: Blacklisting a large and serious hosting provider is just not serious and very bad for business. http://rfc-ignorant.org/tools/lookup.php?domain=yahoo.com http://rfc-ignorant.org/tools/lookup.php?domain=hotmail.com http://rfc-ignorant.org/tools/lookup.php?domain=gmail.com http://rfc-ignorant.org/tools/lookup.php?domain=aol.com http://rfc-ignorant.org/tools/lookup.php?domain=live.com you think WE block them ?, no thay block them self and users that use such domains dont know -- xpoint
Re: [sa] Re: SORBS bites the dust
On Wed, 24 Jun 2009, Matus UHLAR - fantomas wrote: somewhat hesitant to use spamcop as our own servers once had a brief listing with them (and it wasn't due to spam). Got more info? Sadly, we're dealing with my aging memory. :) While I cannot remember precisely, categorically it was a situation like: 1) A piece of junk that one of our users had forwarded to another server and then THE USER 'reported' the spam (which naturally had *our* IP at the top), or, 2) Someone 'reported as spam' a bounce from our server that had their address forged as sender (for some condition like 'full mailbox' which even now still sometimes generates a DSN rather than being rejected at the SMTP gateway). Admittedly we've made massive improvements to our systems since that time. We now filter at SMTP time, rather than have the filter in procmail which is bypassed by .forward, and I've put in extra mechanisms to catch as many of the 'full mailbox' type of conditions as possible at SMTP time. But whichever the case was, it still bothered me that this major blocklist seemed to have added our IP for a singular incident/report. I would expect there to be a minimal threshold for accidental or false reporting. Mind you, there is every chance that spamcop has upgraded their systems in the intervening years. All I have to go on is my experience. :) Anyways, there's what 'info' I have. I won't be surprised if it's not 'good enough' for anyone. If someone knows something improvements to their spam reporting, I would be interested. Thanks. - Charles
Re: SORBS bites the dust
Benny Pedersen wrote: On Wed, June 24, 2009 13:59, Per Jessen wrote: Blacklisting a large and serious hosting provider is just not serious and very bad for business. http://rfc-ignorant.org/tools/lookup.php?domain=yahoo.com http://rfc-ignorant.org/tools/lookup.php?domain=hotmail.com http://rfc-ignorant.org/tools/lookup.php?domain=gmail.com http://rfc-ignorant.org/tools/lookup.php?domain=aol.com http://rfc-ignorant.org/tools/lookup.php?domain=live.com you think WE block them ?, no thay block them self and users that use such domains dont know 1) I dunno who 'WE' are in this context. Please enlighten me. 2) I didn't include free email providers in my list of large and serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. 3) I wouldn't refer to rfc-ignorant as a blacklist - nobody with half a brain would block email just because of RFC ignorance on the part of the sender. /Per Jessen, Zürich
Re: SORBS bites the dust
On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote: Benny Pedersen wrote: 2) I didn't include free email providers in my list of large and serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. My special award goes to 1and1. I get *so much* spam from their 'customers' that I block all of their ranges. I've come across many others who do the same. I guess when you are bottom feeding in the Hosting marketplace spammers will make use of your facilities.
Re: SORBS bites the dust
serious hosting providers - I was thinking more of organisations such as 1and1, hetzner, rackspace etc. etc. whats the issue with hetzner? I'm a customer so i'd be very interested in any spam issue not beeing processed by them.
Re: SORBS bites the dust
mouss wrote (about the PBL): stop spreading FUD. if you know of false positives, show us so that we see what you exactly mean. a lot of people, including $self, use the PBL at smtp time. As usual, it depends on your definition of “false positive”. If you mean “IP address that should not have been in the PBL but was”, that’s one thing. It’s a consistent definition, but not very useful for stopping spam. If you mean “solicited and/or non-bulk email that would have been stopped by the PBL”, then I’ve seen a number of small Indian and Chinese companies who are unaware of a lot of things, including the existence of the PBL and that it’s a Good Thing to send email through a smart host with a consistent IP address and reverse DNS.¹ Obviously, everyone’s email stream is different. Mine includes a commercially-significant amount of email from small companies in those two countries, and probably doesn’t include email from other countries where this takes place. But by this definition, false positives do occur, and my company’s SpamAssassin installation has to try to handle them. James. ¹ Fortunately, they’re also unaware that signatures should be removed when replying. That, a standard corporate signature including company registration data, a standard domain in each Message-ID that doesn’t appear in public DNS, a few negatively-scored custom rules to detect these, and the AWL mean that once someone has responded to one of our emails, they get automatically whitelisted. So at least existing correspondents don’t get blocked. -- E-mail: james@ | Top Tip: If you are being chased by a police dog, don’t aprilcottage.co.uk | try to get away by crawling through a tunnel, going onto | a little see-saw, and jumping through a hoop of fire. | They are trained for that, you see. | -- “Bystander”, London magistrate
Re: [sa] Re: SORBS bites the dust
Charles Gregory a écrit : On Wed, 24 Jun 2009, Matus UHLAR - fantomas wrote: somewhat hesitant to use spamcop as our own servers once had a brief listing with them (and it wasn't due to spam). Got more info? Sadly, we're dealing with my aging memory. :) While I cannot remember precisely, categorically it was a situation like: 1) A piece of junk that one of our users had forwarded to another server and then THE USER 'reported' the spam (which naturally had *our* IP at the top), or, 2) Someone 'reported as spam' a bounce from our server that had their address forged as sender (for some condition like 'full mailbox' which even now still sometimes generates a DSN rather than being rejected at the SMTP gateway). neither of these will et you listed on zen. zen is composed of - pbl: these are IPs that are not supposed to send mail. this is either decided by the ISP (then if you're listed, you know to whom to complain) or by spamhaus (this is when the ISP doesn't want to tell which IPs are dynamic/residential/...). - sbl: these are confirmed spammers. you don't end up here as a result of a misconfiguration. - xbl (cbl, njabl-proxy): these are infected boxes. you may get listed on spamcop though, but such a listing expires automatically unless the conditions are repeated. and I don't consider such a listing to be an FP. Admittedly we've made massive improvements to our systems since that time. We now filter at SMTP time, rather than have the filter in procmail which is bypassed by .forward, and I've put in extra mechanisms to catch as many of the 'full mailbox' type of conditions as possible at SMTP time. But whichever the case was, it still bothered me that this major blocklist seemed to have added our IP for a singular incident/report. I would expect there to be a minimal threshold for accidental or false reporting. if you talk about spamcop or cbl, you really need to reread how they work. it is good even for you that they list you if they detect bad behaviour. this gives you a chance to fix the problem. (I had this with one IP, that I finally decided to block myself). Mind you, there is every chance that spamcop has upgraded their systems in the intervening years. All I have to go on is my experience. :) spamcop has changed few years ago (3 years?). so if you're talking about an old incident, then it's no more relevant. Anyways, there's what 'info' I have. I won't be surprised if it's not 'good enough' for anyone. If someone knows something improvements to their spam reporting, I would be interested. Thanks. I don't use spamcop at smtp level, because I know they block some networks I want mail from, but the block is understandable (large university where one of the internal dept has its own relay, which can't be disabled for now, and which has a bogus list mgmt software that can't yet be kicked off. in short, the block is bad for the university in the short run, but it gives an argument to disable those old setups, which is the way to go).
Re: SORBS bites the dust
On Wed, 24 Jun 2009, rich...@buzzhost.co.uk wrote: This is wrong. if you have evidence, show it. if not, stop spreading rumours. I have delisted an IP in the past, and I have been watching people trying to delist a block but without clues on how to do it... I have to agree with Mouss here. I've not tried with Sorbs but I used to get a ton of calls at Barracuda because people had ended up on their 'reputation' list. Charming calls in fact, often describe sexual acts my mother was alleged to perform in the vicinity of the devil. You agree with him but have never had to do it? Thats akin to trolling since you admit you speak without knowing first hand, I speak from first hand, and I wont lose any sleep over some ignorant clown who calls me a liar, however, any respect I had for that person is now out the window, I have no doubt that there might be 'spammer safe havens' that they have refused to de-list without payment, but they never demanded it from us, 2006 I think it was when one of our key servers got listed, once they were happy that we dealt with the (virus infected windows) customer, all was good, Matthew created us a login on their site so that we could see all the headers for any complaints, and deal with them promptly like we always did once we knew who they were. -- Res -Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
LuKreme wrote: 42U of space seems a bit much though. I'd think a couple of Xserves could manage it quite well. I'm probably wrong though. 42U does sound like a lot of space, but imagine the hardware you'd need to serve an average of 350,000 DNS requests per second. (according to the website, SORBS does 30billion queries per day). /Per Jessen, Zürich
Re: SORBS bites the dust
Res wrote: On Mon, 22 Jun 2009, John Rudd wrote: You can wait 1 year ... or pay $50 to some approved charity. So, yes, you can not pay anything, if you're willing to wait a year. And if you do pay, you don't pay THEM exactly. But, it still remains that they expect some form of financial offset in order to get off their list in less than a year. http://www.au.sorbs.net/faq/spamdb.shtml Rubbish, we had one of ours in it a couple years ago, it took a couple emails and no more than a few days for removal, nothing paid either. Maybe it was better back then, but maybe a year ago I had the same problem and got NO response. Its death actually is good news because it means not so many innocent people will be able to be listed now. Best regards, Jeremy Morton (Jez)
Re: SORBS bites the dust
On Mon, 22 Jun 2009, Arvid Picciani wrote: rich...@buzzhost.co.uk wrote: It comes with great sadness that I have to announce the imminent closure of SORBS. crap ... sorbs is the only list I trust enough to have them at SMTP level. On 22.06.09 13:54, Charles Gregory wrote: In the past, I did some tests to determine which lists caught the most spam without FP's, and found that sbl-xbl.spamhaus.org (not the full 'zen' rbl), was catching over 90% of spam. 1. sbl-xbl is obsolete and may be removed in the near future. 2. Why not zen? I also use njabl, though lately it looks like it mostly overlaps with spamhaus, but the 'web' and 'dul' lists from sorbs are still catching a couple of 100 spam each day that were not caught by spamhaus. So I would really hate to see SORBS go. 3. the dul.njabl.org is obsolete and should not be used. It was imported to pbl.spamhaus.org and stopped being maintained. PBL is contained in zen. - Again, why not zen? IMPORTANT: If sorbs does not get picked-up by a new host, will SA developers be ready to roll-out an SA update to remove the sorbs rules, so that we don't suffer a bunch of timeouts? Or how does that work? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer.
Re: SORBS bites the dust
On Mon, 2009-06-22 at 19:40 +0200, Arvid Picciani wrote: rich...@buzzhost.co.uk wrote: It comes with great sadness that I have to announce the imminent closure of SORBS. The University of Queensland have decided not to honor their agreement with myself and SORBS and terminate the hosting contract. crap ... sorbs is the only list I trust enough to have them at SMTP level. rich...@buzzhost.co.uk wrote: Really? Personally I find the PBL just kicks its ass. People tended to bitch that sorbs charged for removal, but I can't say why they said that. On 22.06.09 23:01, Jeremy Morton wrote: You really can't? SORBS accidentally blacklist your domain. You then have to pay their tithe money to get people to start receiving your e-mail again. I say that sucks. BTW, it happened to my domain, I tried to contact them, and got one automated response e-mail. Nothing more. Good riddance to them. they don't accidentally blacklist. The $50 fee is/was only required for spam database you can get into only by spamming sorbs. And the spam was taken out of agregate sorbs blacklist long time ago. We were able to contact them and delist spamming IPs, not once -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N)
Re: SORBS bites the dust
On Tue, 23 Jun 2009, mouss wrote: payment were only needed for spam, not for dul On 23.06.09 11:07, Res wrote: not really :) despite what their site said/says.. its kind of a detterent i think sunno we never paid well, we've had out IPs in the DUL (i asked for listing them) and we got them removed by the instructions on their web... I have no proofs they don't delist from DUL if you fullfill their (imho proper) requirements anyway, this is getting way off topic. whatever you I think of how sorbs should have been run (and thinking != running), its death, if confirmed, is sad news. If it is confirmed it wil indeed be sad times, SORBS catches the most of the crap that comes in here -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They say when you play that M$ CD backward you can hear satanic messages. That's nothing. If you play it forward it will install Windows.
RE: SORBS bites the dust
On Mon, 22 Jun 2009, Arvid Picciani wrote: rich...@buzzhost.co.uk wrote: It comes with great sadness that I have to announce the imminent closure of SORBS. crap ... sorbs is the only list I trust enough to have them at SMTP level. In the past, I did some tests to determine which lists caught the most spam without FP's, and found that sbl-xbl.spamhaus.org (not the full 'zen' rbl), was catching over 90% of spam. I also use njabl, though lately it looks like it mostly overlaps with spamhaus, but the 'web' and 'dul' lists from sorbs are still catching a couple of 100 spam each day that were not caught by spamhaus. So I would really hate to see SORBS go. IMPORTANT: If sorbs does not get picked-up by a new host, will SA developers be ready to roll-out an SA update to remove the sorbs rules, so that we don't suffer a bunch of timeouts? Or how does that work? - Charles WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great organization while SORBS is a POS that helped give all blacklists a bad name. I don't know if SpamAssassin has ever used it. Jeff Moss
RE: SORBS bites the dust
On Tue, 2009-06-23 at 09:29 -0400, Jeff Moss wrote: WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great organization while SORBS is a POS that helped give all blacklists a bad name. I don't know if SpamAssassin has ever used it. I respect any block list for targeting those that abuse email systems and this includes sorbs and spamhaus. I do wonder (and I don't want to start a war here) if Spamhaus is totally above board or can get 'dirt in their eyes'. The reason I wonder is stuff like this in my logs appearing every day, day in day out. Never opted in. Addresses long since dead, asking to 'removed' just add more and more attempts. I grew so tired of spamhaus missing them, I set up a local blocklist zone in Bind to take care of them. It does make you wonder why they never seem to end up on any of the spamhaus lists. Perhaps they are brilliant list washers ? Jun 23 03:50:07 mail1 postfix/smtpd[5118]: NOQUEUE: reject: RCPT from mmx3.opticspace.co.uk[8.19.138.30]: 554 5.7.1 Rejected; mmx3.opticspace.co.uk blocked by ibl Jun 23 03:50:25 mail1 postfix/smtpd[5118]: NOQUEUE: reject: RCPT from nup2.newuniversepartners.com[8.19.136.53]: 554 5.7.1 Rejected; nup2.newuniversepartners.com blocked by localbl Jun 23 03:59:19 mail1 postfix/smtpd[5360]: NOQUEUE: reject: RCPT from cyb1.cyberbasket.co.uk[8.19.138.25]: 554 5.7.1 Rejected; cyb1.cyberbasket.co.uk blocked by localbl Jun 23 04:08:39 mail1 postfix/smtpd[5633]: NOQUEUE: reject: RCPT from mmx1.opticspace.co.uk[8.19.138.28]: 554 5.7.1 Rejected; mmx1.opticspace.co.uk blocked by localbl Jun 23 04:18:16 mail1 postfix/smtpd[5954]: NOQUEUE: reject: RCPT from top3.topcore.co.uk[8.19.138.12]: 554 5.7.1 Rejected; top3.topcore.co.uk blocked by localbl Jun 23 04:23:26 mail1 postfix/smtpd[6112]: NOQUEUE: reject: RCPT from ahead4.planaheadshop.co.uk[8.19.136.44]: 554 5.7.1 Rejected; ahead4.planaheadshop.co.uk blocked by ibl Jun 23 04:36:23 mail1 postfix/smtpd[6521]: NOQUEUE: reject: RCPT from ste2.virtualville.co.uk[8.19.138.7]: 554 5.7.1 Rejected; ste2.virtualville.co.uk blocked by localbl Jun 23 04:53:14 mail1 postfix/smtpd[7067]: NOQUEUE: reject: RCPT from gen2.generalsearchteam.co.uk[8.19.136.35]: 554 5.7.1 Rejected; gen2.generalsearchteam.co.uk blocked by localbl Jun 23 05:03:27 mail1 postfix/smtpd[7284]: NOQUEUE: reject: RCPT from cyb3.cyberbasket.co.uk[8.19.138.27]: 554 5.7.1 Rejected; cyb3.cyberbasket.co.uk blocked by ibl Jun 23 05:06:39 mail1 postfix/smtpd[7460]: NOQUEUE: reject: RCPT from nup2.newuniversepartners.com[8.19.136.53]: 554 5.7.1 Rejected; nup2.newuniversepartners.com blocked by ibl Jun 23 05:42:30 mail1 postfix/smtpd[8692]: NOQUEUE: reject: RCPT from inn15.innovatenow.co.uk[8.19.138.15]: 554 5.7.1 Rejected; inn15.innovatenow.co.uk blocked by localbl Jun 23 05:49:33 mail1 postfix/smtpd[8771]: NOQUEUE: reject: RCPT from ahead3.planaheadshop.co.uk[8.19.136.43]: 554 5.7.1 Rejected; ahead3.planaheadshop.co.uk blocked by ibl Jun 23 05:52:29 mail1 postfix/smtpd[8983]: NOQUEUE: reject: RCPT from top3.topcore.co.uk[8.19.138.12]: 554 5.7.1 Rejected; top3.topcore.co.uk blocked by localbl Jun 23 06:11:34 mail1 postfix/smtpd[9572]: NOQUEUE: reject: RCPT from cd1.createdirect.co.uk[8.19.138.21]: 554 5.7.1 Rejected; cd1.createdirect.co.uk blocked by ibl Jun 23 06:16:14 mail1 postfix/smtpd[9796]: NOQUEUE: reject: RCPT from exprod7og104.obsmtp.com[64.18.2.161]: 554 5.7.1 Rejected; exprod7og104.obsmtp.com blocked by ibl Jun 23 06:21:02 mail1 postfix/smtpd[9940]: NOQUEUE: reject: RCPT from top3.topcore.co.uk[8.19.138.12]: 554 5.7.1 Rejected; top3.topcore.co.uk blocked by localbl Jun 23 06:36:47 mail1 postfix/smtpd[10464]: NOQUEUE: reject: RCPT from now1.creditoptionsnow.co.uk[8.19.136.38]: 554 5.7.1 Rejected; now1.creditoptionsnow.co.uk blocked by localbl Jun 23 06:40:02 mail1 postfix/smtpd[10582]: NOQUEUE: reject: RCPT from mmx3.opticspace.co.uk[8.19.138.30]: 554 5.7.1 Rejected; mmx3.opticspace.co.uk blocked by localbl Jun 23 06:59:31 mail1 postfix/smtpd[11266]: NOQUEUE: reject: RCPT from mmx2.opticspace.co.uk[8.19.138.29]: 554 5.7.1 Rejected; mmx2.opticspace.co.uk blocked by localbl Jun 23 07:15:58 mail1 postfix/smtpd[11797]: NOQUEUE: reject: RCPT from gen3.generalsearchteam.co.uk[8.19.136.36]: 554 5.7.1 Rejected; gen3.generalsearchteam.co.uk blocked by ibl Jun 23 07:31:23 mail1 postfix/smtpd[12056]: NOQUEUE: reject: RCPT from nup1.newuniversepartners.com[8.19.136.52]: 554 5.7.1 Rejected; nup1.newuniversepartners.com blocked by localbl Jun 23 08:17:11 mail1 postfix/smtpd[13777]: NOQUEUE: reject: RCPT from web1.directenergyweb.co.uk[8.19.136.45]: 554 5.7.1 Rejected; web1.directenergyweb.co.uk blocked by ibl Jun 23 08:46:25 mail1 postfix/smtpd[14643]: NOQUEUE: reject: RCPT from web2.directenergyweb.co.uk[8.19.136.46]: 554 5.7.1 Rejected; web2.directenergyweb.co.uk blocked by localbl Jun 23 09:00:46 mail1 postfix/smtpd[15114]: NOQUEUE: reject: RCPT from web2.directenergyweb.co.uk[8.19.136.46]: 554 5.7.1 Rejected;
Re: SORBS bites the dust
On Mon, 22 Jun 2009, Arvid Picciani wrote: rich...@buzzhost.co.uk wrote: It comes with great sadness that I have to announce the imminent closure of SORBS. crap ... sorbs is the only list I trust enough to have them at SMTP level. In the past, I did some tests to determine which lists caught the most spam without FP's, and found that sbl-xbl.spamhaus.org (not the full 'zen' rbl), was catching over 90% of spam. I also use njabl, though lately it looks like it mostly overlaps with spamhaus, but the 'web' and 'dul' lists from sorbs are still catching a couple of 100 spam each day that were not caught by spamhaus. So I would really hate to see SORBS go. IMPORTANT: If sorbs does not get picked-up by a new host, will SA developers be ready to roll-out an SA update to remove the sorbs rules, so that we don't suffer a bunch of timeouts? Or how does that work? On 23.06.09 09:29, Jeff Moss wrote: WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great organization while SORBS is a POS that helped give all blacklists a bad name. sorbs makes good job, although there are some whiners not understanding the stuff... I don't know if SpamAssassin has ever used it. it still does: 50_scores.cf:score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3 50_scores.cf:score RCVD_IN_SORBS_DUL 0 1.615 0 0.877 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_HTTP 0 0.001 0 0.001 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_MISC 0 0.001 0 0.353 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_SMTP 0 # n=0 n=1 n=2 n=3 50_scores.cf:score RCVD_IN_SORBS_SOCKS 0 0.182 0 0.801 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_WEB 0 1.117 0 0.619 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_ZOMBIE 0 # n=0 n=1 n=2 n=3 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average.
Re: SORBS bites the dust
WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great organization while SORBS is a POS that helped give all blacklists a bad name. I don't know if SpamAssassin has ever used it. Jeff Moss All i read is OMG THEY BANNED MY COLORFULL OPT OUT NEWSLETTER111 Sorry i trust sorbs because they shield me from crap. Thats all i want.
Re: SORBS bites the dust
On Tue, 23 Jun 2009, mouss wrote: When I did my research for setting up RBL's, I found old comparisons between RBL's that seemed to indicate that the spamhaus PBL and the spamcop lists had slightly higher levels of flase postives. stop spreading FUD. if you know of false positives, show us so that we see what you exactly mean. It's difficult to find current data. The original document I found, somewhere among old spamassassin wiki/forum files, was a decent comparison of the percentage FP's and FN's for many blocklists, but do you think I can find it now? :) I found *some* stats at http://stats.dnsbl.com which would seem to suggest that the spamcop database is now very accurate. Though I am somewhat hesitant to use spamcop as our own servers once had a brief listing with them (and it wasn't due to spam). Even so their stats all seem to be at least a year old? Still hoping to find something more recent and detailed I think I will upgrade from using sbl-xbl to using 'zen' at the MTA level, as it seems to be universally recommended - Charles
Re: SORBS bites the dust
On Tue, 23 Jun 2009, Jeff Moss wrote: WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great organization while SORBS is a POS that helped give all blacklists a bad name. As an interesting side-note, when I went looking for fresh RBL stats I found a lot of indications that SORBS gets a lot more FP's than it used to (based on previous research, sorry I can't cite). I don't know if SpamAssassin has ever used it. There are SORBS rules in the default set, but they don't score very high. - C
RE: SORBS bites the dust
-Original Message- From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] IMPORTANT: If sorbs does not get picked-up by a new host, will SA developers be ready to roll-out an SA update to remove the sorbs rules, so that we don't suffer a bunch of timeouts? Or how does that work? On 23.06.09 09:29, Jeff Moss wrote: WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great organization while SORBS is a POS that helped give all blacklists a bad name. sorbs makes good job, although there are some whiners not understanding the stuff... I don't know if SpamAssassin has ever used it. it still does: 50_scores.cf:score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3 50_scores.cf:score RCVD_IN_SORBS_DUL 0 1.615 0 0.877 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_HTTP 0 0.001 0 0.001 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_MISC 0 0.001 0 0.353 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_SMTP 0 # n=0 n=1 n=2 n=3 50_scores.cf:score RCVD_IN_SORBS_SOCKS 0 0.182 0 0.801 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_WEB 0 1.117 0 0.619 # n=0 n=2 50_scores.cf:score RCVD_IN_SORBS_ZOMBIE 0 # n=0 n=1 n=2 n=3 Notice that the SORBS spam sources list (the one that charged a delisting fee) is not used. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average.
Re: SORBS bites the dust
rich...@buzzhost.co.uk wrote: On Tue, 2009-06-23 at 09:29 -0400, Jeff Moss wrote: WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great organization while SORBS is a POS that helped give all blacklists a bad name. I don't know if SpamAssassin has ever used it. I respect any block list for targeting those that abuse email systems and this includes sorbs and spamhaus. I do wonder (and I don't want to start a war here) if Spamhaus is totally above board or can get 'dirt in their eyes'. The reason I wonder is stuff like this in my logs appearing every day, day in day out. Never opted in. Addresses long since dead, asking to 'removed' just add more and more attempts. I grew so tired of spamhaus missing them, I set up a local blocklist zone in Bind to take care of them. It does make you wonder why they never seem to end up on any of the spamhaus lists. Perhaps they are brilliant list washers ? Same here - I see lots of these and they don't score on many lists (sometimes barracuda hits them). This is snowshoe spam from whole netblocks of throwaway domains trickled out at one per day from any one domain/IP. From what I see they only hit legitimate addresses that exist (or once existed) with no randomly guessed addresses. As you mention, they also monitor delivery success and ramp up once they find a live one. OTOH I've not really see much evidence to suggest they back off or go away when unsuccessful, i.e, rejected at smtp level. I have one client in particular that gets hammered with these (I suspect he tried unsubscribing in the past). Jun 23 03:50:07 mail1 postfix/smtpd[5118]: NOQUEUE: reject: RCPT from mmx3.opticspace.co.uk[8.19.138.30]: 554 5.7.1 Rejected; mmx3.opticspace.co.uk blocked by ibl Yep, that looks familiar... # The Solo Networks 8.19.136.0 - 8.19.143.255 8.19.136.0/21 REJECT # The Solo Networks 67.218.160.0 - 67.218.191.255 # 67.218.164.0/24 Surpass Solutions - cybersonicview.com # 67.218.173.0/24 X3 Hosting Systems # 67.218.180.0/24 LogiTech Interactive 67.218.160.0/19 REJECT My policy, I block the /24 straight away, and hits from 3 separate /24's earns a block for the whole netblock (as illustrated above).
Re: SORBS bites the dust
It does make you wonder why they never seem to end up on any of the spamhaus lists. Perhaps they are brilliant list washers ? Same here - I see lots of these and they don't score on many lists. It might be an uneducated guess, but i also have some very annoying hosts on the radar which i started blocking manually because they are on neither spamhaus nor sorbs. Yep, that looks familiar... # The Solo Networks 8.19.136.0 - 8.19.143.255 8.19.136.0/21REJECT # The Solo Networks 67.218.160.0 - 67.218.191.255 # 67.218.164.0/24 Surpass Solutions - cybersonicview.com # 67.218.173.0/24 X3 Hosting Systems # 67.218.180.0/24 LogiTech Interactive 67.218.160.0/19REJECT My policy, I block the /24 straight away, and hits from 3 separate /24's earns a block for the whole netblock (as illustrated above). How did you indentify these blocks as spammers and why doesnt spamhaus do so? They claim to have the worst spammer organisations on their list. I've got a whole list of Ips from india and korea which are on no list but send spam regulary. Should i care to investigate and maybe reject the the entire block? I'm pretty new on hunting down sources. All I know is the whois databse which is mostly useless for that purpose. -- Arvid
Re: SORBS bites the dust
Hello. From: Arvid Picciani a...@exys.org Subject: Re: SORBS bites the dust Date: Tue, 23 Jun 2009 22:17:03 +0200 Should i care to investigate and maybe reject the the entire block? I'm pretty new on hunting down sources. All I know is the whois databse which is mostly useless for that purpose. ex. dihe's IP-Index URL: http://ipindex.homelinux.net/./ -- Arvid -- Yoh-ichi MATSUDA(yoh) mailto:y...@flcl.org http://www.flcl.org/~yoh/diary/
Re: SORBS bites the dust
Res a écrit : On Tue, 23 Jun 2009, mouss wrote: payment were only needed for spam, not for dul not really :) despite what their site said/says.. its kind of a detterent i think sunno we never paid This is wrong. if you have evidence, show it. if not, stop spreading rumours. I have delisted an IP in the past, and I have been watching people trying to delist a block but without clues on how to do it... anyway, this is getting way off topic. whatever you I think of how sorbs should have been run (and thinking != running), its death, if confirmed, is sad news. If it is confirmed it wil indeed be sad times, SORBS catches the most of the crap that comes in here
Re: SORBS bites the dust
On Wed, 24 Jun 2009, mouss wrote: Res a écrit : On Tue, 23 Jun 2009, mouss wrote: payment were only needed for spam, not for dul not really :) despite what their site said/says.. its kind of a detterent i think sunno we never paid This is wrong. if you have evidence, show it. if not, stop spreading rumours. I have delisted an IP in the past, and I have been watching people trying to delist a block but without clues on how to do it... i dont have to prove squat to ANYONE, if you dont believe me, thereby calling me a liar, thats YOUR problem, STFU and dont comment on what you CLEARLY know NOTHING about when it comes to our case (or the case of many others who have been blocked and unblocked without paying) -- Res -Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
On Tue, 23 Jun 2009, Jeremy Morton wrote: Maybe it was better back then, but maybe a year ago I had the same problem and got NO response. Its death actually is good news because it means not so many innocent people will be able to be listed now. Perhaps, this was when Matthew was located in Brisbane where I am, last I heard he moved down south (he maybe be back, have not had a need to talk to him since so dont know) SORBS is heavily used in AU, and blocks far more than spamcop or spamhaus, might be different for other parts of the world, I dunno, but will be a large spam increase for us here if it closes. -- Res -Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
On Tue, 23 Jun 2009, Matus UHLAR - fantomas wrote: On Tue, 23 Jun 2009, mouss wrote: payment were only needed for spam, not for dul On 23.06.09 11:07, Res wrote: not really :) despite what their site said/says.. its kind of a detterent i think sunno we never paid well, we've had out IPs in the DUL (i asked for listing them) and we got them removed by the instructions on their web... I have no proofs they don't delist from DUL if you fullfill their (imho proper) requirements We had no problem with them listing our residential DUL ranges, we were happy for that, only unhappy when one of our mal servers got listed :), but as mentioned, it was fairly painless to get it removed back then. -- Res -Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
On Tue, 2009-06-23 at 22:17 +0200, Arvid Picciani wrote: It does make you wonder why they never seem to end up on any of the spamhaus lists. Perhaps they are brilliant list washers ? Same here - I see lots of these and they don't score on many lists. It might be an uneducated guess, but i also have some very annoying hosts on the radar which i started blocking manually because they are on neither spamhaus nor sorbs. Yep, that looks familiar... # The Solo Networks 8.19.136.0 - 8.19.143.255 8.19.136.0/21REJECT # The Solo Networks 67.218.160.0 - 67.218.191.255 # 67.218.164.0/24 Surpass Solutions - cybersonicview.com # 67.218.173.0/24 X3 Hosting Systems # 67.218.180.0/24 LogiTech Interactive 67.218.160.0/19REJECT My policy, I block the /24 straight away, and hits from 3 separate /24's earns a block for the whole netblock (as illustrated above). You are a man after my own heart - that's what I do! I notice this morning another 115 attempts from them overnight; less /var/log/mail.info | grep localbl | wc -l 115 How did you indentify these blocks as spammers by the mail they send :-) Teeth Whitening for $100 - Acai Power Slim etc. and why doesnt spamhaus I've asked that in the past of Spamhaus and was openly abused by people running to their defence - even Steve Lindford himself. He called me a 'moron' (but he had just lost a Court Case so I forgive him). This was over the very block I highlighted yesterday, and I asked him why spamhaus was missing it. That must have been 4 months ago. Some U.K. providers (such as Fasthosts Rackspace(UK)) never seem to get a listing for any of their ranges - which is interesting when you consider they are probably the largest providers of hosting in the UK and that Spamhaus hosts with one of them. I know that Barracuda have a 'paid' white list (in addition to the Mickey Mouse 'emailreg.org' thing they are selling). I wonder if Spamhaus offer a similar 'feature'. The only other logical explanation is that it is seriously lacking in missing this kind of trash. do so? They claim to have the worst spammer organisations on their list. I've got a whole list of Ips from india and korea which are on no list but send spam regulary. I have to agree. I don't dispute that Spamhaus traps a lot of spam. What is of more technical interest is what they miss. Being suspicious by nature, it looks to be a bit too much to be a coincidence on occasions. Should i care to investigate and maybe reject the the entire block? I'm pretty new on hunting down sources. All I know is the whois databse which is mostly useless for that purpose. There is a nice quirk. Whois the IP. A bad example of the output; whois 8.19.138.6 Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1) 8.0.0.0 - 8.255.255.255 The Solo Networks LVLT-SPIRE-4-8-19-136 (NET-8-19-136-0-1) 8.19.136.0 - 8.19.143.255 From this I've blocked the lower line (Solo Networks) and my logs show overnight attempts from 8.19.136-143 over 100 times a night. That would be a serious amount of crap in an inbox in the morning. -- Arvid
Re: SORBS bites the dust
All together now, 3... 2... 1... WOOHOOO!!! rich...@buzzhost.co.uk wrote: Noted this over at NANAE; QUOTE: All, Please feel free to forward this message to any other location/mailing list. It comes with great sadness that I have to announce the imminent closure of SORBS. The University of Queensland have decided not to honor their agreement with myself and SORBS and terminate the hosting contract. I have been involved with institutions such as Griffith University trying to arrange alternative hosting for SORBS, but as of 12 noon, 22nd June 2009 no hosting has been acquired and therefore I have been forced in to this announcement. SORBS is officially For Sale should anyone wish to purchase it as a going concern, but failing that and failing to find alternative hosting for a 42RU rack in the Brisbane area of Queensland Australia SORBS will be shutting down permanently in 28 days, on 20th July 2009 at 12 noon. This announcement will be replicated on the main SORBS website at the earliest opportunity. For information about the possible purchase of SORBS, the source code, data, hosts etc, I maybe contacted at miche...@sorbs.net, telephone +61 414 861 744. For any hosting suggestions/provision, please be aware that the 42RU space is a requirement at the moment, and the service cannot be made into a smaller rackspace without a lot of new hardware, virtual hosting is just not possible. The SORBS service services over 30 billion DNS queries per day, and has a number of database servers with fast disk to cope with the requirements. Thank you for all your support over the years, Michelle Sullivan (Previously known as Matthew Sullivan)
Re: SORBS bites the dust
On Mon, 22 Jun 2009, Jeremy Morton wrote: All together now, 3... 2... 1... WOOHOOO!!! EXPN? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Perfect Security and Absolute Safety are unattainable; beware those who would try to sell them to you, regardless of the cost, for they are trying to sell you your own slavery. --- 12 days until the 233rd anniversary of the Declaration of Independence
Re: SORBS bites the dust
rich...@buzzhost.co.uk wrote: It comes with great sadness that I have to announce the imminent closure of SORBS. The University of Queensland have decided not to honor their agreement with myself and SORBS and terminate the hosting contract. crap ... sorbs is the only list I trust enough to have them at SMTP level. For any hosting suggestions/provision, please be aware that the 42RU space is a requirement at the moment, 42?!! way out of my league.. any alternatives? :(
Re: SORBS bites the dust
On Mon, 22 Jun 2009, Arvid Picciani wrote: rich...@buzzhost.co.uk wrote: It comes with great sadness that I have to announce the imminent closure of SORBS. crap ... sorbs is the only list I trust enough to have them at SMTP level. In the past, I did some tests to determine which lists caught the most spam without FP's, and found that sbl-xbl.spamhaus.org (not the full 'zen' rbl), was catching over 90% of spam. I also use njabl, though lately it looks like it mostly overlaps with spamhaus, but the 'web' and 'dul' lists from sorbs are still catching a couple of 100 spam each day that were not caught by spamhaus. So I would really hate to see SORBS go. IMPORTANT: If sorbs does not get picked-up by a new host, will SA developers be ready to roll-out an SA update to remove the sorbs rules, so that we don't suffer a bunch of timeouts? Or how does that work? - Charles
Re: SORBS bites the dust
On Mon, 2009-06-22 at 19:40 +0200, Arvid Picciani wrote: rich...@buzzhost.co.uk wrote: It comes with great sadness that I have to announce the imminent closure of SORBS. The University of Queensland have decided not to honor their agreement with myself and SORBS and terminate the hosting contract. crap ... sorbs is the only list I trust enough to have them at SMTP level. Really? Personally I find the PBL just kicks its ass. People tended to bitch that sorbs charged for removal, but I can't say why they said that.
Re: SORBS bites the dust
On Mon, 22 Jun 2009, rich...@buzzhost.co.uk wrote: Really? Personally I find the PBL just kicks its ass. When I did my research for setting up RBL's, I found old comparisons between RBL's that seemed to indicate that the spamhaus PBL and the spamcop lists had slightly higher levels of flase postives. Not 'bad', but just poor enough that I prefer to give PBL a weighted score in SA rather than run it as a poison pill in the MTA. Though with everything I've been seeing lately, I'm darned tempted to ramp it up. Especially if sorbs DUL list is going to go bye-bye Perhaps it is time to do some new comparisons? Does anyone have some stats on the effectiveness of various RBL's versus the FP rate? Presumably the scoring defaults in SA are somehow based on this, but I wouldn't mind being able to decide for myself. Unfortunately, the privacy regs prevent me from keeping a good corpus here and doing my own tests. - Charles
Re: SORBS bites the dust
rich...@buzzhost.co.uk wrote: On Mon, 2009-06-22 at 19:40 +0200, Arvid Picciani wrote: rich...@buzzhost.co.uk wrote: It comes with great sadness that I have to announce the imminent closure of SORBS. The University of Queensland have decided not to honor their agreement with myself and SORBS and terminate the hosting contract. crap ... sorbs is the only list I trust enough to have them at SMTP level. Really? Personally I find the PBL just kicks its ass. People tended to bitch that sorbs charged for removal, but I can't say why they said that. You really can't? SORBS accidentally blacklist your domain. You then have to pay their tithe money to get people to start receiving your e-mail again. I say that sucks. BTW, it happened to my domain, I tried to contact them, and got one automated response e-mail. Nothing more. Good riddance to them. Best regards, Jeremy Morton (Jez)
RE: SORBS bites the dust
If you follow the unlisting proceedure and meet all of the requirements, then you get unlisted. As with all things, it just takes a little patients. After converting my IP's over from my ISP to my DNS servers, I was listed (because the ISP no longer listed us a static). We were able to resolve it in a fairly resonable amount of time. I don't recall even paying a dime. From: Jeremy Morton [ad...@game-point.net] Sent: Monday, June 22, 2009 3:01 PM To: rich...@buzzhost.co.uk Cc: users@spamassassin.apache.org Subject: Re: SORBS bites the dust rich...@buzzhost.co.uk wrote: You really can't? SORBS accidentally blacklist your domain. You then have to pay their tithe money to get people to start receiving your e-mail again. I say that sucks. BTW, it happened to my domain, I tried to contact them, and got one automated response e-mail. Nothing more. Good riddance to them. Best regards, Jeremy Morton (Jez)
Re: SORBS bites the dust
Jeremy Morton wrote: You then have to pay their tithe money to get people to start receiving your e-mail again. sorbs doesn't charge for delisting. Actually no trustworthy bl does.
Re: SORBS bites the dust
On Mon, Jun 22, 2009 at 15:06, Arvid Picciania...@exys.org wrote: Jeremy Morton wrote: You then have to pay their tithe money to get people to start receiving your e-mail again. sorbs doesn't charge for delisting. Actually no trustworthy bl does. Technically correct, but not literally. You can wait 1 year ... or pay $50 to some approved charity. So, yes, you can not pay anything, if you're willing to wait a year. And if you do pay, you don't pay THEM exactly. But, it still remains that they expect some form of financial offset in order to get off their list in less than a year. http://www.au.sorbs.net/faq/spamdb.shtml
Re: SORBS bites the dust
On 22 Jun, 2009, at 12:04 , Charles Gregory wrote: When I did my research for setting up RBL's, I found old comparisons between RBL's that seemed to indicate that the spamhaus PBL and the spamcop lists had slightly higher levels of flase postives. This was certainly true with Spamcop's list, which was next to useless. PBL has always been a highly effective list, however, and I used it gladly until I switched to zen, which includes it. It is, after all, basically a list of IPs that the IP owners say should not be sending email directly. SORBS DUL list was, at a time, a bit more effective than the PBL, but that didn't last long and I've seen addresses that haven't been in dynamic pools for years still listed (Several IPs in Comcast's static business pool, for example). I'm not happy to see SORBS go, but it's been a long time since I relied on it for anything other than a bit of scoring in SA. 42U of space seems a bit much though. I'd think a couple of Xserves could manage it quite well. I'm probably wrong though. -- Can I borrow your underpants for 10 minutes?
Re: SORBS bites the dust
On 22 Jun, 2009, at 16:17 , John Rudd wrote: You can wait 1 year ... or pay $50 to some approved charity. So, yes, you can not pay anything, if you're willing to wait a year. And if you do pay, you don't pay THEM exactly. But, it still remains that they expect some form of financial offset in order to get off their list in less than a year. Actually, it is 1 year PER SPAM, or $50 PER SPAM. This was a way of punishing actual spammers. I never heard of SORBS forcing anyone to wait a year or pay $50 a spam for accidental listing, temporary failures, or anything else along those line. In essence, this policy was in place to scare off the real spammers who would be looking at that thinking, HOly, shit, I'd have to pay $50,000,000,000 to get delisted! -- Amazingly Beautiful Creatures Dancing Excites the Forest Glade, in my Heart how I do Jump like the Kudo Listen to the Music so Nice the Organ Plays. Quietly Rests the Sleepy Tiger Under the Vine tree at the Water's side and X marks the spot 'neath the Yellow moon where the Zulu king and I did hide.
Re: SORBS bites the dust
Charles Gregory a écrit : On Mon, 22 Jun 2009, rich...@buzzhost.co.uk wrote: Really? Personally I find the PBL just kicks its ass. When I did my research for setting up RBL's, I found old comparisons between RBL's that seemed to indicate that the spamhaus PBL and the spamcop lists had slightly higher levels of flase postives. stop spreading FUD. if you know of false positives, show us so that we see what you exactly mean. a lot of people, including $self, use the PBL at smtp time. Not 'bad', but just poor enough that I prefer to give PBL a weighted score in SA rather than run it as a poison pill in the MTA. Though with everything I've been seeing lately, I'm darned tempted to ramp it up. Especially if sorbs DUL list is going to go bye-bye Perhaps it is time to do some new comparisons? Does anyone have some stats on the effectiveness of various RBL's versus the FP rate? at this time, zen is _the_ list. Presumably the scoring defaults in SA are somehow based on this, but I wouldn't mind being able to decide for myself. Unfortunately, the privacy regs prevent me from keeping a good corpus here and doing my own tests. despite the privacy regs here (and not only because of regs. I am extremely attached to privacy), I have no problem keeping a corpus of spam from one hand, and a list of IPs that sent other mail.
Re: SORBS bites the dust
Gary Smith a écrit : If you follow the unlisting proceedure and meet all of the requirements, then you get unlisted. As with all things, it just takes a little patients. After converting my IP's over from my ISP to my DNS servers, I was listed (because the ISP no longer listed us a static). We were able to resolve it in a fairly resonable amount of time. I don't recall even paying a dime. payment were only needed for spam, not for dul anyway, this is getting way off topic. whatever you I think of how sorbs should have been run (and thinking != running), its death, if confirmed, is sad news.
Re: SORBS bites the dust
On Mon, 22 Jun 2009, John Rudd wrote: You can wait 1 year ... or pay $50 to some approved charity. So, yes, you can not pay anything, if you're willing to wait a year. And if you do pay, you don't pay THEM exactly. But, it still remains that they expect some form of financial offset in order to get off their list in less than a year. http://www.au.sorbs.net/faq/spamdb.shtml Rubbish, we had one of ours in it a couple years ago, it took a couple emails and no more than a few days for removal, nothing paid either. -- Res -Beware of programmers who carry screwdrivers