David B Funk wrote:
Jo you didn't read Chris's statement closely. A conscientious mail server
administrator will configure the SERVER to -ONLY- accept encrypted
connections for SMTP-AUTH transactions; the server should enforce
the encryption requirements.
This is a religious war
Quoting Richard Smits [EMAIL PROTECTED]:
Thanks for all the advice.. I think we will be using spamhaus. I am
running a test and it blocks a lot of spam. Currently I use the
sbl.spamhaus and pbl.spamhaus
Is this wise, or should I also use the xbl and switch to zen.spamhaus?
Please do not
Quoting Skip [EMAIL PROTECTED]:
I am not certain how anyone can claim that they have no FPs running through
those services unless they have prior knowledge of every inbound email.
That is impossible. My company deals with on the order of thousands of
companies and multiple times that in
Jeff Chan wrote:
Quoting Richard Smits [EMAIL PROTECTED]:
Thanks for all the advice.. I think we will be using spamhaus. I am
running a test and it blocks a lot of spam. Currently I use the
sbl.spamhaus and pbl.spamhaus
Is this wise, or should I also use the xbl and switch to
Quoting R.Smits [EMAIL PROTECTED]:
Jeff Chan wrote:
Quoting Richard Smits [EMAIL PROTECTED]:
Thanks for all the advice.. I think we will be using spamhaus. I am
running a test and it blocks a lot of spam. Currently I use the
sbl.spamhaus and pbl.spamhaus
Is this wise, or should I
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
getting to high for our organisation. Wich list is safe enough
On Wed, 10 Oct 2007, R.Smits wrote:
| We use : sbl-xbl.spamhaus.org now. It does not include the PBL (policy
| Block List)
|
| We serve a big university and we cannot afford False Positives.
| I can imagine that someone one the PBL (home user) runs a small
| mailserver and cannot connect to our
R.Smits wrote:
Jeff Chan wrote:
Quoting Richard Smits [EMAIL PROTECTED]:
Thanks for all the advice.. I think we will be using spamhaus. I am
running a test and it blocks a lot of spam. Currently I use the
sbl.spamhaus and pbl.spamhaus
Is this wise, or should I also use the xbl and
Leon Kolchinsky wrote:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
getting to high for our organisation. Wich
Quoting mouss [EMAIL PROTECTED]:
If they really run a normal MTA, and if that is authorized by their
ISP, then they should ask to be unlisted. (They should also get a
meaningful reverse DNS so that they can be identified).
Otherwise, they should relay via their ISP...
Indeed, one of the
On Tue, 9 Oct 2007, Jo Rhett wrote:
On Oct 9, 2007, at 4:22 PM, Chris Edwards wrote:
Your server then enforces encryption and SMTP-AUTH, and the SSL will
(hopefully) defeat any man-in-the-middle attacks by trans-proxies.
That's exactly the problem I am reporting. A lot of mail clients
On Wed, 10 Oct 2007, David B Funk wrote:
On Tue, 9 Oct 2007, Jo Rhett wrote:
On Oct 9, 2007, at 4:22 PM, Chris Edwards wrote:
Your server then enforces encryption and SMTP-AUTH, and the SSL will
(hopefully) defeat any man-in-the-middle attacks by trans-proxies.
That's exactly the problem I
On Tue, 2007-10-09 at 17:34 +0200, R.Smits wrote:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
getting to
R.Smits wrote:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
getting to high for our organisation. Wich list is
None. I'd rather bump up my system resources than allow a system completely
out of my control to assess whether or not mail should run through my MTA
and SA.
- Skip
On Tue, 9 Oct 2007 at 10:00 -0700, [EMAIL PROTECTED] confabulated:
Spamhaus: yes. Use zen.spamhaus.org (you might end up needing to pay for
it, and use a local cache, if you're a heavy traffic site, but, frankly, it's
worth paying for).
We use Spamhaus here with their datefeed service. Our
Quoting John Rudd [EMAIL PROTECTED]:
R.Smits wrote:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
John Rudd wrote:
Spamcop: no. Don't use them as an MTA RBL. I'm leery of even using
them as a SA RBL, but it's a very bad idea to use them as an MTA RBL
(too many false positives).
Actually, sometime in the past several months, SpamCop's FP rate dropped
dramatically. I'm not privy to the
Jeff Chan writes:
Quoting John Rudd [EMAIL PROTECTED]:
R.Smits wrote:
Spamcop: no. Don't use them as an MTA RBL. I'm leery of even using
them as a SA RBL, but it's a very bad idea to use them as an MTA RBL
(too many false positives).
I was about to give the same answer
actually
* R.Smits [EMAIL PROTECTED]:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
None, we put them like all restrictions into
smtpd_recipient_restrictions.
Currently we only use : reject_rbl_client list.dsbl.org
reject_rbl_client
Also, psbl.surriel.com has gotten much better in recent months. It used
to have occasional FPs, but I haven't seen any in a while. In my own
spam filtering, I merely score on RBLs and I don't outright block... but
if I were a large ISP which didn't have that luxury, I'd probably use
the
On 10/9/07, R.Smits [EMAIL PROTECTED] wrote:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
getting to high for
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
http://list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
getting to
On Tue, 9 Oct 2007, Richard Smits wrote:
| Thanks for all the advice.. I think we will be using spamhaus. I am
| running a test and it blocks a lot of spam. Currently I use the
| sbl.spamhaus and pbl.spamhaus
| Is this wise, or should I also use the xbl and switch to zen.spamhaus?
You should
Well, in the real world, many of us who would have to scan
over 150,000 inbound emails a day, of which about 85% are
pure 100% spam simply don't have that luxury...
We've had best results with zen.spamhaus.org , other dnsbls
seem unreliable/not worth the effort
regards,
jp
On Tue, 9 Oct 2007, Skip wrote:
| I have a number of travelling personnel from my company. I don't want the
| call at 11pm on a Wednesday night or 6 am on a Sunday morning from a hotel
| and the network they are on is on one of those lists and they can't use
| their email.
Hi,
Your travellers
-Original Message-
From: Skip [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 09, 2007 2:26 PM
To: users@spamassassin.apache.org
Subject: RE: Advice on MTA blacklist
Well, in the real world, many of us who would have to scan
over 150,000 inbound emails a day, of which about
From: Chris Edwards
Your travellers should be using one of:
- Authenticated SMTP submission bypassing your DNSBL tests
- VPN into your network
- Your webmail service
All of these are available. Unless I somehow had something configured
improperly, the blacklists were rejecting connection to
Skip,
Chris's point is that your users **should** use SMTP authorization to
distinguish their trusted connections from other connections that must
be spam filtered. Additionally, you should NOT do ANY spam filtering on
these SMTP Auth connections... especially not outright RBL blocking. You
On Tue, 9 Oct 2007, Skip wrote:
| Unless I somehow had something configured improperly, the blacklists
| were rejecting connection to the MTA before SMTP auth.
Hi,
That's the problem - you don't want to do blacklist lookups for SMTP-AUTH
submissions.
FWIW we use Exim which has plenty
On Oct 9, 2007, at 10:37 AM, James E. Pratt wrote:
Well, in the real world, many of us who would have to scan over
150,000
inbound emails a day, of which about 85% are pure 100% spam simply
don't
have that luxury...
Are you using a 486 to process inbound mail? My 1.4Ghz Athlon 2
system
On Oct 9, 2007, at 11:31 AM, Chris Edwards wrote:
Your travellers should be using one of:
- Authenticated SMTP submission bypassing your DNSBL tests
- VPN into your network
- Your webmail service
Thus it shouldn't matter if their hotel is blacklisted (many are).
Both Crackberry and Verizon
On Tue, 9 Oct 2007, Jo Rhett wrote:
| Both Crackberry and Verizon force you to use their mail servers. Some other
| data providers are now doing transparent proxy on outbound e-mail. In short,
| the user can't always control that.
True, to an extent. I don't know about the *berry, but
On Tue, 9 Oct 2007, Jo Rhett wrote:
| Right, but transparent proxy of SMTP connections is available in even the
| lowest end firewalls now (like free ones you get with service).
OK.
| And very few clients will complain if they aren't required to do SMTP
| auth, which means that the user will
On Oct 9, 2007, at 3:52 PM, Chris Edwards wrote:
However, even assuming your user *is* using the *berry server or the
verizon transparent proxy, then mails they send will in the main
emerge
from a legit mail server run by grown-ups, which is far far less
likely to
be blacklisted then a user
On Oct 9, 2007, at 4:22 PM, Chris Edwards wrote:
Of course the best solution is for clients to always submit on port
465/587,
and hope that's allowed out by the hotels / mobile connectivity
providers.
Fairly often not. I've been lucky with T-Mobile, but Sprint and
Verizon apparently
Chris Edwards wrote:
On Tue, 9 Oct 2007, Jo Rhett wrote:
| Both Crackberry and Verizon force you to use their mail servers. Some other
| data providers are now doing transparent proxy on outbound e-mail. In
short,
| the user can't always control that.
True, to an extent. I don't know
37 matches
Mail list logo
