Re: Should Spamhaus default to disabled?
On Sat, 12 Jun 2010 13:06:23 +0200 Karsten Bräckelmann guent...@rudersport.de wrote: No need to stretch the term large. That's a throughput of more than 1 mail per second -- 100k SMTP connections per day. And that is without any local caching at all. With caching, the throughput would be considerably higher, before you ever cross the threshold and get on their heavy-user radar. I think it's worth pointing-out that SA does deep-checking on zen to catch spammers in SBL that are relaying though other people's servers. If you reject on zen at the SMTP level you not only do fewer lookups, but you should also get a higher hit-rate at the DNS cache.
Re: Should Spamhaus default to disabled?
On Sat, 12 Jun 2010, Karsten Br�ckelmann wrote: On Sat, 2010-06-12 at 00:19 -0400, Andy Dills wrote: On Fri, 11 Jun 2010, Karsten Bräckelmann wrote: The most important argument for me to keep it enabled by default is simple. Small organizations and home users DO NOT have the knowledge and admin power to care about all that stuff themselves. For them, SA should work as good a possible out of the box. On the other hand, large organizations that generate a *substantial* amount of BL queries per day DO have the required power to tweak SA according to their specific needs and environment. That's fair. Except, we're not a large organization by any stretch of the imagination. More than 300.000 queries per day. And a mail cluster, as you stated in your OP. 300,000 queries per day...per server? per CIDR? What is the delimiter? Because there is certainly no single IP generating 300,000 queries per day. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Re: Should Spamhaus default to disabled?
On Sat, 2010-06-12 at 14:07 +0100, RW wrote:
On Sat, 12 Jun 2010 13:06:23 +0200
Karsten Bräckelmann guent...@rudersport.de wrote:
No need to stretch the term large. That's a throughput of more than
1 mail per second -- 100k SMTP connections per day. And that is
without any local caching at all. With caching, the throughput would
be considerably higher, before you ever cross the threshold and get on
their heavy-user radar.
I think it's worth pointing-out that SA does deep-checking on zen to
catch spammers in SBL that are relaying though other people's servers.
If you reject on zen at the SMTP level you not only do fewer lookups,
but you should also get a higher hit-rate at the DNS cache.
True -- just doesn't effect the math above. :)
For the numbers I used the 100k SMTP connections limit for Spamhaus
free usage, rather than the 300k queries. So there's room left.
Pointing out deep-parsing for SBL is a good one, though. While there's a
single limit, there are multiple lists and query styles. PBL and XBL is
a single query per mail. SBL does deep-parsing, and DBL is RHS -- these
are most likely to result in more queries per mail. Without caching...
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Should Spamhaus default to disabled?
On 2010-06-12 15:20, Andy Dills wrote: 300,000 queries per day...per server? per CIDR? What is the delimiter? Because there is certainly no single IP generating 300,000 queries per day. That is probably your problem... use a central DNS resolver and your query count will instantly decrease I bet you're querying from: 216.127.136.200 dns02.xecu.net 216.127.136.247 mail-out07.xecu.net 216.127.136.242 mail-out02.xecu.net 216.127.136.246 mail-out06.xecu.net 216.127.136.196 mg6.xecu.net 216.127.136.241 mail-out01.xecu.net 216.127.136.245 mail-out05.xecu.net 216.127.136.243 mail-out03.xecu.net 216.127.136.244 mail-out04.xecu.net
More large spam....
I got another 1MB spam today. I still don't want to kill my system by attempting to scan every large mail that comes in. Has there been any progress on an 'option' to scan only text portions of mail past a certain size limit and/or scan only the first X bytes? The former is preferable because it avoids any issues with incomplete mail, or text sections being last - Charles
Re: Increase in scan time from 3.3 to 3.3.1
On Fri, 11 Jun 2010 17:32:05 -0400 Chris Conn cc...@abacom.com wrote: In a followup to http://www.gossamer-threads.com/lists/spamassassin/users/151470; Is it possible to set the priority on RBL rules to run after rules, or not at all if shortcircuited? RBL test are done in parallel, and they are initiated early so SA can get on with local tests during the DNS lookup. I don't know if what you're asking for is possible, but it doesn't sound like a good idea.
Re: Should Spamhaus default to disabled?
On Sat, 12 Jun 2010, Yet Another Ninja wrote: On 2010-06-12 15:20, Andy Dills wrote: 300,000 queries per day...per server? per CIDR? What is the delimiter? Because there is certainly no single IP generating 300,000 queries per day. That is probably your problem... use a central DNS resolver and your query count will instantly decrease I bet you're querying from: 216.127.136.200 dns02.xecu.net 216.127.136.247 mail-out07.xecu.net 216.127.136.242 mail-out02.xecu.net 216.127.136.246 mail-out06.xecu.net 216.127.136.196 mg6.xecu.net 216.127.136.241 mail-out01.xecu.net 216.127.136.245 mail-out05.xecu.net 216.127.136.243 mail-out03.xecu.net 216.127.136.244 mail-out04.xecu.net Those and a few others. That's why I'm asking how the limits are designed. In the past I had problems a certain other blacklist wanting money. We were using a central resolver. Their thresholds were based on queries per IP, not network. Using a central resolver put us over their threshold. Distributing out to the individual servers put us under their threshold. I pointed out the silliness of this, as it actually increased overall traffic, but they weren't interested in my opinion, just my money. I would prefer to just rsync the data, resolve it locally and save everybody the hassle. But no, that costs even more! Because remember, this isn't about defraying costs (reasonable), this is about generating revenue (reasonable, but not for a default-enabled option in free software). I really just wish the various policies of the pseudo-free blacklists were all well-documented, so that sites can evaluate how best to conform, or if not, how to disable queries. But then again, if it's well documented, they don't get a chance to generate sales leads! Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Re: Should Spamhaus default to disabled?
On Sat, 2010-06-12 at 10:09 -0400, Andy Dills wrote:
On Sat, 12 Jun 2010, Yet Another Ninja wrote:
Because there is certainly no single IP generating 300,000 queries per
day.
That is probably your problem... use a central DNS resolver and your query
count will instantly decrease
Those and a few others.
That's why I'm asking how the limits are designed. In the past I had
You want to ask Spamhaus the question.
Btw, you did not answer my question *what* Spamhaus asked you about for
feedback. We cannot even tell if you're actually giving feedback
(publicly, without directing it to Spamhaus) or just venting opinions.
problems a certain other blacklist wanting money. We were using a central
resolver. Their thresholds were based on queries per IP, not network.
Using a central resolver put us over their threshold. Distributing out to
the individual servers put us under their threshold. I pointed out the
silliness of this, as it actually increased overall traffic, but they
weren't interested in my opinion, just my money. I would prefer to just
Well, Spamhaus uses the term you. IIRC they are smart about usage, and
identifying users. As opposed to IPs.
Anyway, so you just said, that you deliberately traded off caching, to
fly under the free-usage terms of another service. In order not to pay.
Now this bites, because it generates more queries for another service.
Got to love that irony!
rsync the data, resolve it locally and save everybody the hassle. But
no, that costs even more! Because remember, this isn't about defraying
costs (reasonable), this is about generating revenue (reasonable, but not
for a default-enabled option in free software).
You are exclusively using free as in free beer here. However, SA also is
free as in speech. You got the source (without paying a dime), and you
are allowed to modify the code. Please do so. We do not guarantee
anything. In particular, we do not guarantee that you can use all
supported features, enabled by default or not, without any further cost.
I really just wish the various policies of the pseudo-free blacklists were
all well-documented, so that sites can evaluate how best to conform, or if
not, how to disable queries.
This is open source. Feel like contributing back something to the
project you are using? Like, maybe, some docs how to selectively disable
BLs, once you got your head wrapped around it...
But then again, if it's well documented, they don't get a chance to
generate sales leads!
Spamhaus does not use SA to generate sales. SA does not generate sales
for Spamhaus. Please stop repeating this claim.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: More large spam....
Please do not hijack a thread. Please do not hit Reply, if you do not
intend to reply and contribute to that thread. Removing all quoted text
and changing the Subject does *not* make it a new thread or post.
(Hint: In-Reply-To and References headers.)
On Sat, 2010-06-12 at 09:50 -0400, Charles Gregory wrote:
I got another 1MB spam today.
I still don't want to kill my system by attempting to scan every large
mail that comes in.
How many messages between 500k and 1M do you get per day?
Has there been any progress on an 'option' to scan only text portions of
mail past a certain size limit and/or scan only the first X bytes? The
former is preferable because it avoids any issues with incomplete mail, or
text sections being last
No changes since this has been asked the last time. There are features
for this in 3.3, used by Amavis. This is not used by spamc.
There are just a very few rules scanning non-textual parts of a mail.
Large-ish binary attachments don't have much of an impact on
performance. Large-ish textual attachments potentially do.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Set for Whitelist Only?
I am migrating to a new server with SpamAssassin. I have a well-known email address which is a common spam target, and I want to set it up so that only addresses on my whitelist are allowed, everything else is automatically blacklisted. How do I set this up? Thanks Andrew -- View this message in context: http://old.nabble.com/Set-for-Whitelist-Only--tp28865599p28865599.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Set for Whitelist Only?
On 06/12/2010 08:20 AM, andrewj wrote: I am migrating to a new server with SpamAssassin. I have a well-known email address which is a common spam target, and I want to set it up so that only addresses on my whitelist are allowed, everything else is automatically blacklisted. How do I set this up? Thanks Andrew Why are you accepting e-mail to that address in the first place? You should have your MTA not accept the mail in the first place.
Re: Set for Whitelist Only?
Evan Platt wrote: Why are you accepting e-mail to that address in the first place? You should have your MTA not accept the mail in the first place. I want to accept email on that address from certain trusted users. I want to block everything except the whitelist. can I do this? Andrew -- View this message in context: http://old.nabble.com/Set-for-Whitelist-Only--tp28865599p28865820.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Set for Whitelist Only?
On Sat, 12 Jun 2010, andrewj wrote: I am migrating to a new server with SpamAssassin. I have a well-known email address which is a common spam target, and I want to set it up so that only addresses on my whitelist are allowed, everything else is automatically blacklisted. How do I set this up? Outside SA (assuming you have administrative access to the MTA). See, for example, milter-regex or other MTA-level tools that allow you to filter based on sender and recipient addresses. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- What nuts do with guns is terrible, certainly. But what evil or crazy people do with *anything* is not a valid argument for banning that item.-- John C. Randolph j...@idiom.com --- 246 days since President Obama won the Nobel Not George W. Bush prize
Re: Set for Whitelist Only?
On 6/12/10 10:59 AM, andrewj andr...@andrewj.com wrote: I want to accept email on that address from certain trusted users. I want to block everything except the whitelist. can I do this? Do you want those users whitelisted globally, or just for that specific address? If globally is fine, then just add the trusted users using whitelist_auth (or whitelist_from if you must, but that is likely to cause you pain down the road) and then create a local rule along the lines of (untested, off the top of my head): header AJ_NOT_TO_ABUSEDTo =~ /abusedaddre...@example\.com/ score AJ_NOT_TO_ABUSED80.0 Messages from whitelisted users will start with a score of -20; messages from other users will start with a score of 80. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com ...Life is not a journey to the grave with the intention of arriving safely in one pretty and well-preserved piece, but to slide across the finish line broadside, thoroughly used up, worn out, leaking oil, and shouting GERONIMO!!! -- Bill McKenna
Re: Set for Whitelist Only?
On Sat, 2010-06-12 at 08:59 -0700, andrewj wrote: Evan Platt wrote: Why are you accepting e-mail to that address in the first place? You should have your MTA not accept the mail in the first place. I want to accept email on that address from certain trusted users. I want to block everything except the whitelist. can I do this? You don't say what your MTA is, but in Postfix you can do this at MTA level with header_checks. It gives you the option of rejecting (REJECT), silently discarding (DISCARD) or excluding the message from further checks of this type (DUNNO). You can use Perl-type regular expressions for this. The regexes in a .pcre file are executed in the order they are listed, so something like /^From:.*goodg...@spamsource\.com/ DUNNO /^From:@spamsource\.com/REJECT should accept mail from good...@spamsource.com while rejecting all other mail from spamsource.com. DUNNO is a Postfixism that says 'pretend messages that match this regex weren't compared with this file's contents. Disclaimer: this has not been tested. It was merely written after looking at the Postfix manual. Martin
Re: Set for Whitelist Only?
On Sat, 12 Jun 2010 08:20:57 -0700 (PDT) andrewj andr...@andrewj.com wrote: I am migrating to a new server with SpamAssassin. I have a well-known email address which is a common spam target, and I want to set it up so that only addresses on my whitelist are allowed, everything else is automatically blacklisted. How do I set this up? This kind of thing can be very unforgiving. I'd do the whitelisting and then add a header rule to add around 5 points for the particular address. That way BAYES can save you if a sender changes address.
Re: Set for Whitelist Only?
On lør 12 jun 2010 17:59:51 CEST, andrewj wrote I want to accept email on that address from certain trusted users. I want to block everything except the whitelist. can I do this? Andrew whitelist_from fr...@example.net blacklist_to yourownaddr...@example.com when friend write to you scores will be neotral, but for others thay get the spam score for sending mail to your address if friends email is on a domain with dkim or spf use whitelist_auth fri...@example.net dont use willcards -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: List of cell phone company hosts
Hello Marc,
Am 2010-06-11 10:23:51, hacktest Du folgendes herunter:
Also - I'd like to make a list of host names where email from celll
phones comes from. Does anyone have a list of domain name or host
names where cell phone email is sent from?
One of the spamers domains are mymetropcs.com metropcs.net
[ STDIN ]---
Return-Path: postmas...@mms.metropcs.net
Delivered-To: linux4miche...@tamaxxxogan.net
Received: from SRVR-DNS2.metropcs.net (srvr-dns2.metropcs.net
[:::65.91.116.51])
by mail.tamay-dogan.net with esmtp; Wed, 02 Jun 2010 07:50:04 +0200
id 0002BCA1.4C05F10D.742F
Received: from mms5.mms.metropcs.net ([10.221.2.134]) by SRVR-DNS2.metropcs.net
with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 2 Jun 2010 00:49:32 -0500
Received: by mms5.mms.metropcs.net (Multimedia IP message store 7.2.23) id
4BDA075600A1F9B3 for linux4miche...@tamaxxxogan.net; Wed, 2 Jun 2010 00:49:32
-0500
Date: Wed, 2 Jun 2010 00:49:32 -0500 (added by postmas...@mms5.mms.metropcs.net)
From: postmas...@mms.metropcs.net
To: linux4miche...@tamaxxxogan.net
Message-ID: 25463419.635701851275457770810.javamail@mms5.mms.metropcs.net
Subject: Delivery Status Notification
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary==_Part_26402464_16792688.1275457770808
Old-Return-Path: postmas...@mms.metropcs.net
X-OriginalArrivalTime: 02 Jun 2010 05:49:32.0835 (UTC)
FILETIME=[6000A730:01CB0217]
X-TDMailSerialnumber: 9968506
--=_Part_26402464_16792688.1275457770808
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: BASE64
WW91ciBtZXNzYWdlIHdhcyBub3QgZGVsaXZlcmVkIHN1Y2Nlc3NmdWxseS4KCiAgU3ViamVjdDog
ICBSZTogSXN0IG5vY2ggamVtYW5kIGRhPwogIFNlbnQ6ICAgICAgV2VkLCAyIEp1biAyMDEwIDA3
OjQyOjQzICswMjAwCgogVGhlIG1lc3NhZ2UgY291bGQgbm90IGJlIGRlbGl2ZXJlZCB0byB0aGUg
Zm9sbG93aW5nIHJlY2lwaWVudDoKIGRlYmlhbi11c2VyLWdlcm1hbkBsaXN0cy5kZWJpYW4ub3Jn
CgogRmFpbHVyZSByZWFzb246ICBzdWJzY3JpYmVyIGNvdWxkIG5vdCBiZSBmb3VuZCBpbiBEQgo=
--=_Part_26402464_16792688.1275457770808
Content-Type: Message/Delivery-status
Content-Transfer-Encoding: 7bit
Final-Recipient: rfc822; debian-user-ger...@lists.debian.org
Action: failed
Status: 5.0.0
--=_Part_26402464_16792688.1275457770808
Content-Type: message/rfc822
Date: Wed, 2 Jun 2010 07:42:43 +0200
From: Michelle Konzack linux4miche...@tamaxxxogan.net
To: 3054505...@mymetropcs.com
Cc: debian-user-ger...@lists.debüan.org
Message-ID: 15871286.635623821275457386113.javamail@mms5.mms.metropcs.net
In-Reply-To: 4c05e6b0.7000...@beckerwelt.de
Subject: Re: Ist noch jemand da?
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=application/pgp-signature;
boundary==_samba3-28339-1275457364-0001-2
X-Comverse-MMS-Creation-Time: Wed, 02 Jun 2010 05:43:06 GMT
X-Comverse-MMS-Sender-Type: Internet
X-Comverse-MMS-Saved-Param-Service-Type: P2P
X-Comverse-MMS-SAF-Store-Time: 1275457386168
X-Comverse-Mms-Part-List:
text/plain%*1285%*NA%*NA#$application/pgp-signature%*189%*NA%*NA
X-Comverse-Mms-Body-Parts-Size: 1474
X-Comverse-MMS-To-Info:
{{domain=mymetropcs.com~~display=3054505...@mymetropcs.com~~original=3054505829@mymetropcs.com~~email=3054505...@mymetropcs.com~~phone=3054505829~~emaillocalpart=3054505829~~}}
X-Comverse-MMS-Cc-Info:
{{domain=lists.debian.org~~display=debian-user-ger...@lists.debüan.org~~original=debian-user-german@lists.debüan.org~~email=debian-user-ger...@lists.debüan.org~~emaillocalpart=debian-user-german~~}}
This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.
--=_samba3-28339-1275457364-0001-2
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello Frank Becker,
Am 2010-06-02 07:05:52, hacktest Du folgendes herunter:
Hallo,
ich bekomme seit 1-2 Tagen keine Mails mehr von der Liste - auch auf
gmane.org ist nichts neues mehr zu lesen.
Ich auch nicht...
Ist irgendetwas kaputt an der Liste?
Also ich habe Deine Mail bekommen...
Wenn das jemand liest, dann bitte auch eine Antwort per PM - ich
kann die Liste derzeit nicht empfangen. Warum auch immer.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--=20
# Debian GNU/Linux Consultant ##
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability)
Owner Michelle KonzackOwner Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstra=DFe 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix
http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/
http://www.debian.tamay-dogan.net/ http://www.can4linux.org/
Jabber linux4miche...@jabber.ccc.de
ICQ#328449886
Re: Should Spamhaus default to disabled?
Hello Andy Dills, Am 2010-06-12 10:09:03, hacktest Du folgendes herunter: That's why I'm asking how the limits are designed. In the past I had problems a certain other blacklist wanting money. We were using a central resolver. Their thresholds were based on queries per IP, not network. Using a central resolver put us over their threshold. Distributing out to the individual servers put us under their threshold. I pointed out the silliness of this, as it actually increased overall traffic, Ehm, I get per day arround 60.000 legitimate messages and around 15 mio spams using 8 inbound servers and do not exceed the limit of Spamhaus using a central caching DNS... How can this be? but they weren't interested in my opinion, just my money. I would prefer to just rsync the data, resolve it locally and save everybody the hassle. But no, that costs even more! Because remember, this isn't about defraying costs (reasonable), this is about generating revenue (reasonable, but not for a default-enabled option in free software). Sorry, but you must have a weird setup... Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: Should Spamhaus default to disabled?
On 6/11/2010 8:00 AM, Matus UHLAR - fantomas wrote: On 11.06.10 10:42, Andy Dills wrote: After recently upgrading to a new mail cluster with SA 3.3.1, we were contacted (at every imaginable POC address) with a solicitation to purchase access to utilize the Spamhaus blacklists, or they'll stop answering our queries. You apparently generate too much of traffic for them. I think the maintainers of SA should strongly consider defaulting Spamhaus to off. At the very least, it should be better documented how to entire disable Spamhaus queries. They have some limits into which most of companies will fit, but you will not. As any service, they may have their usage policy which some companies won't fullfill. But that's not reason why it should not be defaulted to on. They have the right to charge for their data, but I question whether it's appropriate for an open-source project to generate sales leads in this manner. Just one thought - on our mailservers SA is only run on mail that makes it past antivirus scanning, greylisting, and a bunch of other spam checks. The majority of spam or junk is peeled off the incoming mail stream before SA gets it. I realize this increases CPU processing of mail but hardware is dirt-cheap these days. Just a thought. Ted
Re: Should Spamhaus default to disabled?
On 6/12/2010 7:09 AM, Andy Dills wrote: On Sat, 12 Jun 2010, Yet Another Ninja wrote: On 2010-06-12 15:20, Andy Dills wrote: 300,000 queries per day...per server? per CIDR? What is the delimiter? Because there is certainly no single IP generating 300,000 queries per day. That is probably your problem... use a central DNS resolver and your query count will instantly decrease I bet you're querying from: 216.127.136.200 dns02.xecu.net 216.127.136.247 mail-out07.xecu.net 216.127.136.242 mail-out02.xecu.net 216.127.136.246 mail-out06.xecu.net 216.127.136.196 mg6.xecu.net 216.127.136.241 mail-out01.xecu.net 216.127.136.245 mail-out05.xecu.net 216.127.136.243 mail-out03.xecu.net 216.127.136.244 mail-out04.xecu.net Those and a few others. That's why I'm asking how the limits are designed. In the past I had problems a certain other blacklist wanting money. We were using a central resolver. Their thresholds were based on queries per IP, not network. Using a central resolver put us over their threshold. Distributing out to the individual servers put us under their threshold. I pointed out the silliness of this, as it actually increased overall traffic, but they weren't interested in my opinion, just my money. I would prefer to just rsync the data, resolve it locally and save everybody the hassle. But no, that costs even more! Because remember, this isn't about defraying costs (reasonable), this is about generating revenue (reasonable, but not for a default-enabled option in free software). Andy, grow up. While it would be great if every open source/free project out there had a sugar daddy, not all do. I can't speak for either this company you were snookering or for Spamhaus as to what their cash flow is but somebody is paying the bill for a machine, somewhere, in each of those orgs, and those orgs are doing the best they can to recoup their costs. I can't see as how the CEO of Spamhaus is making out like the CEO of your typical public company, so knock it off. There is nothing wrong with a for-profit organization running an open source division and making sales calls into users of the products of that division. This is a legitimate business model, one that IMHO gives far more value to the community than some company like Microsoft, which is almost 100% closed source, and has a long history of using code and standards developed by the free community when it suits their purpose. Microsoft used the BSD TCP/IP networking stack in their code and never contributed a spec of code back into the BSD community, nor have they contributed any usable code to any open source community except that which requires the users to use their products. Do you want all software producing organizations to be like that? You can simply politely tell the salesperson making the call that your not interested and be done with it. You might also consider that it costs Spamhaus money to pay the salary of that salesperson so they have an incentive NOT to contact users that they have a good idea won't buy their stuff. I really just wish the various policies of the pseudo-free blacklists were all well-documented, so that sites can evaluate how best to conform, or if not, how to disable queries. This is IMHO something that YOU could do, yourself, with a few hours of time. You could then contribute this documentation back to the SpamAssassin maintainers for inclusion into SA. But then again, if it's well documented, they don't get a chance to generate sales leads! Incorrect, actually it HELPS them, because ANY press at all, good or bad, is good advertising. This thread you started as a matter of fact is probably going to result in a few more sales to Spamhaus. I would guess this, Andy, if you sent the transcript of this thread to Xecunet, Inc.'s salesmanager, I would guess he or she would set you straight. Ted Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Re: Should Spamhaus default to disabled?
On Sat, 12 Jun 2010 18:30:08 -0700 Ted Mittelstaedt t...@ipinc.net wrote: I can't see as how the CEO of Spamhaus is making out like the CEO of your typical public company, so knock it off. There is nothing wrong with a for-profit organization running an open source division and making sales calls into users of the products of that division. It's the other way around. Spamhaus is a non-profit organisation run by volunteers. SpamTEQ is allowed to market Spamhaus's data and, in return, provides infrastructure to the Spamhaus project. Spamhaus is not an open-source division of a commercial company, or any kind of loss-leader marketing ploy.
