Hi Bonno tin.it is one of Italians largest ISP's and the (not new) problem is that many blacklists does catch a RELATIVE high number of spam messages COMPARED to the number of legit messages simply because the traps measuring this traffic are located elsewhere then Italy or Europe. There are certainly spam messages delivered trough this tin-servers (I believe vsmtp21 is one of around at least 64 machines in this cluster) but from what I can see on my servers (located in the north of Italy and processing mostly central-european traffic) there are less then 1% of spam messages comming from tin-servers. I've had this problem already around 5 years ago and solved it in declude by assigning a relative low weight for all IP4R-tests and then use a text filter with COUNTRY END and TESTSFAILED statements. Markus
_____ From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf Of Bonno Bloksma Sent: Thursday, April 19, 2007 1:02 PM To: Message Sniffer Community Subject: [sniffer] Fw: lot's of legit mailservsr in spamdatabases Hi, I just posted this in the Declude.Junkmail list: ----------<quote>-------------------- How do you guys deal with it, LOTS of legit mailservers are listed in what used to be reliable spamsender databases. X-RBL-Warning: SPAMBAG: 109.176.216.212.blacklist.spambag.org. X-RBL-Warning: SPAMCANNIBAL: "blocked, See: http://www.spamcannibal.org/cannibal.cgi?page=lookup <http://www.spamcannibal.org/cannibal.cgi?page=lookup&lookup=212.216.176.109 > &lookup=212.216.176.109" X-RBL-Warning: UCEPROTECT-1: "Sorry 212.216.176.109 is Level 1 listed at UCEPROTECT-NETWORK. See http://www.uceprotect.net/rblcheck.php?ipr=212.216.176.109" X-RBL-Warning: UCEPROTECT-2: "Sorry 212.216.176.109 is Level 2 listed at UCEPROTECT-NETWORK. See http://www.uceprotect.net/rblcheck.php?ipr=212.216.176.109" But 212.216.176.109 is a normal mailserver vsmtp21.tin.it and is trying to deliver mail from a "customer" to us. Have spammers won this race, can we no longer trust these databases? Is there a ip list with "all" legitimate mailservers for most ISP that I can use to reduce points? For the hotmail mailservers it was easy to reduce the points, it's a lot harder to do for all the other "real" mailservers. ----------<quote>-------------------- Pete, Is this something the new Sniffer can help us with, identifying legit mailservers? Will hits have a separate exit code we can use to identify legit mailservers and reduce points accumulated in Declude via other tests and have the mail go through? Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] / <http://www.tio.nl> www.tio.nl