You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Dale's Stuff <st...@colony.net> on 2008/02/14 04:50:05 UTC
what are the criteria for being listed in sa-blacklist.current?
Hello,
Trying to figure out what the criteria is for getting a domain listed in
sa-blacklist.current, and more importantly how to be de-listed.
For some reason one of my domains has all of a sudden been listed in the
above listed db. Which is rather ironic since there are only 3 active
accounts at this domain. 1 used for a couple of mailing lists, 1 -
postmaster (inbound email only) and 1 domain contact address for domains
(also inbound only).
My server had a hardware failure and was down for 10 days, when it came
back up using the same IPs and mail server software the domain in
question is bow banned all over the internet!
I downloaded the latest release of SA tonight and do not see such a
named db, but the people that have responded to me have indicated that
this is somehow part of SA and that I need to come here to find out why
I have been listed in order to be removed.
I would like to see the evidence of any claimed spam or other
inappropriate emails that would cause this domain to be listed as a
banned server.
The only thing I can think of is that this domain was subscribed to an
apache hosted mailing list and of course during that time those messages
would have bounced. But that would seem to be a pretty lame reason to
add a domain to a global ban list.
---
Site xxxx.com (xxx.xxx.xxx.xxx) said in response to MAIL FROM (550
Banned from (user@colony.net) sa-blacklist.current)
---
Regards,
Dale
Re: what are the criteria for being listed in sa-blacklist.current?
Posted by Per Jessen <pe...@computer.org>.
Jeff Chan wrote:
> Quoting Per Jessen <pe...@computer.org>:
>> I don't use it, but it could very easily be turned into an rbldnsd
>> format list - I'm surprised nobody's done that yet. (assuming
>> there's some actual use for the list).
>
> sa-blacklist is the basis of ws.surbl.org:
>
> http://www.surbl.org/lists.html#ws
>
> sa-blacklist is deprecated. Use SURBLs instead.
Ah, there it is. I guess I should have known that :-)
It does make me wonder why the sa-blacklist config files are still being
published - I guess the whole thing is running on automatic, but maybe
Will Stearns pops into to check on it every other year?
/Per Jessen, Zürich
Re: what are the criteria for being listed in sa-blacklist.current?
Posted by Matt Kettler <mk...@verizon.net>.
Jeff Chan wrote:
> Quoting Per Jessen <pe...@computer.org>:
>
>> Matt Kettler wrote:
>>
>>>> For some reason one of my domains has all of a sudden been listed in
>>>> the above listed db. Which is rather ironic since there are only 3
>>>> active accounts at this domain. 1 used for a couple of mailing lists,
>>>> 1 - postmaster (inbound email only) and 1 domain contact address for
>>>> domains (also inbound only).
>>> This really shouldn't matter.. *NOBODY* should be using this list.
>>> It's too large and too hardware intensive, and too inaccurate to be
>>> useful.
>>
>> I don't use it, but it could very easily be turned into an rbldnsd
>> format list - I'm surprised nobody's done that yet. (assuming there's
>> some actual use for the list).
>
> sa-blacklist is the basis of ws.surbl.org:
>
> http://www.surbl.org/lists.html#ws
No it's not.. well, not really.. surbl's WS is based on
sa-blacklist-uri. That's got the same email stream as sa-blacklist, but
the information gathered is different.
>
> sa-blacklist is deprecated. Use SURBLs instead.
sa-blacklist has always been impractical by design ( it blacklists from
addresses, not URIs).
However, the OP's problem isn't that he's using sa-blacklist, it's that
someone he's trying to email is using it, and his domain is listed.
Re: what are the criteria for being listed in
sa-blacklist.current?
Posted by Jeff Chan <je...@surbl.org>.
Quoting Per Jessen <pe...@computer.org>:
> Matt Kettler wrote:
>
>>> For some reason one of my domains has all of a sudden been listed in
>>> the above listed db. Which is rather ironic since there are only 3
>>> active accounts at this domain. 1 used for a couple of mailing lists,
>>> 1 - postmaster (inbound email only) and 1 domain contact address for
>>> domains (also inbound only).
>> This really shouldn't matter.. *NOBODY* should be using this list.
>> It's too large and too hardware intensive, and too inaccurate to be
>> useful.
>
> I don't use it, but it could very easily be turned into an rbldnsd
> format list - I'm surprised nobody's done that yet. (assuming there's
> some actual use for the list).
sa-blacklist is the basis of ws.surbl.org:
http://www.surbl.org/lists.html#ws
sa-blacklist is deprecated. Use SURBLs instead.
Jeff C.
Re: what are the criteria for being listed in sa-blacklist.current?
Posted by Matt Kettler <mk...@verizon.net>.
Jeff Chan wrote:
> Also, the sa-blacklist inclusion policy is at:
>
> http://www.stearns.org/sa-blacklist/README.policy
Yes. It's unfortunate that many that use sa-blacklist fail to read this
policy carefully.
Many folks seem to mis-read:
---------------
In short, I want this list to be a list of domains, hosts, and
IP addresses used exclusively by companies that spam.
---------------
Note that's not "companies that exclusively spam". If Will's gotten UBE
(and possibly just UE, no bulk required) of any sort from your domain,
you're listed. However, it would appear he's at least got some
anti-joejob code, which is good, but it does sound a lot like a spamtrap
could be an exclusive justification. (ie: it came to my spamtrap,
therefore by definition it's unsolicited).
A casual inspection of the list reveals several large companies that
have email newseltters. It's UBE, it got to his spamtrap, it's listed.
ie: experian is listed. Even URIBL.com has it in a whitelist, and I
presume SURBL does too. Too many FP's there, but not for the raw feed :)
Re: what are the criteria for being listed in
sa-blacklist.current?
Posted by Jeff Chan <je...@surbl.org>.
Also, the sa-blacklist inclusion policy is at:
http://www.stearns.org/sa-blacklist/README.policy
Jeff C.
Re: what are the criteria for being listed in sa-blacklist.current?
Posted by Per Jessen <pe...@computer.org>.
Matt Kettler wrote:
>> For some reason one of my domains has all of a sudden been listed in
>> the above listed db. Which is rather ironic since there are only 3
>> active accounts at this domain. 1 used for a couple of mailing lists,
>> 1 - postmaster (inbound email only) and 1 domain contact address for
>> domains (also inbound only).
> This really shouldn't matter.. *NOBODY* should be using this list.
> It's too large and too hardware intensive, and too inaccurate to be
> useful.
I don't use it, but it could very easily be turned into an rbldnsd
format list - I'm surprised nobody's done that yet. (assuming there's
some actual use for the list).
/Per Jessen, Zürich
Re: what are the criteria for being listed in sa-blacklist.current?
Posted by Matt Kettler <mk...@verizon.net>.
mouss wrote:
> Matt Kettler wrote:
>> Dale's Stuff wrote:
>>> Hello,
>>>
>>> Trying to figure out what the criteria is for getting a domain
>>> listed in sa-blacklist.current, and more importantly how to be
>>> de-listed.
>> List: AFAIK, you only need to be the From: address on spam sent to
>> one of Will Stern's spamtrap.
>
> isn't this a bit risky? exceptionally if the address shown at bottom
> of www.stearns.org is used as a trap...
Well, yes, but isn't blacklisting From: addresses a bit risky in the
first place? That's what this file does. You are, by designed,
guaranteed to have a large number of joe-jobbed addresses in it. Not to
mention low efficacy because spammers rotate addresses they are
joe-jobbing from quite rapidly.
>> [snip]
>>>
>>> ---
>>> Site xxxx.com (xxx.xxx.xxx.xxx) said in response to MAIL FROM (550
>>> Banned from (user@colony.net) sa-blacklist.current)
>>> ---
>> Wow, someone is actually running that file... what a nice
>> self-inflicted DOS.
>
> I guess it could be used as an access table on the MTA, which thanks
> to hashing or the like, shouldn't be too expensive.
Heh.. it's a *LOT* of addresses.. hashing will help, but even without
considering its immense size, the datastream itself isn't useful for
spam filtering. Really, this file is only interesting as a research tool
IMO.
>
>
>
Re: what are the criteria for being listed in sa-blacklist.current?
Posted by mouss <mo...@netoyen.net>.
Matt Kettler wrote:
> Dale's Stuff wrote:
>> Hello,
>>
>> Trying to figure out what the criteria is for getting a domain listed
>> in sa-blacklist.current, and more importantly how to be de-listed.
> List: AFAIK, you only need to be the From: address on spam sent to one
> of Will Stern's spamtrap.
isn't this a bit risky? exceptionally if the address shown at bottom of
www.stearns.org is used as a trap...
> [snip]
>>
>> ---
>> Site xxxx.com (xxx.xxx.xxx.xxx) said in response to MAIL FROM (550
>> Banned from (user@colony.net) sa-blacklist.current)
>> ---
> Wow, someone is actually running that file... what a nice
> self-inflicted DOS.
I guess it could be used as an access table on the MTA, which thanks to
hashing or the like, shouldn't be too expensive.
Re: what are the criteria for being listed in sa-blacklist.current?
Posted by Matt Kettler <mk...@verizon.net>.
Dale's Stuff wrote:
> Hello,
>
> Trying to figure out what the criteria is for getting a domain listed
> in sa-blacklist.current, and more importantly how to be de-listed.
List: AFAIK, you only need to be the From: address on spam sent to one
of Will Stern's spamtrap.
Delist: Contact Will Sterns.
>
> For some reason one of my domains has all of a sudden been listed in
> the above listed db. Which is rather ironic since there are only 3
> active accounts at this domain. 1 used for a couple of mailing lists,
> 1 - postmaster (inbound email only) and 1 domain contact address for
> domains (also inbound only).
This really shouldn't matter.. *NOBODY* should be using this list. It's
too large and too hardware intensive, and too inaccurate to be useful.
As far as I know, sa-blacklist is only useful as a research project.
>
> My server had a hardware failure and was down for 10 days, when it
> came back up using the same IPs and mail server software the domain in
> question is bow banned all over the internet!
>
> I downloaded the latest release of SA tonight and do not see such a
> named db, but the people that have responded to me have indicated that
> this is somehow part of SA and that I need to come here to find out
> why I have been listed in order to be removed.
>
> I would like to see the evidence of any claimed spam or other
> inappropriate emails that would cause this domain to be listed as a
> banned server.
>
> The only thing I can think of is that this domain was subscribed to an
> apache hosted mailing list and of course during that time those
> messages would have bounced. But that would seem to be a pretty lame
> reason to add a domain to a global ban list.
AFAIK, sa-blacklist is highly automated.
>
> ---
> Site xxxx.com (xxx.xxx.xxx.xxx) said in response to MAIL FROM (550
> Banned from (user@colony.net) sa-blacklist.current)
> ---
Wow, someone is actually running that file... what a nice self-inflicted
DOS.
Re: what are the criteria for being listed in
sa-blacklist.current?
Posted by SM <sm...@resistor.net>.
Hello,
At 19:50 13-02-2008, Dale's Stuff wrote:
>I would like to see the evidence of any claimed spam or other
>inappropriate emails that would cause this domain to be listed as a
>banned server.
The domain is listed in a few blacklists. You'll have to contact
them for evidence.
Regards,
-sm