You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Eric Frazier <er...@dmcontact.com> on 2004/06/30 22:42:16 UTC

Re: perl 5.8 safe signals and broken pipes in apache - now mod_perl blacklisted

Hi,

Who ever is admining your mail server might want to look into using a 
*responsible* list. Spews routinely causes horror for many innocents, 
sometimes blocking whole datacenters over one account.

Almost any other list is an improvement, I have noticed many lists follow 
along behind http://www.spamhaus.org/ for example, and they have reasonable 
people you can talk to. It is MUCH more likely you will fix the problem by 
getting your admin to change his blacklist choice than that you will be 
able to get the mod_perl list off the spews listing. They will only rinse 
and repeat, "Get rid of the spammer, or move your ISP"

Yes, folks, it is that bad these days. spam means unsolicited email, but 
also it means lots of people don't get their legitimate email. I frankly 
think the whole thing is a nightmare with no end in sight..



Thanks,

Eric


At 01:10 PM 6/30/2004, Jim Albert wrote:
>Stas Bekman wrote:
>
>>Eric Frazier wrote:
>>Jim, Eric, so can you please put this thread together into one doc piece 
>>that can be added to the docs?
>
>I had just noticed that I received none of the mod_perl mailings in the 
>past 10 days or so.  Looks like the mod_perl list mail server is on a spam 
>blacklist.
>
>relay=hermes.apache.org [209.237.227.199]
>Rejected from 209.237.227.199 - see http://spews.org/bounce.html
>
>I understand spews is one of the more aggressive blacklists, but perhaps 
>one the list admins should look into getting this IP out of spews?
>
>--
>Jim Albert
>
>
>
>--
>Report problems: http://perl.apache.org/bugs/
>Mail list info: http://perl.apache.org/maillist/modperl.html
>List etiquette: http://perl.apache.org/maillist/email-etiquette.html


-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

[OT] Re: perl 5.8 safe signals and broken pipes in apache - now mod_perl blacklisted

Posted by Lupe Christoph <lu...@lupe-christoph.de>.
On Wednesday, 2004-06-30 at 13:42:16 -0700, Eric Frazier wrote:

> Who ever is admining your mail server might want to look into using a 
> *responsible* list. Spews routinely causes horror for many innocents, 
> sometimes blocking whole datacenters over one account.

For this partivular case, please read
  http://spews.org/ask.cgi?S3056

> Almost any other list is an improvement, I have noticed many lists follow 
> along behind http://www.spamhaus.org/ for example, and they have reasonable 
> people you can talk to. It is MUCH more likely you will fix the problem by 
> getting your admin to change his blacklist choice than that you will be 
> able to get the mod_perl list off the spews listing. They will only rinse 
> and repeat, "Get rid of the spammer, or move your ISP"

> Yes, folks, it is that bad these days. spam means unsolicited email, but 
> also it means lots of people don't get their legitimate email. I frankly 
> think the whole thing is a nightmare with no end in sight..

Off-topic (I'm only using perl for this, not mod_perl ;-) )

Since last weekend, I'm collecting RBL hits and misses for spam and ham.
Spews is definitely a bad idea. It blocks hermes.apache.org even at
level 1.

I have written a Perl program that tries to find the "best" RBLs. It
eliminates all RBLs that hit servers delivering ham. Then it lets me
manually insert RBLs, then it selects by effectiveness. I manually set
Chian/Korea blocking and blocking of dynamically assigned addresses.

Without manually set RBLs, the hitlist is this:

cbl.abuseat.org dynablock.njabl.org no-more-funn.moensted.dk
bl.spamcop.net dnsbl-2.uceprotect.net list.dsbl.org spam.dnsbl.sorbs.net
cn-kr.blackholes.us multihop.dsbl.org psbl.surriel.com sbl.spamhaus.org
dul.dnsbl.sorbs.net dnsbl-3.uceprotect.net ipwhois.rfc-ignorant.org
mail-abuse.blacklist.jippg.org

cbl.abuseat.org dynablock.njabl.org no-more-funn.moensted.dk
bl.spamcop.net catch 90% of the spamming adresses. uceprotect and
rfc-ignorant are too dangerous and will probably eliminated by the
false-positive checker in a while.

I have 18 IP addresses that sent Spam and were not blocked by any list,
even the most aggressive ones. 27 addresses were only recognized by
aggressive lists, 264 are recognized by the above list of RBLs.

Here are the overly aggressive RBLs:

blackholes.five-ten-sg.com
block.blars.org
l1.spews.dnsbl.sorbs.net
l2.spews.dnsbl.sorbs.net
spews.blackholes.us
dnsbl.jammconsulting.com

Whoever read this far and is still interested - mail me if you want the
code.

HTH,
Lupe Christoph
-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html