You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Gary W. Smith" <ga...@primeexalia.com> on 2006/11/07 06:12:55 UTC
mail bounce warning for the list
Was the SA group listed by spamcop last month? I just now received this
for messages from October 26th.
<ga...@primeexalia.com>:
209.209.82.24 does not like recipient.
Remote host said: 554 5.7.1 Service unavailable; Client host
[140.211.11.2] blocked using bl.spamcop.net; Blocked - see
http://www.spamcop.net/bl.shtml?140.211.11.2
Giving up on 209.209.82.24.
Gary Wayne Smith
Re: mail bounce warning for the list
Posted by Ken A <ka...@pacific.net>.
Mike Kenny wrote:
> On 11/7/06, Derek Harding <de...@innovyx.com> wrote:
>>
>> Gary W. Smith wrote:
>> >
>> > Was the SA group listed by spamcop last month? I just now received
>> > this for messages from October 26th.
>> >
>>
>> Who cares?
>>
>> > <ga...@primeexalia.com>:
>> >
>> > 209.209.82.24 does not like recipient.
>> >
>> > Remote host said: 554 5.7.1 Service unavailable; Client host
>> > [140.211.11.2] blocked using bl.spamcop.net; Blocked - see
>> > _http://www.spamcop.net/bl.shtml?140.211.11.2_
>> >
>> > Giving up on 209.209.82.24.
>> >
>> > Gary Wayne Smith
>> >
>> Anyone dumb enough to block outright on the spamcop BL deserves whatever
>> they don't get.
>>
>> Derek
>>
>> Is this not part of the problem? That many of these people who 'deserve
> whatever they don't get' are operating under the mistaken belief that these
> spam vigilantes are protecting them from spam and allowing legitimate mail
> through? We can enter into a pointless argument about whether this is
> due to
> the stupidity of their administrators or the arrogance of the knowldgeable
> administrators, but the fact is that this is happening. This is
> evidenced by
> the number of complaints from people claiming either not to have received
> legitimate email or to have it bounced by spamcop or some such site.
>
> Blocking mail base soley on the IP address (whether because it is a dynamic
> address or has at some time in the past sent a mail to a spamtrap) is akin
> to shooting the postman because yesterday you received an advertisement.
Do you accept mail from bogon addresses? What if you received 1000
messages a day from a single IP in china and senderbase said it was the
single worst spammer in the universe. Would you block it or waste cpu
cycles scanning every bit of mail coming from it? What about IPs on the
SBL spamhaus list? What if the IP was on SBL AND spamcop's list? Does
that sound like a high enough 'score' to you? What if it's on 3 rbls and
you can reject it rather than accept and scan it with SA?
> The only way to kill spam is to inspect the mail using a tool such as SA
> and
> then reach an intelligent decision based on the results (the interpretation
> of the results will vary from site to site). Blocking IP addresses will not
> kill spam, it kills the mail system.The spammer will move to anotehr IP,
> the
> poor innocent user doesn't know what to do and either accepts that his mail
> may not reach all recipients or reverts to licking stamps.
NO system is perfect. Your system may be a grey haired old man. You can
line up 150 grey haired old men if you like, but it's still spam they
are supposed to stop. The important thing is accuracy and what FPs you
can live with, not the method you use. You will have some FPs with any
system that is designed to stop spam if it's any good. Yes, that is a
contradiction, and that's the balance any sysadmin has to find.
Ken A
Pacific.Net
> mike
>
Re: mail bounce warning for the list
Posted by MennovB <mv...@xs4all.nl>.
Jim Maul wrote:
>
> I think pretty much everyone understand WHY people use these BLs. This
> is not the point. The point is, its not a very good solution.
>
Why I have to use RBL's at the MTA level is because many providers still
allow direct SMTP.
So all the botnets can send their garbage around freely, forcing the use of
the providers mail-server stops that. Probably new bots will be made that
find out the right mail-server but then the provider can detect the spamming
machine easily. If you don't want the provider to read your mail you could
encrypt it.
I know, this has been discussed here many times, some have problems with
this but I haven't seen any unsolvable ones yet..
Regards
Menno van Bennekom
--
View this message in context: http://www.nabble.com/mail-bounce-warning-for-the-list-tf2586834.html#a7260091
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: mail bounce warning for the list
Posted by Jim Maul <jm...@elih.org>.
Mike Kenny wrote:
> On 11/9/06, *Jim Maul* <jmaul@elih.org <ma...@elih.org>> wrote:
>
>
> I think pretty much everyone understand WHY people use these BLs. This
> is not the point. The point is, its not a very good solution.
>
>
> Is it even a solution? I guess that depends o nwhat the problem is. If
> the problem is the volume of mail passing through the servers then I
> suppose it is. The ultimate extrapolation of this is that in a perfect
> world no mail would be allowed to pass through so that we can continue
> to run our servers on 286s!
>
To me, a solution that in turn creates problems of it own, is not a
solution at all. It only shifts the problem elsewhere. Apparently,
thats good enough for many people out there.
> Maybe I'm being naive but I thought the objectives were not to make live
> easier for the mail administrator (though that would be nice) but to
> ensure that the people who actually run the business (accountants, sales
> staff, support engineers, CEOs, etc.) receive all relevant mail that is
> sent to them and don't have to waste inordinate amounts of time wading
> through spam. I see the first of these as being of signifcantly more
> importance than the second.
>
Exactly my point. Users want 2 (at least!) things with email:
1. They want to receive all legitimate mail
2. They dont want spam
1. is extremely important and should NOT be compromised in any way by 2.
For example, to say that theres a trade off in that solving (2) in
any way affects (1) is just wrong. There should be no trade off. I'd
rather receive 1000 spams a day than miss 1 legit email and my boss agrees.
> Blocking on content achieves the second of these, sorry if it now
> requires more car and attention to keep that server running. Blocking on
> the source IP address, purely because it may be dynamic or may have sent
> spam some time in the past makes the first objective virtually
> impossible to achieve.
>
> Unless the spam vigilante sends a notification to the intended recipient
> of every mail it has blocked so that they can check if this should have
> been the action taken. This sort of defeats the second objective.
>
> I am not against DNSBLs. What I would like to see is more honesty in how
> they should they used. They are a tool, not a solution. Their web pages
> should have a warning liek cigarette packs 'use of this service to block
> rather than score emails can cause blindness, madness and bubonic
> plague'. Too many of our users' destinations seem to be using these
> sites as though they are infallible.
>
And all the people who recommend the blocking of mail based on these
lists are doing everyone a disservice - especially to those who dont
realize that these lists are, in fact, not 100% accurate. False
positives WILL happen.
> Since it is the sender who is notified of the bounce, by our mail
> server, not the recipient (who unknowingly sanctioned it) the problem is
> placed at our doorstep to resolve.
>
> mike
>
And i solve this problem by tagging the subject and passing the mail on
to the users mailbox. If they want to create a rule in their outlook or
whatever to send these tagged mails to the trash then that is THEIR
decision and if a legit message ends up in their trash they have no one
to blame but themselves. I clearly explain this to them when they ask
me to create the rule for them. I also suggest they browse through
their deleted items occasionally and check for false positives. If i
rejected their mail at the mta, there would be no notification that any
message even attempted to be delivered to them and they would have no
idea that there was even a problem. I guess some people are ok with
this, but I am not one of them.
-Jim
Re: mail bounce warning for the list
Posted by Mike Kenny <in...@gmail.com>.
On 11/9/06, Jim Maul <jm...@elih.org> wrote:
>
>
> I think pretty much everyone understand WHY people use these BLs. This
> is not the point. The point is, its not a very good solution.
Is it even a solution? I guess that depends o nwhat the problem is. If the
problem is the volume of mail passing through the servers then I suppose it
is. The ultimate extrapolation of this is that in a perfect world no mail
would be allowed to pass through so that we can continue to run our servers
on 286s!
Maybe I'm being naive but I thought the objectives were not to make live
easier for the mail administrator (though that would be nice) but to ensure
that the people who actually run the business (accountants, sales staff,
support engineers, CEOs, etc.) receive all relevant mail that is sent to
them and don't have to waste inordinate amounts of time wading through spam.
I see the first of these as being of signifcantly more importance than the
second.
Blocking on content achieves the second of these, sorry if it now requires
more car and attention to keep that server running. Blocking on the source
IP address, purely because it may be dynamic or may have sent spam some time
in the past makes the first objective virtually impossible to achieve.
Unless the spam vigilante sends a notification to the intended recipient of
every mail it has blocked so that they can check if this should have been
the action taken. This sort of defeats the second objective.
I am not against DNSBLs. What I would like to see is more honesty in how
they should they used. They are a tool, not a solution. Their web pages
should have a warning liek cigarette packs 'use of this service to block
rather than score emails can cause blindness, madness and bubonic plague'.
Too many of our users' destinations seem to be using these sites as though
they are infallible.
Since it is the sender who is notified of the bounce, by our mail server,
not the recipient (who unknowingly sanctioned it) the problem is placed at
our doorstep to resolve.
mike
Re: mail bounce warning for the list
Posted by Charlie Clark <ch...@begeistert.org>.
Am 09.11.2006 um 15:40 schrieb Jim Maul:
>
> I think pretty much everyone understand WHY people use these BLs.
> This is not the point. The point is, its not a very good solution.
>
> If you have 100gb of data you need to back up every day and you
> only have 50gb worth of tapes to back that data up onto, would you
> only back up half of it and trust that your hardware wont fail?
> This is essentially what you are doing.
>
> The CORRECT solution to the problem is to buy more tapes. Just
> like a better solution to your problem is to buy more machines to
> process the mail, not trust someone else to tell you who should and
> shouldnt be able to send mail to your server. FPs WILL happen. If
> you havent seen any yet, great, but be damn sure you will at some
> point.
>
> I understand that this can get incredibly expensive and this is
> most likely why people use BLs at all, but that does *not* mean
> that rejecting mail based on these lists is by any means the
> solution to the problem.
Recently was a victim of being on a blacklist for two different
German ISPs (eplus.de and hansenet.de)! This was particularly ironic
because I connect to one mail server via SSL but it was rejecting my
connection because my IP was blacklisted! So we had to implement a
whitelist on top of the blacklist and then remove the line in the e-
mail with my actual IP address so that the mail doesn't subsequently
get blacklisted! And I'm sure any spammer worth their salt knows how
to do exactly the same.
Spam coming from botnets, etc. needs to dealt with by the ISPs. In
Germany the law is now that you are liable for abuse carried out on
your network, ie. someone hacks your box or more likely WLAN then you
are still liable.
Charlie
--
Charlie Clark
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-938-5360
GSM: +49-178-782-6226
Re: mail bounce warning for the list
Posted by Jim Maul <jm...@elih.org>.
D.J. wrote:
> Blocking mail base soley on the IP address (whether because it is a
> dynamic address or has at some time in the past sent a mail to a
> spamtrap) is akin to shooting the postman because yesterday you
> received an advertisement.
>
>
> You obviously don't handle a lot of mail volume. If I had to scan every
> SMTP request that came in, and did not use the to DNSBL's I use (neither
> are SpamCop) I would need WAY more powerful hardware than I currently
> have, and I don't have chump hardware as it is. As it stands, using
> qmail + spamassassin + clamav on three load balanced Dual Xeon 2.8 GHZ
> machines with 2GB of RAM handles the flow with an average 5 minute load
> average of around 3-4. And that's with the BL's enabled. Think of if I
> had to actually process the other million or so messages (NOT an
> exaggeration) that attempt to hit my servers...
>
> As someone has probably already pointed out... admins use these lists
> because they trust their accuracy. If they receive too many complaints
> (as we did with a particular DNSBL) you stop blocking on that list and
> move to only scoring.
>
I think pretty much everyone understand WHY people use these BLs. This
is not the point. The point is, its not a very good solution.
If you have 100gb of data you need to back up every day and you only
have 50gb worth of tapes to back that data up onto, would you only back
up half of it and trust that your hardware wont fail? This is
essentially what you are doing.
The CORRECT solution to the problem is to buy more tapes. Just like a
better solution to your problem is to buy more machines to process the
mail, not trust someone else to tell you who should and shouldnt be able
to send mail to your server. FPs WILL happen. If you havent seen any
yet, great, but be damn sure you will at some point.
I understand that this can get incredibly expensive and this is most
likely why people use BLs at all, but that does *not* mean that
rejecting mail based on these lists is by any means the solution to the
problem.
Re: mail bounce warning for the list
Posted by "D.J." <da...@gmail.com>.
>
> Blocking mail base soley on the IP address (whether because it is a
> dynamic address or has at some time in the past sent a mail to a spamtrap)
> is akin to shooting the postman because yesterday you received an
> advertisement.
You obviously don't handle a lot of mail volume. If I had to scan every
SMTP request that came in, and did not use the to DNSBL's I use (neither are
SpamCop) I would need WAY more powerful hardware than I currently have, and
I don't have chump hardware as it is. As it stands, using qmail +
spamassassin + clamav on three load balanced Dual Xeon 2.8 GHZ machines with
2GB of RAM handles the flow with an average 5 minute load average of around
3-4. And that's with the BL's enabled. Think of if I had to actually
process the other million or so messages (NOT an exaggeration) that attempt
to hit my servers...
As someone has probably already pointed out... admins use these lists
because they trust their accuracy. If they receive too many complaints (as
we did with a particular DNSBL) you stop blocking on that list and move to
only scoring.
The only way to kill spam is to inspect the mail using a tool such as SA and
> then reach an intelligent decision based on the results (the interpretation
> of the results will vary from site to site). Blocking IP addresses will not
> kill spam, it kills the mail system.The spammer will move to anotehr IP,
> the poor innocent user doesn't know what to do and either accepts that his
> mail may not reach all recipients or reverts to licking stamps.
On the contrary, it *SAVES* my mail system. As for "poor innocent user", if
he's using his ISP's mail servers, he's very likely in good shape. I've not
had even one complaint of a *legitimate* mail server being blocked by the
DNSBL's I use. I think probably 95% of spam at this point is being spewed
out through botnets and slimy rackhosting that the rest of what's hosted
there needs blocked anyway.
Re: mail bounce warning for the list
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Rose, Bobby wrote:
> I believe the correct process here is that the moderators of the SA
> listserver investigate why the listserver got listed on Spamcop. If it
> is a case where there are addresses to spamtraps in the list, then maybe
> the list needs to send out opt-in verification messages to weed them out.
Note that most of the mail sent from the ASF goes through hermes, not
just list mail or SA list mail. I'd be a little surprised to find that
one of the mailling lists are subscribed to one of Spamcop's spamtraps.
It's far more likely that there are a number of people with @apache.org
addresses, that are also Spamcop subscribers, who are reporting mail
forwarded from their @apache.org address as spam. Since the mail to
their @apache.org account is forwarded from hermes Spamcop lists hermes.
I have no idea exactly how many people have to report a host (via
reporting a spam message) to Spamcop, without the same host hitting a
trap, to get a host listed but I wouldn't be surprised at all if there
are indeed enough Spamcop users with @apache.org addresses to make it
happen.
The only thing I know for sure is that the _only_ spam I have ever
received from hermes (and I receive quite a bit of spam from hermes) has
been addresses to my @apache.org account and is just being forwarded to me.
Daryl
RE: mail bounce warning for the list
Posted by MennovB <mv...@xs4all.nl>.
Chris Santerre wrote:
>
> This isn't the best idea for a large ISP, but for companies I see no
> problem
> rejecting on RBLs when you have a trained administrator.
>
I agree! Not that I use spamcop as a blacklist, maybe it's better now but
I've seen them blocking mailservers from aol, hotmail and the like so I only
give it a score in SA.
But I'm very happy with the lists I do use for blocking in Postfix, it saves
my mailservers a lot of work.
Dynablock.njabl.org and dul.dnsbl.sorbs.net are used to block dynamic and
dialup lines.
I know there are also some non-dynamic addresses in those lists, but I don't
mind as long as the providers mail-servers (like smtp.provider.com) are not
blocked. In the last 4 years I only had to white-list 10 addresses.
An other block-list I use is cbl.abuse.org, AFAIK there hasn't been one
false positive yet.
The last blocking lists are my own ones, during the years I collected
spam-networks and ip-segments of countries (KR, CN etc) in a file with about
2000 ip-segments and domain-names (pool/broadband/dsl.provider.com etc).
Also machines with viruses are put into this file.
In the error message I typed the hint to use 'smtp.provider.com' if they
want to send me some real mail.
At the spamcop site 'statistics' page you can see the segments with the most
spam, they match nicely with my maillogs.
I know my server would be in big trouble if I wouldn't use these blocking
methods, no way it would be able to keep up..
Regards
Menno van Bennekom
--
View this message in context: http://www.nabble.com/mail-bounce-warning-for-the-list-tf2586834.html#a7258640
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: mail bounce warning for the list
Posted by Jim Maul <jm...@elih.org>.
Rose, Bobby wrote:
> So what you're saying is that the rule that people running listservers
> should maintain valid recipients who want to receive messages from the
> list shouldn't be followed just because it's a list about an antispam
> product? The last time I checked, the most common reason for spamcop
> lists is due to messages being sent to their spam traps. What's the
> point of even having rules in SA for spamcop and other DNSBLs if you
> don't have a certain level of trust in them. SA is more resource
> intensive that an MTA block which is why so many still use it. I know
> that over 20k a day trip the SORBs DUL rule here and around 10k trip
> spamhaus. You can pretty much bet it's all spam so I can understand why
> people would rather use those lists at their MTAs based on their
> observations of the mail flow for their domains.
>
You can block millions or billions or however many spams you want with
this method, but the second you block one legit piece of mail and your
boss doesnt get it, its your ass. People can do whatever they like with
their servers, but blocking mail at the MTA using blacklists is A BAD
IDEA, PERIOD. I realize it may be necessary for some setups that
actually receive thousands or millions of messages a day, but that
doesnt make it any better of an idea.
Also, show me a boss that gives a crap that the reason the message to
him/her was blocked was because the senders mail server is listed in
some BL somewhere and i'll be really impressed. Most dont want to know
and mainly dont care WHY it happened..they just know that the server you
set up blocked a legit message and if your lucky they wont be too pissed
off. Good luck. I'd rather not introduce that headache into my work life.
> There have been messages posted to this list that can have very positive
> SA scores simply due to the content. So based of that, I guess everyone
> should whitelist users@spamassassin.apache.org
> <ma...@spamassassin.apache.org> and spammers reading the list can
> just turn around and use that as their return address because then the
> argument could be made that anyone who doesn't deserves not to get mail
> from the SA lists.
>
There are reasons that other whitelist methods exist that arent as
easily forged but im sure you already know that. This argument is
pretty lame at best.
> I believe the correct process here is that the moderators of the SA
> listserver investigate why the listserver got listed on Spamcop. If it
> is a case where there are addresses to spamtraps in the list, then maybe
> the list needs to send out opt-in verification messages to weed them out.
>
Again, who knows..who cares? Legit systems get listed in BL's all the
time. It really doesnt seem to matter how hard one tries to prevent
this from happening as many lists have many different listing criteria.
Would you like to volunteer your time to get legit servers delisted
from all BLs? Thats mighty nice of you...
As someone else said before, stop blocking mail outright based on these
lists and use them for scoring instead and be done with it.
-Jim
Re: R: mail bounce warning for the list
Posted by Graham Murray <gr...@gmurray.org.uk>.
"Giampaolo Tomassoni" <g....@libero.it> writes:
>> From: Rose, Bobby [mailto:brose@med.wayne.edu]
>> The last time I checked, the most common reason for spamcop lists is due to messages being sent
>> to their spam traps.
>
> Which means they registered to the list: this list mandates a double opt-in to register...
But if someone maliciously attempted to subscribe a spam trap address
to a list, would the opt-in confirmation email not be sent to the spam
trap and therefore potentially trigger the trap's anti-spam action?
R: mail bounce warning for the list
Posted by Giampaolo Tomassoni <g....@libero.it>.
> From: Rose, Bobby [mailto:brose@med.wayne.edu]
> So what you're saying is that the rule that people running listservers should maintain valid
> recipients who want to receive messages from the list shouldn't be followed just because it's
> a list about an antispam product?
I would say, just because it's a list. Most listservers sends a fake 'envelope from' email address, but hitting the reply button works.
> The last time I checked, the most common reason for spamcop lists is due to messages being sent
> to their spam traps.
Which means they registered to the list: this list mandates a double opt-in to register...
> What's the point of even having rules in SA for spamcop and other DNSBLs if you don't have a
> certain level of trust in them.
Not all the DNSBLs score the same in SA. Also, they, after all, just "score" something. SA wants and needs much more to drop something on the spam folder.
> SA is more resource intensive that an MTA block which is why so many still use it.
Then, so many are going to trade a safe approach to spam with system requirements. After all, it's their decision about it.
> I know that over 20k a day trip the SORBs DUL rule here and around 10k trip spamhaus.
> You can pretty much bet it's all spam so I can understand why people would rather use those lists
> at their MTAs based on their observations of the mail flow for their domains.
Wrong. A system of mine is listed as dynamic not being it at all. People relying only on DNSBLs tests to classify incomings would shurely miss messages from that system. Oh, by the way: it never sent spam out...
> There have been messages posted to this list that can have very positive SA scores simply due
> to the content. So based of that, I guess everyone should whitelist users@spamassassin.apache.org
> and spammers reading the list can just turn around and use that as their return address because
> then the argument could be made that anyone who doesn't deserves not to get mail from the SA lists.
I had few [Spam?]-tagged messages from this list and no FP.
> I believe the correct process here is that the moderators of the SA listserver investigate why
> the listserver got listed on Spamcop.
Right. This is something I would do, too.
> If it is a case where there are addresses to spamtraps in the list, then maybe the list needs
> to send out opt-in verification messages to weed them out.
Or even remove these addresses at once, if they are spamtraps.
But I would like to know how a spamtrap address got entered into this list: it needs a double opt-in. Isn't that the person who setup the spamtrap just registered to the list itself and then "forgot" to remove from it?
> -=B
Giampaolo
From: Mike Kenny [mailto:inzanix@gmail.com]
Sent: Tuesday, November 07, 2006 3:15 AM
To: users@spamassassin.apache.org
Subject: Re: mail bounce warning for the list
On 11/7/06, Derek Harding <de...@innovyx.com> wrote:
Gary W. Smith wrote:
>
> Was the SA group listed by spamcop last month? I just now received
> this for messages from October 26th.
>
Who cares?
> < gary@primeexalia.com>:
>
> MailScanner warning: numerical links are often malicious: 209.209.82.24 does not like recipient.
>
> Remote host said: 554 5.7.1 Service unavailable; Client host
> [MailScanner warning: numerical links are often malicious: 140.211.11.2] blocked using bl.spamcop.net; Blocked - see
> _http://www.spamcop.net/bl.shtml?140.211.11.2_
>
> Giving up on MailScanner warning: numerical links are often malicious: 209.209.82.24 .
>
> Gary Wayne Smith
>
Anyone dumb enough to block outright on the spamcop BL deserves whatever
they don't get.
Derek
Is this not part of the problem? That many of these people who 'deserve whatever they don't get' are operating under the mistaken belief that these spam vigilantes are protecting them from spam and allowing legitimate mail through? We can enter into a pointless argument about whether this is due to the stupidity of their administrators or the arrogance of the knowldgeable administrators, but the fact is that this is happening. This is evidenced by the number of complaints from people claiming either not to have received legitimate email or to have it bounced by spamcop or some such site.
Blocking mail base soley on the IP address (whether because it is a dynamic address or has at some time in the past sent a mail to a spamtrap) is akin to shooting the postman because yesterday you received an advertisement.
The only way to kill spam is to inspect the mail using a tool such as SA and then reach an intelligent decision based on the results (the interpretation of the results will vary from site to site). Blocking IP addresses will not kill spam, it kills the mail system.The spammer will move to anotehr IP, the poor innocent user doesn't know what to do and either accepts that his mail may not reach all recipients or reverts to licking stamps.
mike
RE: mail bounce warning for the list
Posted by "Rose, Bobby" <br...@med.wayne.edu>.
So what you're saying is that the rule that people running listservers
should maintain valid recipients who want to receive messages from the
list shouldn't be followed just because it's a list about an antispam
product? The last time I checked, the most common reason for spamcop
lists is due to messages being sent to their spam traps. What's the
point of even having rules in SA for spamcop and other DNSBLs if you
don't have a certain level of trust in them. SA is more resource
intensive that an MTA block which is why so many still use it. I know
that over 20k a day trip the SORBs DUL rule here and around 10k trip
spamhaus. You can pretty much bet it's all spam so I can understand why
people would rather use those lists at their MTAs based on their
observations of the mail flow for their domains.
There have been messages posted to this list that can have very positive
SA scores simply due to the content. So based of that, I guess everyone
should whitelist users@spamassassin.apache.org and spammers reading the
list can just turn around and use that as their return address because
then the argument could be made that anyone who doesn't deserves not to
get mail from the SA lists.
I believe the correct process here is that the moderators of the SA
listserver investigate why the listserver got listed on Spamcop. If it
is a case where there are addresses to spamtraps in the list, then maybe
the list needs to send out opt-in verification messages to weed them
out.
-=B
________________________________
From: Mike Kenny [mailto:inzanix@gmail.com]
Sent: Tuesday, November 07, 2006 3:15 AM
To: users@spamassassin.apache.org
Subject: Re: mail bounce warning for the list
On 11/7/06, Derek Harding <de...@innovyx.com> wrote:
Gary W. Smith wrote:
>
> Was the SA group listed by spamcop last month? I just now
received
> this for messages from October 26th.
>
Who cares?
> < gary@primeexalia.com <ma...@primeexalia.com> >:
>
> MailScanner warning: numerical links are often malicious:
209.209.82.24 <http://209.209.82.24> does not like recipient.
>
> Remote host said: 554 5.7.1 Service unavailable; Client host
> [MailScanner warning: numerical links are often malicious:
140.211.11.2 <http://140.211.11.2> ] blocked using bl.spamcop.net;
Blocked - see
> _http://www.spamcop.net/bl.shtml?140.211.11.2_
>
> Giving up on MailScanner warning: numerical links are often
malicious: 209.209.82.24 <http://209.209.82.24> .
>
> Gary Wayne Smith
>
Anyone dumb enough to block outright on the spamcop BL deserves
whatever
they don't get.
Derek
Is this not part of the problem? That many of these people who 'deserve
whatever they don't get' are operating under the mistaken belief that
these spam vigilantes are protecting them from spam and allowing
legitimate mail through? We can enter into a pointless argument about
whether this is due to the stupidity of their administrators or the
arrogance of the knowldgeable administrators, but the fact is that this
is happening. This is evidenced by the number of complaints from people
claiming either not to have received legitimate email or to have it
bounced by spamcop or some such site.
Blocking mail base soley on the IP address (whether because it is a
dynamic address or has at some time in the past sent a mail to a
spamtrap) is akin to shooting the postman because yesterday you received
an advertisement.
The only way to kill spam is to inspect the mail using a tool such as SA
and then reach an intelligent decision based on the results (the
interpretation of the results will vary from site to site). Blocking IP
addresses will not kill spam, it kills the mail system.The spammer will
move to anotehr IP, the poor innocent user doesn't know what to do and
either accepts that his mail may not reach all recipients or reverts to
licking stamps.
mike
Re: mail bounce warning for the list
Posted by Mike Kenny <in...@gmail.com>.
On 11/7/06, Derek Harding <de...@innovyx.com> wrote:
>
> Gary W. Smith wrote:
> >
> > Was the SA group listed by spamcop last month? I just now received
> > this for messages from October 26th.
> >
>
> Who cares?
>
> > <ga...@primeexalia.com>:
> >
> > 209.209.82.24 does not like recipient.
> >
> > Remote host said: 554 5.7.1 Service unavailable; Client host
> > [140.211.11.2] blocked using bl.spamcop.net; Blocked - see
> > _http://www.spamcop.net/bl.shtml?140.211.11.2_
> >
> > Giving up on 209.209.82.24.
> >
> > Gary Wayne Smith
> >
> Anyone dumb enough to block outright on the spamcop BL deserves whatever
> they don't get.
>
> Derek
>
> Is this not part of the problem? That many of these people who 'deserve
whatever they don't get' are operating under the mistaken belief that these
spam vigilantes are protecting them from spam and allowing legitimate mail
through? We can enter into a pointless argument about whether this is due to
the stupidity of their administrators or the arrogance of the knowldgeable
administrators, but the fact is that this is happening. This is evidenced by
the number of complaints from people claiming either not to have received
legitimate email or to have it bounced by spamcop or some such site.
Blocking mail base soley on the IP address (whether because it is a dynamic
address or has at some time in the past sent a mail to a spamtrap) is akin
to shooting the postman because yesterday you received an advertisement.
The only way to kill spam is to inspect the mail using a tool such as SA and
then reach an intelligent decision based on the results (the interpretation
of the results will vary from site to site). Blocking IP addresses will not
kill spam, it kills the mail system.The spammer will move to anotehr IP, the
poor innocent user doesn't know what to do and either accepts that his mail
may not reach all recipients or reverts to licking stamps.
mike
Re: mail bounce warning for the list
Posted by Derek Harding <de...@innovyx.com>.
On Mon, 2006-11-06 at 23:55 -0800, Derek Harding wrote:
> >
> Anyone dumb enough to block outright on the spamcop BL deserves whatever
> they don't get.
Sorry for the delay. I need to apologise for the short temperedness of
my response. I should have tempered my response and been more helpful.
My only excuse is that it was late and the issue of the Spamcop BL's
hair trigger and hence FP problems comes up so often as to be
practically an FAQ.
I do wish to point out that I was referring specifically to the spamcop
BL not BLs in general. We refuse all email from sites on the SBL for
example.
Obviously anyone is welcome to block on any criteria they wish. However
it makes no sense to me to choose criteria that are known to suffer from
false positives and then complain about those false positives.
Derek
R: mail bounce warning for the list
Posted by Giampaolo Tomassoni <g....@libero.it>.
> Anyone dumb enough to block outright on the spamcop BL deserves whatever
> they don't get.
Yeah! Score it, don't pretend it to be God.
Giampaolo
>
> Derek
>
Re: mail bounce warning for the list
Posted by Derek Harding <de...@innovyx.com>.
Gary W. Smith wrote:
>
> Was the SA group listed by spamcop last month? I just now received
> this for messages from October 26th.
>
Who cares?
> <ga...@primeexalia.com>:
>
> 209.209.82.24 does not like recipient.
>
> Remote host said: 554 5.7.1 Service unavailable; Client host
> [140.211.11.2] blocked using bl.spamcop.net; Blocked - see
> _http://www.spamcop.net/bl.shtml?140.211.11.2_
>
> Giving up on 209.209.82.24.
>
> Gary Wayne Smith
>
Anyone dumb enough to block outright on the spamcop BL deserves whatever
they don't get.
Derek