You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Monnerie <mi...@is.it-management.at> on 2009/10/21 20:39:30 UTC

false positive on hostkarma blacklist

> http://ipadmin.junkemailfilter.com/remove.php?ip=62.40.128.130

Just received this FP from a customer. That IP is indeed an MX for 
kabsi.at, a big cable provider in Austria. Please put it on YELLOW.

mfg zmi
-- 
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660 / 415 65 31                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net                  Key-ID: 1C1209B4

Re: false positive on hostkarma blacklist

Posted by Michael Monnerie <mi...@is.it-management.at>.

Another FP, reported some Monday from a customer:
212.62.57.38 == mtaout3.isp.ptt.rs

Which is a clear sign for an ISP. So please, again, check also their 
mtaout1 ... mtaout9 or whatever and include all these in YELLOW.

Also, I've offered you a list of ISPs MX from Austria. We have an ISP 
Associtation ( www.ispa.at ), and they keep that list actual. Do you 
want that for your YELLOW list? Maybe you can subscribe for receiving 
updates automatically, too...

mfg zmi
-- 
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660 / 415 65 31                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net                  Key-ID: 1C1209B4

Re: false positive on hostkarma blacklist

Posted by Michael Monnerie <mi...@is.it-management.at>.

On Mittwoch 21 Oktober 2009 Marc Perkel wrote:
>  Michael Monnerie wrote:
> http://ipadmin.junkemailfilter.com/remove.php?ip=62.40.128.130
> Just received this FP from a customer. That IP is indeed an MX for
> kabsi.at, a big cable provider in Austria. Please put it on YELLOW.

Please, Marc, you fixed above IP, but now this one is on the blacklist:
62.40.128.131

It's the following IP, and the reverse shows
62.40.128.130  mx02.kabsi.at
62.40.128.131  mx04.kabsi.at

When someone reports an ISP, and they name their MX in a very readable 
way, you should automatically check for mx01 and mx03, mx05, ... 
automatically:
195.202.128.130  mx03.kabsi.at
195.202.128.131  mx05.kabsi.at

Please put all these on YELLOW. 

mfg zmi
-- 
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660 / 415 65 31                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net                  Key-ID: 1C1209B4