You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alexandre Chapellon <al...@mana.pf> on 2010/08/18 01:30:16 UTC
How the hell barracuda behaves?
Hi the list,
I am posting the results of my tests in order to have
fedback/feelings/remarqs.
This is not directly spamassassin related, but can be helpful for people
(I saw here) wondering if they would used the barracuda DNSBL.
the problem:
- I have quite often complaints from my customers about mails they sent
not being delivered because of some barracudacentral blocking.
the facts:
- As an ISP with tens of thounsands users, I have several mail relay
plateforms offering smtp on port 587 (and 25 locally), authentication
(not yet mandatory), SPF records published for my very own domains.
the tests:
- I ran a simple bash loop in order to tests my IP addresses (~40000
addresses) against several blacklists.
Let me be clear: I admit my whole network (and so customer network) is
not perfectly clean, and must include some bots (now or in the past).
But results here really look terrible! Here follow the name of the black
lists, te number of (black)listed entry, and the errors returned (mostly
timout requests)
======== barracuda ========
listed: 7947
errors: 98
total: 38760
======== sorbs ========
listed: 52
errors: 0
total: 38760
======== spamhaus ========
listed: 2
errors: 0
total: 38760
======== xbl ========
listed: 19
errors: 0
total: 38760
======== cbl ========
listed: 19
errors: 1
total: 38760
When other well known DNSBL (I have always heard spamhaus sbl and xbl
are trust worthy) list less at most 50 entries , barrcuda lists almost
8000!!!!
Furthermore barracuda blacklists seems to return the very same DNS
results whatever the reason of the listing is! Which, if true, does not
makes it easy to take a decision of what to do with a mail when DNSBL
matched.
Finally there is a special feature that barrcuda folks call "deep
scanning" which makes the appliance scans the 'Received' headers and
reject the mails if an IP found in that headers, is listed in the
DNSBL... a feature that should obviously be called: 'even increase my
false positive rate'
If I were asked to use barracuda bl I would just anwser: "NO WAY!"
Re: How the hell barracuda behaves?
Posted by Alexandre Chapellon <al...@mana.pf>.
Le mercredi 18 août 2010 à 13:39 -0400, Joseph Brennan a écrit :
> The error message from Barracuda is broken too. Sample:
>
>
> > ... while talking to barracuda.xprize.org.:
> >>>> DATA
> > <<< 554 Service unavailable; Client host [tarap.cc.columbia.edu] blocked
> > using Barracuda Reputation;
> > http://www.barracudanetworks.com/reputation/?r=1&ip=69.86.203.182
> > 554 5.0.0 Service unavailable
>
>
> That says our outbound mail server tarap is blocked, right?
>
> But wait, the URL says 69.86.203.182 is blocked. That's not us. That's
> user-12lditm.cable.mindspring.com. One of our users was there, did SMTP
> auth to our server tarap, and we allowed the message.
>
You got it Joseph... the sending server has an ip not listed in the bl,
but relayed form an ip which is listed.
As a result barracuda rejected the mail because of blacklist: this is
deep scanning.
an Obviously non-standard and stupid behaviour.... because primarily
bots sending spam, send direct to MX, or via a spam canon (which has to
be listed).
If an barracuda blacklisted IP relays through an non listed server (even
more if it uses auth/TLS) they are many chances the mail is legitmate
and so no reason to reject it!
> 69.86.203.182 is still listed. Go to the URL. It does not tell you why
> but suggests many possible reasons. I'd go for the last one :-)
>
I suscpect many barracuda admin not to understand how to use this
feature!
>
> Joseph Brennan
> Columbia University Information Technology
>
>
Re: How the hell barracuda behaves?
Posted by Joseph Brennan <br...@columbia.edu>.
The error message from Barracuda is broken too. Sample:
> ... while talking to barracuda.xprize.org.:
>>>> DATA
> <<< 554 Service unavailable; Client host [tarap.cc.columbia.edu] blocked
> using Barracuda Reputation;
> http://www.barracudanetworks.com/reputation/?r=1&ip=69.86.203.182
> 554 5.0.0 Service unavailable
That says our outbound mail server tarap is blocked, right?
But wait, the URL says 69.86.203.182 is blocked. That's not us. That's
user-12lditm.cable.mindspring.com. One of our users was there, did SMTP
auth to our server tarap, and we allowed the message.
69.86.203.182 is still listed. Go to the URL. It does not tell you why
but suggests many possible reasons. I'd go for the last one :-)
Joseph Brennan
Columbia University Information Technology
Re: How the hell barracuda behaves?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > Finally there is a special feature that barrcuda folks call "deep scanning"
> > which makes the appliance scans the 'Received' headers and reject the mails
> > if an IP found in that headers, is listed in the DNSBL... a feature that
> > should obviously be called: 'even increase my false positive rate'
On 18.08.10 10:14, Matt wrote:
> Perhaps for authenticated SMTP not record the IP address in the
> headers but rather just the authenticated username in the headers. I
> think Squirrelmail does that. Your MTA logs will have the IP recorded
> if needed later.
it would break the existing usage and cause tracking very hard. I don't
think anyone should break his SMTP server just because other admins have
broken SMTP servers...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
Re: How the hell barracuda behaves?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
> On the other hand, back to topic, Barracuda rejecting for mail originating
> on a dialup line is just crazy. We've seen it too.
And it has been mentioned here, and in other places on the net, before.
Yes, indeed, there appears to be an issue with Barracuda appliances'
configuration in "certain firmware revisions", not properly explaining
what "some certain, recommended conf option" does.
Aka, some (mis-configured?) Barracudas indeed have been reported to do
deep-header parsing against blacklists possibly including PBL style IPs.
SA does not do that. (Ow, how did I manage to get on-topic? ;)
This entire thread is OT. Not that an occasional OT thread would be bad
in and by itself. And I do understand the desire of the OP to vent about
improper blacklist usage.
However, I do NOT want this thread to become $vendor bashing or any kind
of flame war. Even less so, if asking google would return references to
all arguments brought up yet again here.
If anyone feels a strong urge to bring up and discuss a spam related,
though not SA related, topic -- oh well, so may it be. But please, do it
sensibly. No flame war. Or I'll have to close the thread.
guenther -- still wearing his SA PMC and list moderator hats
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: How the hell barracuda behaves?
Posted by Joseph Brennan <br...@columbia.edu>.
Matt <lm...@gmail.com> wrote:
> Perhaps for authenticated SMTP not record the IP address in the
> headers but rather just the authenticated username in the headers. I
> think Squirrelmail does that. Your MTA logs will have the IP recorded
> if needed later.
>>From the browser to Squirrelmail is not SMTP.
Gmail is an example of not recording the HTTP hop. That makes it harder
to distinguish spam from well-known problem Ip sources. In my opinion
the origin should be shown.
On the other hand, back to topic, Barracuda rejecting for mail originating
on a dialup line is just crazy. We've seen it too.
Joseph Brennan
Columbia University Information Technology
Re: How the hell barracuda behaves?
Posted by Matt <lm...@gmail.com>.
> Finally there is a special feature that barrcuda folks call "deep scanning"
> which makes the appliance scans the 'Received' headers and reject the mails
> if an IP found in that headers, is listed in the DNSBL... a feature that
> should obviously be called: 'even increase my false positive rate'
Perhaps for authenticated SMTP not record the IP address in the
headers but rather just the authenticated username in the headers. I
think Squirrelmail does that. Your MTA logs will have the IP recorded
if needed later.
Matt
Re: How the hell barracuda behaves?
Posted by Alexandre Chapellon <al...@mana.pf>.
Le mercredi 18 août 2010 à 10:53 -0400, Kris Deugau a écrit :
> Alexandre Chapellon wrote:
> > When other well known DNSBL (I have always heard spamhaus sbl and xbl
> > are trust worthy) list less at most 50 entries , barrcuda lists almost
> > 8000!!!!
>
> That's not a problem all by itself, but when combined with this:
No indeed... It's just not very clean, and makes me think the list is
not very reliable.
>
> > Finally there is a special feature that barrcuda folks call "deep
> > scanning" which makes the appliance scans the 'Received' headers and
> > reject the mails if an IP found in that headers, is listed in the
> > DNSBL... a feature that should obviously be called: 'even increase my
> > false positive rate'
>
> ... it makes life difficult. (In fact, if you provide Internet access
> for residential customers, a big chunk of your IP address space *should*
> be listed on Spamhaus' PBL - these IPs should be using your SMTP relay,
> or submitting mail via SMTP AUTH to another relay, not contacting
> recipient MXes directly.)
>
This is what all my residential customers do as port 25 is blocked at
the bound of our network.
> I've had far too many incidents in the last ~6 months of having tech
> support ask me to dig into why a certain customer of ours is suddenly
> getting postmaster rejections on their mail to certain recipients -
> usually "important business contacts".
> All of them have proven to be recipients behind a Barracuda filter
> appliance that's deep-scanning headers and rejecting the message based
> on our customer's connection IP on our network - an IP behind our
> standard block for SMTP to anywhere but our own SMTP relay... and the
> rejected message was properly relayed through that system. Or worse, an
> IP on some other provider's network, where our mail customer is using
> SMTP AUTH on port 587 to relay through our server.
>
This is exactly what happens here: deep scanning put a mess (I conclude
it's deep scanning involved as I noticed rejection happened after the
end of data command and complained about ip address).
Do people (dumbly) using barracuda just don't care of rejecting
legitimate email???????
> I usually tell tech support to tell the customer that they'll have to
> contact the recipient by eg phone to let them know they're missing
> legitimate mail.
>
> -kgd
Re: How the hell barracuda behaves?
Posted by Alexandre Chapellon <al...@mana.pf>.
Le mercredi 18 août 2010 à 11:27 -0700, Marc Perkel a écrit :
>
> On 8/18/2010 7:53 AM, Kris Deugau wrote:
> > Alexandre Chapellon wrote:
> >> When other well known DNSBL (I have always heard spamhaus sbl and xbl
> >> are trust worthy) list less at most 50 entries , barrcuda lists
> >> almost 8000!!!!
> >
> > That's not a problem all by itself, but when combined with this:
> >
> >> Finally there is a special feature that barrcuda folks call "deep
> >> scanning" which makes the appliance scans the 'Received' headers and
> >> reject the mails if an IP found in that headers, is listed in the
> >> DNSBL... a feature that should obviously be called: 'even increase my
> >> false positive rate'
> >
> > ... it makes life difficult. (In fact, if you provide Internet access
> > for residential customers, a big chunk of your IP address space
> > *should* be listed on Spamhaus' PBL - these IPs should be using your
> > SMTP relay, or submitting mail via SMTP AUTH to another relay, not
> > contacting recipient MXes directly.)
> >
> > I've had far too many incidents in the last ~6 months of having tech
> > support ask me to dig into why a certain customer of ours is suddenly
> > getting postmaster rejections on their mail to certain recipients -
> > usually "important business contacts".
> >
> > All of them have proven to be recipients behind a Barracuda filter
> > appliance that's deep-scanning headers and rejecting the message based
> > on our customer's connection IP on our network - an IP behind our
> > standard block for SMTP to anywhere but our own SMTP relay... and the
> > rejected message was properly relayed through that system. Or worse,
> > an IP on some other provider's network, where our mail customer is
> > using SMTP AUTH on port 587 to relay through our server.
> >
> > I usually tell tech support to tell the customer that they'll have to
> > contact the recipient by eg phone to let them know they're missing
> > legitimate mail.
> >
> > -kgd
> >
>
> I also scan IPs in received headers. I don't reject on that by itself
> but it is a factor when combined with other conditions.
>
I have no problem with this, this a normal behaviour (but personnally i
would avoid using barracudaBL for this).
Re: How the hell barracuda behaves?
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 8/18/2010 7:53 AM, Kris Deugau wrote:
> Alexandre Chapellon wrote:
>> When other well known DNSBL (I have always heard spamhaus sbl and xbl
>> are trust worthy) list less at most 50 entries , barrcuda lists
>> almost 8000!!!!
>
> That's not a problem all by itself, but when combined with this:
>
>> Finally there is a special feature that barrcuda folks call "deep
>> scanning" which makes the appliance scans the 'Received' headers and
>> reject the mails if an IP found in that headers, is listed in the
>> DNSBL... a feature that should obviously be called: 'even increase my
>> false positive rate'
>
> ... it makes life difficult. (In fact, if you provide Internet access
> for residential customers, a big chunk of your IP address space
> *should* be listed on Spamhaus' PBL - these IPs should be using your
> SMTP relay, or submitting mail via SMTP AUTH to another relay, not
> contacting recipient MXes directly.)
>
> I've had far too many incidents in the last ~6 months of having tech
> support ask me to dig into why a certain customer of ours is suddenly
> getting postmaster rejections on their mail to certain recipients -
> usually "important business contacts".
>
> All of them have proven to be recipients behind a Barracuda filter
> appliance that's deep-scanning headers and rejecting the message based
> on our customer's connection IP on our network - an IP behind our
> standard block for SMTP to anywhere but our own SMTP relay... and the
> rejected message was properly relayed through that system. Or worse,
> an IP on some other provider's network, where our mail customer is
> using SMTP AUTH on port 587 to relay through our server.
>
> I usually tell tech support to tell the customer that they'll have to
> contact the recipient by eg phone to let them know they're missing
> legitimate mail.
>
> -kgd
>
I also scan IPs in received headers. I don't reject on that by itself
but it is a factor when combined with other conditions.
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: How the hell barracuda behaves?
Posted by Kris Deugau <kd...@vianet.ca>.
Alexandre Chapellon wrote:
> When other well known DNSBL (I have always heard spamhaus sbl and xbl
> are trust worthy) list less at most 50 entries , barrcuda lists almost
> 8000!!!!
That's not a problem all by itself, but when combined with this:
> Finally there is a special feature that barrcuda folks call "deep
> scanning" which makes the appliance scans the 'Received' headers and
> reject the mails if an IP found in that headers, is listed in the
> DNSBL... a feature that should obviously be called: 'even increase my
> false positive rate'
... it makes life difficult. (In fact, if you provide Internet access
for residential customers, a big chunk of your IP address space *should*
be listed on Spamhaus' PBL - these IPs should be using your SMTP relay,
or submitting mail via SMTP AUTH to another relay, not contacting
recipient MXes directly.)
I've had far too many incidents in the last ~6 months of having tech
support ask me to dig into why a certain customer of ours is suddenly
getting postmaster rejections on their mail to certain recipients -
usually "important business contacts".
All of them have proven to be recipients behind a Barracuda filter
appliance that's deep-scanning headers and rejecting the message based
on our customer's connection IP on our network - an IP behind our
standard block for SMTP to anywhere but our own SMTP relay... and the
rejected message was properly relayed through that system. Or worse, an
IP on some other provider's network, where our mail customer is using
SMTP AUTH on port 587 to relay through our server.
I usually tell tech support to tell the customer that they'll have to
contact the recipient by eg phone to let them know they're missing
legitimate mail.
-kgd
Re: How the hell barracuda behaves?
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 8/18/2010 4:10 AM, corpus.defero wrote:
> On Wed, 2010-08-18 at 06:36 -0400, Michael Scheidell wrote:
>> On 8/17/10 7:30 PM, Alexandre Chapellon wrote:
>>> Hi the list,
>>>
>>> I am posting the results of my tests in order to have
>>> fedback/feelings/remarqs.
>>> This is not directly spamassassin related, but can be helpful for
>>> people (I saw here) wondering if they would used the barracuda
>>> DNSBL.
>>>
>>> When other well known DNSBL (I have always heard spamhaus sbl and
>>> xbl are trust worthy) list less at most 50 entries , barrcuda lists
>>> almost 8000!!!!
> They list spammers based on trend and feedback from their appliance
> users. Personally I find it very accurate and it hits out rubbish that
> other lists seem to inexplicably (£$£$£$) miss.
>
>> Third reason is 'emailreg.org'.
> Totally agree - the owners of Barracuda appliances are unable to disable
> the 'emailreg.org' whitelist without calling support which, in my view,
> makes it a bypass or 'pay to spam barracuda owners' . That said,
> compared to their internal whitelist (which has some really interesting
> clients on it) emailreg.org is small fry.
>
> Barracuda - not white hat, not black hat, but kinda pinky grey hat.
>
>
I'm using both their black lists and white lists and it seems to work
fine for me. Putting the issue of political correctness aside.
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: How the hell barracuda behaves?
Posted by Alexandre Chapellon <al...@mana.pf>.
Le mercredi 18 août 2010 à 12:10 +0100, corpus.defero a écrit :
> On Wed, 2010-08-18 at 06:36 -0400, Michael Scheidell wrote:
> > On 8/17/10 7:30 PM, Alexandre Chapellon wrote:
> > > Hi the list,
> > >
> > > I am posting the results of my tests in order to have
> > > fedback/feelings/remarqs.
> > > This is not directly spamassassin related, but can be helpful for
> > > people (I saw here) wondering if they would used the barracuda
> > > DNSBL.
> > >
> > > When other well known DNSBL (I have always heard spamhaus sbl and
> > > xbl are trust worthy) list less at most 50 entries , barrcuda lists
> > > almost 8000!!!!
> They list spammers based on trend and feedback from their appliance
> users. Personally I find it very accurate and it hits out rubbish that
> other lists seem to inexplicably (£$£$£$) miss.
>
I do not doubt they catch thing that others would let go through :)!
I doubt it's for good reason. Have you ever tried to measure your false
positive rate?
If you use it for scoring mail it may not have big impact...
FYI: I have seen listed in barracuda IPs of switches and routers. I'va
double check, and smtp relay is not open on thoose devices and they only
sends messages internally... and to the support... BUT! the support has
a barracuda gateway, which seems to recognize its own report sent by
their devices as spam... and automatically feeding their RBL...
This means that every missconfigured device is suceptible to insert
false positive entries in the dnsBL.
> > Third reason is 'emailreg.org'.
> Totally agree - the owners of Barracuda appliances are unable to disable
> the 'emailreg.org' whitelist without calling support which, in my view,
> makes it a bypass or 'pay to spam barracuda owners' . That said,
> compared to their internal whitelist (which has some really interesting
> clients on it) emailreg.org is small fry.
>
> Barracuda - not white hat, not black hat, but kinda pinky grey hat.
>
Re: How the hell barracuda behaves?
Posted by "corpus.defero" <co...@idnet.com>.
On Wed, 2010-08-18 at 06:36 -0400, Michael Scheidell wrote:
> On 8/17/10 7:30 PM, Alexandre Chapellon wrote:
> > Hi the list,
> >
> > I am posting the results of my tests in order to have
> > fedback/feelings/remarqs.
> > This is not directly spamassassin related, but can be helpful for
> > people (I saw here) wondering if they would used the barracuda
> > DNSBL.
> >
> > When other well known DNSBL (I have always heard spamhaus sbl and
> > xbl are trust worthy) list less at most 50 entries , barrcuda lists
> > almost 8000!!!!
They list spammers based on trend and feedback from their appliance
users. Personally I find it very accurate and it hits out rubbish that
other lists seem to inexplicably (£$£$£$) miss.
> Third reason is 'emailreg.org'.
Totally agree - the owners of Barracuda appliances are unable to disable
the 'emailreg.org' whitelist without calling support which, in my view,
makes it a bypass or 'pay to spam barracuda owners' . That said,
compared to their internal whitelist (which has some really interesting
clients on it) emailreg.org is small fry.
Barracuda - not white hat, not black hat, but kinda pinky grey hat.
Re: How the hell barracuda behaves?
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 8/18/2010 9:24 PM, Ted Mittelstaedt wrote:
>
>
> On 8/18/2010 6:14 PM, Marc Perkel wrote:
>>
>>
>> On 8/18/2010 4:46 PM, Karsten Bräckelmann wrote:
>>> On Wed, 2010-08-18 at 12:38 -0700, Marc Perkel wrote:
>>>> Registering with a white list doesn't reduce spam. It reduces false
>>>> positives when you send email.
>>>>
>>>> If you want to reduce spam however you could add this MX record as
>>>> your
>>>> highest numbered MX.
>>>>
>>>> tarbaby. [...]
>>> Ahem.
>>>
>>> Marc, your infrequent (and off-topic at that) post about adding your
>>> tarpit MX for third-party domains is one thing. So far, it was a new
>>> thread always, and well, the very same arguing against it started
>>> immediately.
>>>
>>> This response, however, is a totally different thing. In my not so
>>> humble opinion, this is advertising -- almost cold-calling -- without
>>> the *necessary* discussion of what this does, what it actually means
>>> and
>>> the downsides implied.
>>>
>>> Please do not do it this way.
>>>
>>> guenther -- with his SA PMC and moderator hat on
>>>
>>>
>>
>> I've described it a number of times on the list. I don't see why I need
>> to continue to do that.
>
> Great news!
>
>> They were discussing ways to reduce spam and I
>> mentioned it. It's free - it works - and there is no down side.
>>
>
> There is a downside as has been explained before by me and many
> others.
>
> The actual fact of the matter is that the reason your sticking your
> plug for this MX trick of yours into the replies is because you want
> to contaminate the mailing list archives.
>
> You are hoping that one of us folks who know better will not be
> reading one of these threads and so your plug will slide by
> unnoticed.
>
> Then a few years later when some newbie is looking for something
> in the mailing list archives they will come across your plug
> and think it's a good idea, because there will be no counter-post
> from one of the people on the list who knows better.
>
> The amazing part of this is you think all of us are dumb enough
> to fall for this trick.
>
> As Karsten said your attempting to hijack a thread for a plug.
> The fact that it's a "free" system doesn't mean that it's a
> good system. The amazing thing to me is that you have had it
> explained why it's bad, repeatedly, and you continue to ignore
> the explanations.
>
> Are your eyes deaf?
>
> Ted
Oh - I'm sorry. How do I make this right? Well since offering people
resources for free is offensive then I suppose they only way to fix it
is to rescind the offer. So Ted - I prohibit you from using my "free"
services. Does that make it up to you? I wouldn't want any of you to
fall for my "trick". You are truly a genius for catching me.
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: How the hell barracuda behaves?
Posted by Ted Mittelstaedt <te...@ipinc.net>.
On 8/18/2010 6:14 PM, Marc Perkel wrote:
>
>
> On 8/18/2010 4:46 PM, Karsten Bräckelmann wrote:
>> On Wed, 2010-08-18 at 12:38 -0700, Marc Perkel wrote:
>>> Registering with a white list doesn't reduce spam. It reduces false
>>> positives when you send email.
>>>
>>> If you want to reduce spam however you could add this MX record as your
>>> highest numbered MX.
>>>
>>> tarbaby. [...]
>> Ahem.
>>
>> Marc, your infrequent (and off-topic at that) post about adding your
>> tarpit MX for third-party domains is one thing. So far, it was a new
>> thread always, and well, the very same arguing against it started
>> immediately.
>>
>> This response, however, is a totally different thing. In my not so
>> humble opinion, this is advertising -- almost cold-calling -- without
>> the *necessary* discussion of what this does, what it actually means and
>> the downsides implied.
>>
>> Please do not do it this way.
>>
>> guenther -- with his SA PMC and moderator hat on
>>
>>
>
> I've described it a number of times on the list. I don't see why I need
> to continue to do that.
Great news!
> They were discussing ways to reduce spam and I
> mentioned it. It's free - it works - and there is no down side.
>
There is a downside as has been explained before by me and many
others.
The actual fact of the matter is that the reason your sticking your
plug for this MX trick of yours into the replies is because you want
to contaminate the mailing list archives.
You are hoping that one of us folks who know better will not be
reading one of these threads and so your plug will slide by
unnoticed.
Then a few years later when some newbie is looking for something
in the mailing list archives they will come across your plug
and think it's a good idea, because there will be no counter-post
from one of the people on the list who knows better.
The amazing part of this is you think all of us are dumb enough
to fall for this trick.
As Karsten said your attempting to hijack a thread for a plug.
The fact that it's a "free" system doesn't mean that it's a
good system. The amazing thing to me is that you have had it
explained why it's bad, repeatedly, and you continue to ignore
the explanations.
Are your eyes deaf?
Ted
> Here's the info on it.
>
> http://wiki.junkemailfilter.com/index.php/Project_tarbaby
>
> And it helps build black lists of spam bots that people can use for free.
>
> Now you're going to criticize me for explaining what you just asked for?
>
>
>
Re: How the hell barracuda behaves?
Posted by Benny Pedersen <me...@junc.org>.
On tor 19 aug 2010 03:14:50 CEST, Marc Perkel wrote
> Now you're going to criticize me for explaining what you just asked for?
moderator did not criticize but say imho just this is not your market place
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Lot of .info spam lately
Posted by Marc Perkel <su...@junkemailfilter.com>.
Anyone else seeing an increase in .info spam?
Re: How the hell barracuda behaves?
Posted by Benny Pedersen <me...@junc.org>.
On ons 25 aug 2010 17:52:18 CEST, Matus UHLAR - fantomas wrote
>> So I must not be the only one tired of this.
> there are more of us, I just didn't want to complain in the public, yet.
and now we did :(
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: How the hell barracuda behaves?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>> no Perkel, everthing posted is not necessarily acceptable, helpful and/or
>> relevant.
>>
>> especially when spamming the list for your tarbaby stuff, free or not.
On 25.08.10 09:08, QQQQ wrote:
> So I must not be the only one tired of this.
there are more of us, I just didn't want to complain in the public, yet.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
Re: How the hell barracuda behaves?
Posted by QQQQ <qq...@usermail.com>.
> no Perkel, everthing posted is not necessarily acceptable, helpful and/or
> relevant.
>
> especially when spamming the list for your tarbaby stuff, free or not.
So I must not be the only one tired of this.
Q
RE: How the hell barracuda behaves?
Posted by R-Elists <li...@abbacomm.net>.
> >
>
> Agreed. Seems to me that any discussion related to blocking
> spam is relevant.
>
no Perkel, everthing posted is not necessarily acceptable, helpful and/or
relevant.
especially when spamming the list for your tarbaby stuff, free or not.
it appears to me that you used to be a lot more involved with brainstorming,
and other ideas, programming, and asking for help programming your ideas.
many ideas are/were excellent and some have born fruit.
some have not.
if you would invest even more of your monies & time and persue some of what
has been suggested on and by the knowledgeable list participants, you will
eventually bring forth a lot more fruit.
- rh
Re: How the hell barracuda behaves?
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 8/23/2010 2:31 AM, Raul Dias wrote:
> On 08/18/2010 10:14 PM, Marc Perkel wrote:
>> [...] They were discussing ways to reduce spam and I mentioned it. [...]
> I believe, that 95% of the discussion in this list is about reducing
> spam in a way or another.
>
> -rsd
>
Agreed. Seems to me that any discussion related to blocking spam is
relevant.
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: How the hell barracuda behaves?
Posted by Raul Dias <ra...@dias.com.br>.
On 08/18/2010 10:14 PM, Marc Perkel wrote:
> [...] They were discussing ways to reduce spam and I mentioned it. [...]
I believe, that 95% of the discussion in this list is about reducing
spam in a way or another.
-rsd
Re: How the hell barracuda behaves?
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 8/18/2010 4:46 PM, Karsten Bräckelmann wrote:
> On Wed, 2010-08-18 at 12:38 -0700, Marc Perkel wrote:
>> Registering with a white list doesn't reduce spam. It reduces false
>> positives when you send email.
>>
>> If you want to reduce spam however you could add this MX record as your
>> highest numbered MX.
>>
>> tarbaby. [...]
> Ahem.
>
> Marc, your infrequent (and off-topic at that) post about adding your
> tarpit MX for third-party domains is one thing. So far, it was a new
> thread always, and well, the very same arguing against it started
> immediately.
>
> This response, however, is a totally different thing. In my not so
> humble opinion, this is advertising -- almost cold-calling -- without
> the *necessary* discussion of what this does, what it actually means and
> the downsides implied.
>
> Please do not do it this way.
>
> guenther -- with his SA PMC and moderator hat on
>
>
I've described it a number of times on the list. I don't see why I need
to continue to do that. They were discussing ways to reduce spam and I
mentioned it. It's free - it works - and there is no down side.
Here's the info on it.
http://wiki.junkemailfilter.com/index.php/Project_tarbaby
And it helps build black lists of spam bots that people can use for free.
Now you're going to criticize me for explaining what you just asked for?
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: How the hell barracuda behaves?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Wed, 2010-08-18 at 12:38 -0700, Marc Perkel wrote:
> Registering with a white list doesn't reduce spam. It reduces false
> positives when you send email.
>
> If you want to reduce spam however you could add this MX record as your
> highest numbered MX.
>
> tarbaby. [...]
Ahem.
Marc, your infrequent (and off-topic at that) post about adding your
tarpit MX for third-party domains is one thing. So far, it was a new
thread always, and well, the very same arguing against it started
immediately.
This response, however, is a totally different thing. In my not so
humble opinion, this is advertising -- almost cold-calling -- without
the *necessary* discussion of what this does, what it actually means and
the downsides implied.
Please do not do it this way.
guenther -- with his SA PMC and moderator hat on
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: How the hell barracuda behaves?
Posted by "Sergios T.S. ( aka linuxman)" <se...@greeklug.gr>.
στις 18/08/2010 10:38 μμ, O/H Marc Perkel έγραψε:
>
>
> On 8/18/2010 12:29 PM, Sergios T.S. ( aka linuxman) wrote:
>> στις 18/08/2010 10:03 μμ, O/H Matt έγραψε:
>>>> By the way I'm not a big fan of registering my servers to any private
>>>> entity in order to improve "deliverability".
>>> Register our servers here: www.dnswl.org Do not really use it for
>>> scoring but do not grey list any servers listed.
>>>
>>> Matt
>> Hi , if I register our Server's there , is work to reduced spam ?
>> Is effective method to register there .
>> Thanks .
>>
>
> Registering with a white list doesn't reduce spam. It reduces false
> positives when you send email.
>
> If you want to reduce spam however you could add this MX record as
> your highest numbered MX.
>
> tarbaby.junkemailfilter.com - priority 1000
>
> It will probably get rid of about 1/3 of your spambot spam and it
> helps me build my spambot black list. There are no false positives
> because all email is rejected with a 4xx error. It's all free too.
Thank you , I think about to add it .
Our DNS Server is in USA but all mail servers is in Greece and is little
hard to add MX Record , but I check it with our DNS provider and use
it if is possible .
>
>
>
--
Don't send me documents in .doc , .docx, .xls, .ppt .
Send it with ODF format : .odt , .odp , .ods or .pdf .
Try to use Open Document Format : http://www.openoffice.org/
Save you money& use GNU/Linux Distro http://distrowatch.com/
Re: How the hell barracuda behaves?
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 8/18/2010 12:29 PM, Sergios T.S. ( aka linuxman) wrote:
> στις 18/08/2010 10:03 μμ, O/H Matt έγραψε:
>>> By the way I'm not a big fan of registering my servers to any private
>>> entity in order to improve "deliverability".
>> Register our servers here: www.dnswl.org Do not really use it for
>> scoring but do not grey list any servers listed.
>>
>> Matt
> Hi , if I register our Server's there , is work to reduced spam ?
> Is effective method to register there .
> Thanks .
>
Registering with a white list doesn't reduce spam. It reduces false
positives when you send email.
If you want to reduce spam however you could add this MX record as your
highest numbered MX.
tarbaby.junkemailfilter.com - priority 1000
It will probably get rid of about 1/3 of your spambot spam and it helps
me build my spambot black list. There are no false positives because all
email is rejected with a 4xx error. It's all free too.
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: How the hell barracuda behaves?
Posted by "Sergios T.S. ( aka linuxman)" <se...@greeklug.gr>.
στις 18/08/2010 10:03 μμ, O/H Matt έγραψε:
>> By the way I'm not a big fan of registering my servers to any private
>> entity in order to improve "deliverability".
>>
> Register our servers here: www.dnswl.org Do not really use it for
> scoring but do not grey list any servers listed.
>
> Matt
>
Hi , if I register our Server's there , is work to reduced spam ?
Is effective method to register there .
Thanks .
Re: How the hell barracuda behaves?
Posted by Matt <lm...@gmail.com>.
> By the way I'm not a big fan of registering my servers to any private
> entity in order to improve "deliverability".
Register our servers here: www.dnswl.org Do not really use it for
scoring but do not grey list any servers listed.
Matt
Re: How the hell barracuda behaves?
Posted by Alexandre Chapellon <al...@mana.pf>.
Le mercredi 18 août 2010 à 06:36 -0400, Michael Scheidell a écrit :
> On 8/17/10 7:30 PM, Alexandre Chapellon wrote:
> > Hi the list,
> >
> > I am posting the results of my tests in order to have
> > fedback/feelings/remarqs.
> > This is not directly spamassassin related, but can be helpful for
> > people (I saw here) wondering if they would used the barracuda
> > DNSBL.
> >
> > When other well known DNSBL (I have always heard spamhaus sbl and
> > xbl are trust worthy) list less at most 50 entries , barrcuda lists
> > almost 8000!!!!
> >
>
> > If I were asked to use barracuda bl I would just anwser: "NO WAY!"
> Which is one reason that the barracuda list is optional. latest
> suggestion was to use a (low score) and last_untrusted.
> Third reason is 'emailreg.org'. Do you own googling and make your own
> conclusion.
> (second reason left out or public forum)
>
Indeed using Barracuda RBL to score (low) is already a much better idea
than using it to reject mails (what deep scanning do)!
>From emailreg.org frontpage: "Emailreg.org will not get you delisted
from Barracuda Block List (BRBL)"
If I'm not mistaking emailreg.org register mail servers and domains...?
In my case the problem is at the same time having IP listed (dynamics
ip) AND dulb admin enabling deeps scanning when they sould not.
By the way I'm not a big fan of registering my servers to any private
entity in order to improve "deliverability".
What about the second reason?
>
> ______________________________________________________________________
>
> This email has been scanned and certified safe by SpammerTrap®.
> For Information please see http://www.secnap.com/products/spammertrap/
>
>
> ______________________________________________________________________
>
Re: How the hell barracuda behaves?
Posted by Michael Scheidell <li...@secnap.com>.
On 8/17/10 7:30 PM, Alexandre Chapellon wrote:
> Hi the list,
>
> I am posting the results of my tests in order to have
> fedback/feelings/remarqs.
> This is not directly spamassassin related, but can be helpful for
> people (I saw here) wondering if they would used the barracuda DNSBL.
>
> When other well known DNSBL (I have always heard spamhaus sbl and xbl
> are trust worthy) list less at most 50 entries , barrcuda lists almost
> 8000!!!!
>
> If I were asked to use barracuda bl I would just anwser: "NO WAY!"
Which is one reason that the barracuda list is optional. latest
suggestion was to use a (low score) and last_untrusted.
Third reason is 'emailreg.org'. Do you own googling and make your own
conclusion.
(second reason left out or public forum)
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________