You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2007/07/27 19:18:10 UTC
False Positives on Spamhaus?
Getting a ton of false positives today on spamhaus. Generally they never
get it wrong. Anyone else seeing this or is it just me?
Re: False Positives on Spamhaus?
Posted by Jason Haar <Ja...@trimble.co.nz>.
Dan Barker wrote:
> That's not "Consumer Friendly", that's just WRONG!
>
> Glad you found it.
>
...well If you were doing "RBL-style" lookups, don't they exclusively
return 127.* addresses on matches - i.e. "no such host" or "address
204.4.4.4" should both be treated as "no such host" as far as RBL
software is concerned?
Sounds to me like the RBL software is wrong - not OpenDNS (hence me
bringing it up in the first place)
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
RE: False Positives on Spamhaus?
Posted by Dan Barker <db...@visioncomm.net>.
That's not "Consumer Friendly", that's just WRONG!
Glad you found it.
Dan
<snip>
The caching DNS servers we not accessable to the email serrves so they had
no DNS. I decided to point the /etc/resolv.conf file to opendns.org's DNS
servers and it does some tricky things and what it returned caching for
spamhaus isn't what I think spamhaus was sending. They were making consumer
friendly responses to point not founds to their search engine.
It was a decision during a crisis and it turned out to have inintended
consequences.
</snip>
Re: False Positives on Spamhaus?
Posted by Marc Perkel <ma...@perkel.com>.
Jason Haar wrote:
> Marc Perkel wrote:
>
>> Never mind - my fault. I don't think it was spamhaus but a screwed up
>> DNS server.
>>
> Care to share? I'm a bit concerned a "screwed up" DNS server could cause
> RBL software to start declaring IP addresses were blacklisted. How did
> that happen?
>
>
Kind of a bizzare set of circumstances. Last my my colo provider screwed
up their routers. It created a situation where some ove my boxes weren't
accessable by other boxed. The caching DNS servers we not accessable to
the email serrves so they had no DNS. I decided to point the
/etc/resolv.conf file to opendns.org's DNS servers and it does some
tricky things and what it returned caching for spamhaus isn't what I
think spamhaus was sending. They were making consumer friendly responses
to point not founds to their search engine.
It was a decision during a crisis and it turned out to have inintended
consequences.
Re: False Positives on Spamhaus?
Posted by Jason Haar <Ja...@trimble.co.nz>.
Marc Perkel wrote:
> Never mind - my fault. I don't think it was spamhaus but a screwed up
> DNS server.
Care to share? I'm a bit concerned a "screwed up" DNS server could cause
RBL software to start declaring IP addresses were blacklisted. How did
that happen?
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: False Positives on Spamhaus?
Posted by Marc Perkel <ma...@perkel.com>.
Marc Perkel wrote:
> Getting a ton of false positives today on spamhaus. Generally they
> never get it wrong. Anyone else seeing this or is it just me?
>
>
Never mind - my fault. I don't think it was spamhaus but a screwed up
DNS server.
Re: False Positives on Spamhaus?
Posted by Banyan He <ba...@rootong.com>.
It seems the data was cached. Let's see if it is correct after 24 hours
later.
Rick Macdougall wrote:
> Marc Perkel wrote:
>> Getting a ton of false positives today on spamhaus. Generally they
>> never get it wrong. Anyone else seeing this or is it just me?
>>
>
> I see it on one of my servers trying to send to a fido.ca account
> (mobile phone account). www.dnsstuff.com and a local lookup says we
> aren't listed but they reject our mail saying that our IP is listed in
> sbl-xbl.
>
> Not sure what's up with that.
>
> Regards,
>
> Rick
>
>
>
--
---------------
Banyan He
Mail&Web Security
Mobile: +86 13641777622
MSN: banyan.he@hotmail.com
Skype: banyan.he
Email: banyan@rootong.com
Website: http://www.rootong.com
Re: False Positives on Spamhaus?
Posted by Rick Macdougall <ri...@ummm-beer.com>.
Marc Perkel wrote:
> Getting a ton of false positives today on spamhaus. Generally they never
> get it wrong. Anyone else seeing this or is it just me?
>
I see it on one of my servers trying to send to a fido.ca account
(mobile phone account). www.dnsstuff.com and a local lookup says we
aren't listed but they reject our mail saying that our IP is listed in
sbl-xbl.
Not sure what's up with that.
Regards,
Rick
RE: False Positives on Spamhaus?
Posted by Skip Brott <sb...@dmp.com>.
> Getting a ton of false positives today on spamhaus. Generally
> they never get it wrong. Anyone else seeing this or is it just me?
That's a lot of confidence in a system over which you have no control.
- Skip