You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk> on 2009/06/22 12:27:47 UTC
SORBS bites the dust
Noted this over at NANAE;
QUOTE:
All,
Please feel free to forward this message to any other location/mailing
list.
It comes with great sadness that I have to announce the imminent
closure
of SORBS. The University of Queensland have decided not to honor their
agreement with myself and SORBS and terminate the hosting contract.
I have been involved with institutions such as Griffith University
trying to arrange alternative hosting for SORBS, but as of 12 noon,
22nd
June 2009 no hosting has been acquired and therefore I have been forced
in to this announcement. SORBS is officially "For Sale" should anyone
wish to purchase it as a going concern, but failing that and failing to
find alternative hosting for a 42RU rack in the Brisbane area of
Queensland Australia SORBS will be shutting down permanently in 28
days,
on 20th July 2009 at 12 noon.
This announcement will be replicated on the main SORBS website at the
earliest opportunity.
For information about the possible purchase of SORBS, the source code,
data, hosts etc, I maybe contacted at michelle@sorbs.net, telephone +61
414 861 744.
For any hosting suggestions/provision, please be aware that the 42RU
space is a requirement at the moment, and the service cannot be made
into a smaller rackspace without a lot of new hardware, virtual hosting
is just not possible. The SORBS service services over 30 billion DNS
queries per day, and has a number of database servers with fast disk to
cope with the requirements.
Thank you for all your support over the years,
Michelle Sullivan
(Previously known as Matthew Sullivan)
Re: SORBS bites the dust
Posted by Per Jessen <pe...@computer.org>.
LuKreme wrote:
> 42U of space seems a bit much though. I'd think a couple of Xserves
> could manage it quite well. I'm probably wrong though.
>
42U does sound like a lot of space, but imagine the hardware you'd need
to serve an average of 350,000 DNS requests per second. (according to
the website, SORBS does 30billion queries per day).
/Per Jessen, Zürich
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 22 Jun, 2009, at 12:04 , Charles Gregory wrote:
> When I did my research for setting up RBL's, I found old comparisons
> between RBL's that seemed to indicate that the spamhaus PBL and the
> spamcop lists had slightly higher levels of flase postives.
This was certainly true with Spamcop's list, which was next to
useless. PBL has always been a highly effective list, however, and I
used it gladly until I switched to zen, which includes it. It is,
after all, basically a list of IPs that the IP owners say should not
be sending email directly.
SORBS DUL list was, at a time, a bit more effective than the PBL, but
that didn't last long and I've seen addresses that haven't been in
dynamic pools for years still listed (Several IPs in Comcast's static
business pool, for example).
I'm not happy to see SORBS go, but it's been a long time since I
relied on it for anything other than a bit of scoring in SA.
42U of space seems a bit much though. I'd think a couple of Xserves
could manage it quite well. I'm probably wrong though.
--
Can I borrow your underpants for 10 minutes?
Re: SORBS bites the dust
Posted by Yet Another Ninja <sa...@alexb.ch>.
On 6/26/2009 4:07 PM, Jack Pepper wrote:
> Quoting LuKreme <kr...@kreme.com>:
>
>> On 25-Jun-2009, at 16:01, John Rudd wrote:
>>> People who complain that the PBL is blocking things that aren't spam
>>> kind of don't get the point of the PBL. The PBL's definition means
>>> that it will block non-spam. It should also block a lot of spam, but
>>> the fact that it will block ham is not an indictment of the PBL. It
>>> just means that people who complain about that fact don't understand
>>> the PBL.
>>
>> If only more people understood this. Thanks for the post John, you
>> summarized it very well. If anyone ever whines about the PBL again,
>> please repost.
>
> John Ruud's post needs to be in the faq.
http://www.spamhaus.org/pbl/index.lasso
The Spamhaus PBL is a DNSBL database of end-user IP address ranges which
should not be delivering unauthenticated SMTP email to any Internet mail
server except those provided for specifically by an ISP for that
customer's use. The PBL helps networks enforce their Acceptable Use
Policy for dynamic and non-MTA customer IP ranges.
Re: SORBS bites the dust
Posted by Jack Pepper <pe...@autoshun.org>.
Quoting LuKreme <kr...@kreme.com>:
> On 25-Jun-2009, at 16:01, John Rudd wrote:
>> People who complain that the PBL is blocking things that aren't spam
>> kind of don't get the point of the PBL. The PBL's definition means
>> that it will block non-spam. It should also block a lot of spam, but
>> the fact that it will block ham is not an indictment of the PBL. It
>> just means that people who complain about that fact don't understand
>> the PBL.
>
> If only more people understood this. Thanks for the post John, you
> summarized it very well. If anyone ever whines about the PBL again,
> please repost.
John Ruud's post needs to be in the faq.
jp
--
Simple compliance is a hacker's best friend
----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com
Re: SORBS bites the dust
Posted by Arvid Picciani <ae...@exys.org>.
Charles Gregory wrote:
>
> There are always exceptions.
Those can send me (postmaster@) a mail (without beeing blocked)
asking for whitelisting.
The reject message contains a link explaining how to do that.
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Fri, 26 Jun 2009, Matus UHLAR - fantomas wrote:
> Imho, the important question is, why such home user wants to send large
> amounts of mail....
Keep in mind, the definition of 'large' may be arbitrarily SMALL for some
ISP's.... Maybe just 100 recipients.
> .... if (s)he can't find any (free) hosting .....
The club starts off with a mailing list of 50 members, on their Outlook
Express addressbook. It grows over the years. It's 'easier' to just keep
sending mail the same way. Normally, the ISP just adjusts the limit, but
if they can't, or want to charge ridiculous money, then the user looks for
the next easiest way to get the mail out. Use the 'packaged' mail server
on their computer. Minimal learning curve, same usage, no changes to
addresses, etc, etc.
Yes, as I said, there are other solutions. Personally, when a list gets
bigger than 100 people, I want to get it onto a Yahoo Group or other free
list server so that I don't have to *manage* it. But for simple users
whose lists have just *grown* I can see the possibility. (shrug)
Advocated? No. Just aware and avoiding any sense of false confidence that
the PBL is any more secure from inaccurate listings (taking care in this
case to NOT atrbitrarily define the choices of the ISP as 'accurate' for
all their users).
But I think we were done here, weren't we? LOL
- Charles
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Thu, 25 Jun 2009, LuKreme wrote:
>> If only more people understood this. Thanks for the post John, you
>> summarized it very well. If anyone ever whines about the PBL again,
>> please repost.
On 26.06.09 10:18, Charles Gregory wrote:
> Firstly, my thanks to all who commented. Based upon the weight of this
> information, I have upgraded my MTA to full 'zen' RBL checking.
>
> However, I would like to point out that there is a class of 'poor'
> internet users who want to send mail legitimately directly from their
> dynamic IP. These are people who either want to send more mail than their
> ISP's outgoing server permits, or wish to avoid additional fees from
> their ISP. Technically, yes, they are trying to get 'around' the policies
> of their ISP. But (by most notewrothy example) if they are outside the
> area for DSL service and *must* use the local cable high speed, and the
> cable company's pricing policy presumes that any sender of large volumes
> of mail simply 'must' be a commercial venture, immediately doubling the
> cost of the home internet connection to a 'business' one, then the
> operator of a small club mailing list may have no choice but to try and
> send their mail directly. Oddly enough, these users are often able to buy
> a static IP for a reasonable surcharge, so that they don't have issues
> with Dynamic IP blocklists, but then they can still run into the PBL if
> their cable company has sent in their IP ranges...
> These people are not without 'other solutions'. But they are making the
> best of a bad one. Is this enough to warrant down-scoring the PBL? I no
> longer think so. But just so we're clear, just because an ISP says that
> they have a 'policy' does not mean we can brush off the attempts by
> people to bypass being *stuck* with those ISP's as not really being
> 'legitimate'.
> There are always exceptions.
Imho, the important question is, why such home user wants to send large
amounts of mail, if (s)he can't find any (free) hosting that will allow him
to do that, and, the main question, if (s)he pays enough to the provider,
who in such case shares the rick of blacklisting in case of real spam
outbreak.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 26-Jun-2009, at 08:18, Charles Gregory wrote:
> On Thu, 25 Jun 2009, LuKreme wrote:
>> If only more people understood this. Thanks for the post John, you
>> summarized it very well. If anyone ever whines about the PBL again,
>> please repost.
>
> Firstly, my thanks to all who commented. Based upon the weight of
> this information, I have upgraded my MTA to full 'zen' RBL checking.
>
> However, I would like to point out that there is a class of 'poor'
> internet users who want to send mail legitimately directly from
> their dynamic IP. These are people who either want to send more mail
> than their ISP's outgoing server permits, or wish to avoid
> additional fees from their ISP.
Too bad. I will not accept mail from them. I have numerous checks in
place to prevent users on dynamic IPs sending mail to me.
> Technically, yes, they are trying to get 'around' the policies of
> their ISP. But (by most notewrothy example) if they are outside the
> area for DSL service and *must* use the local cable high speed, and
> the cable company's pricing policy presumes that any sender of large
> volumes of mail simply 'must' be a commercial venture, immediately
> doubling the cost of the home internet connection to a 'business'
> one, then the operator of a small club mailing list may have no
> choice but to try and send their mail directly.
Nope, there are other choices. You can use any mailserver to send your
mail. that's what submission is for. You cannot use your dynamic
connection as a mailserver because if you do, the majority of admins
will assume you are a spammer.
> These people are not without 'other solutions'. But they are making
> the best of a bad one. Is this enough to warrant down-scoring the PBL?
Not in my opinion. And for me, PBL is not a score, it is a flat-out
blacklist with an instant rejection before the DATA phase of the SMTP
transaction.
> I no longer think so. But just so we're clear, just because an ISP
> says that they have a 'policy' does not mean we can brush off the
> attempts by people to bypass being *stuck* with those ISP's as not
> really being 'legitimate'.
> There are always exceptions.
No. There are NO circumstances under which it is OK for someone on a
PBL (or non-PBL dynamic) connection to send email DIRECTLY to my
mailserver.
--
Well boys, we got three engines out, we got more holes in us than a
horse trader's mule, the radio is gone and we're leaking fuel
and if we was flying any lower why we'd need sleigh bells on
this thing... but we got one little budge on those Roosskies.
At this height why they might harpoon us but they dang sure
ain't gonna spot us on no radar screen!
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Fri, 26 Jun 2009, John Rudd wrote:
> It sounds like Charles' user base and cost/benefit analysis is
> different, and that's fine.
Actually no, it's not. I arrive at the same cost/benefit analysis and have
instituted the same general policy - I block all hosts on PBL. Thought I
made that part clear.
> But my point here is: legitimate isn't just something that varies from
> mail-admin to mail-admin, and user to user, it's also a difference in
> whether you're talking about messages vs submitting hosts. Blocking a
> host as being illegitimate doesn't mean "it submits 0 legitimate
> messages". It means it doesn't submit enough legitimate messages to
> justify the number of illegitimate messages it is sending (or is likely
> to send, based upon whatever reputation/policy got it black listed).
(Charles nods enthusiastically) Exactly. It's the distinction between
whether a filter to block all references to a specific brand of drug
blocks a medical discussion about the drug. The filter has enforced the
policy perfectly, but the *intent* to only block drug *ads* has led to
a false positive. Likewise, the intent to block spammers by marking
their hosts as illegitimate also blocks legitimate senders who have ended
up in the IP block where they "don't legitimatey belong". They are not in
a legitimate place, but that doesn't stop them from *trying* to send
legitimate messages. Thanks John!
- C
Re: SORBS bites the dust
Posted by John Rudd <jr...@ucsc.edu>.
On Fri, Jun 26, 2009 at 15:23, LuKreme<kr...@kreme.com> wrote:
> On 26-Jun-2009, at 14:54, Charles Gregory wrote:
>>
>> I don't care. It's the *meaning* that matters. Not the *word*.
>
> Fine, then, the meaning. Your meaning is *wanted* and my meaning is mail
> from a verifiable source with a verifiable (fixed) IP, correct rDNS that is
> authorized to send mail and does not appear in the zen RBL. It also has to
> helo with a legitimate hostname and the rDNS cannot contain strings like
> 'pool' or 'dynamic' or 'dialup'.
It seems to me that this is "legitimate messages" vs "legitimate hosts".
Each mail admin, and organization, has to determine the cost of
deciding how to handle the signal to noise ratio generated by
different classes of hostss.
When a given single host is submitting a high ratio of
spam+viruses+phishing+etc. vs legitimate messages, at what point is
the cost of accepting its messages no longer justified in order to
obtain those legitimate messages? That's the question that motivates
implementing Spam/Open-Relay/etc. type black holes at the SMTP level.
PBL is similar, except that you're not considering a single host,
you're considering an entire class of hosts (dynamic hosts, end client
hosts, etc.), whose individual submission rates might be quite low,
because they're being leveraged by a well run/configured botnet. But,
the question is still the same: what is the value of accepting message
submissions directly from those hosts, compared to the cost of doing
so?
Obviously my site targets dynamic hosts quite aggressively (we utilize
both the PBL and the Botnet plugin). We've had VERY few complaints
about Botnet. We've had ONE complaint about the PBL since we started
using it (the minute it became available). Yet, implementing these
measures significantly altered our spam/virus/etc. load. We feel the
cost/benefit analysis doesn't justify letting those sites have direct
access to our SMTP prompts.
And, I say that as a site with LOTS of vocal "don't block ANY of our
mail!!!" users. We don't have the most cooperative of user bases (we
have users who have blocked our effort to save disk space by routinely
cleaning old messages out of trash folders ... because they use their
trash folder to store important messages *boggle*). Yet, we didn't
get push back, nor a wide base of complaint, about this issue.
It sounds like Charles' user base and cost/benefit analysis is
different, and that's fine. But my point here is: legitimate isn't
just something that varies from mail-admin to mail-admin, and user to
user, it's also a difference in whether you're talking about messages
vs submitting hosts. Blocking a host as being illegitimate doesn't
mean "it submits 0 legitimate messages". It means it doesn't submit
enough legitimate messages to justify the number of illegitimate
messages it is sending (or is likely to send, based upon whatever
reputation/policy got it black listed).
Just as with the definition of the PBL, the site admin needs to
understand that block lists are about legitimate hosts, not legitimate
messages.
RE: SORBS bites the dust
Posted by Cory Hawkless <co...@hawkless.id.au>.
Any examples of such active lists? I suspect a few of us would be
interested.
-----Original Message-----
From: J.D. Falk [mailto:jdfalk-lists@cybernothing.org]
Sent: Thursday, 2 July 2009 4:54 AM
To: users@spamassassin.apache.org
Subject: Re: SORBS bites the dust
Arvid Picciani wrote:
> Michael Grant wrote:
>> Unless I've missed a message... this is the 100th reply to this
>> thread. This has to be one of the longest threads I've seen on this
>> list in years.
>>
> Shows there is much to discuss on this matter. Isn't there a generic
> spam related mailing list?
There are many.
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
Re: SORBS bites the dust
Posted by "J.D. Falk" <jd...@cybernothing.org>.
Arvid Picciani wrote:
> Michael Grant wrote:
>> Unless I've missed a message... this is the 100th reply to this
>> thread. This has to be one of the longest threads I've seen on this
>> list in years.
>>
> Shows there is much to discuss on this matter. Isn't there a generic
> spam related mailing list?
There are many.
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Sat, 2009-06-27 at 10:59 +0200, Yet Another Ninja wrote:
> On 6/27/2009 10:55 AM, Arvid Picciani wrote:
> > Michael Grant wrote:
> >> Unless I've missed a message... this is the 100th reply to this
> >> thread. This has to be one of the longest threads I've seen on this
> >> list in years.
> >>
> >>
> > Shows there is much to discuss on this matter. Isn't there a generic
> > spam related mailing list?
>
> spam-l.com
NANAE ?
Re: SORBS bites the dust
Posted by Yet Another Ninja <sa...@alexb.ch>.
On 6/27/2009 10:55 AM, Arvid Picciani wrote:
> Michael Grant wrote:
>> Unless I've missed a message... this is the 100th reply to this
>> thread. This has to be one of the longest threads I've seen on this
>> list in years.
>>
>>
> Shows there is much to discuss on this matter. Isn't there a generic
> spam related mailing list?
spam-l.com
Re: SORBS bites the dust
Posted by Arvid Picciani <ae...@exys.org>.
Michael Grant wrote:
> Unless I've missed a message... this is the 100th reply to this
> thread. This has to be one of the longest threads I've seen on this
> list in years.
>
>
Shows there is much to discuss on this matter. Isn't there a generic
spam related mailing list?
Re: SORBS bites the dust
Posted by Michael Grant <mi...@gmail.com>.
Unless I've missed a message... this is the 100th reply to this
thread. This has to be one of the longest threads I've seen on this
list in years.
I have to say I have issues with your definition of legit mail. Many
people do send mail to other people out of the blue for legit reasons
other than having some previous relation with that person.
> 4. From gmail, yahoo or hotmail.
These sites do provide an important service for people. Not everyone
is tech savy to get their own domain name. If everyone had to use
their ISP's domain name, think of the mess each time you change your
ISP.
But in general, there is definitely a grey area about what is and what
isn't legit email and I have to say that spamassassin does do a pretty
decent job much of the time sorting it out.
Re: SORBS bites the dust
Posted by RW <rw...@googlemail.com>.
On Fri, 26 Jun 2009 16:23:22 -0600
LuKreme <kr...@kreme.com> wrote:
> That's not my definition at all; it's not even the definition of any
> mailadmin I've ever met. We reject mail users *want* all the time.
> It's our job.
> ...
> Just because the
> recipient WANTS it does not make it legitimate.
> ...
>
> Fine, then, the meaning. Your meaning is *wanted* and my meaning is
> mail from a verifiable source with a verifiable (fixed) IP, correct
> rDNS that is authorized to send mail and does not appear in the zen
> RBL. It also has to helo with a legitimate hostname and the rDNS
> cannot contain strings like 'pool' or 'dynamic' or 'dialup'.
Hmmm, does Godwin's law apply to comparison with the "Soup-Nazi"?
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Fri, 2009-06-26 at 21:06 -0400, Charles Gregory wrote:
> On Fri, 26 Jun 2009, LuKreme wrote:
> >> > See, it all comes down to what you think 'legitimate' is.
> >> The recipient wants the e-mail. DUH.
> > That's not my definition at all....
>
> The very reason for my posting. You need not repeat yourself.
>
> > ..... it's not even the definition of any mailadmin I've ever met. We
> > reject mail users *want* all the time. It's our job.
There is some mileage in that. Inappropriate use by staff mailing
massive, unnecessary attachments around is once such policy. The
recipients may well *want* these - but policies are often in place to
limit them.
> That got a genuine laugh.... Sounds like something out of the BOFH series.
>
> > Nope, sometimes people WANT email that is laden down with malware,
> > viruses, executable files, web bugs, or other things that compromise the
> > security of not just themselves, but of others.
Yep - I've had users call up asking why they have not had a email with a
file attachment they are expecting. You tell them "It has a virus" or
"It is not company policy to accept executable files by email" but do
they stop there. Oh no. They get the sender to try and forward it via
Hotmail or to a webmail account. When that blocks it too, you see the
sender try again - this time zipping it up and crap. So yes - there are
occasions when mailadmins block mail that recipients want and it is
correct to do so.
The thread has drifted and seems to be starting to take on the roll of
the Oxford English Dictionary of IT related Words.
Legitimate mail? Just what is it? One man's legitimate is another man's
illegitimate. One man's spam is another man's ham.
I apply a simple formula.
Legitimate mail comes from mail servers running on static IP's. These
will not fall in a range assigned as Dynamic. They will not be listed in
the PBL. The connecting IP will have - as a minimum - a PTR record. The
contents of which I'm not fussed about - it just needs to exist. That
will have me at least happy to 'listen' to what that server has to say
before making a decision on the mail it is sending. I've dealt with
small African businesses out in the bush operating mail servers over
miles of knackered telephone lines on modems, and even they can manage
to satisfy such basic requirements. If any other mail admin is not
capable of doing this then I don't want a connection from them (I
probably would not want them working for my organisation either - not if
I relied on email for my business).
Email has some similarities to snail mail. The onus is on the sender to
ship it correctly and NOT on the recipient. The sender must package and
address it correctly, put the right postage on it, and send it from the
correct place if you want delivery attempted on time or at all. You
would not expect your snail mail to be collected from a trash can and
delivered, you would use a defined mail box or post office.
Legitimate mail to me comes from a legitimate server as above. It's
content will then be;
1. A reply to a mail we have sent
2. An order, enquiry or quote
3. A staff message or memo
4. A request for help
There may be a few others, but legitimate mail will not generally be;
1. Someone trying to sell us something
2. Notifications of 'Special Offers'
3. Catch up mails from people we once bought a pencil from
4. From gmail, yahoo or hotmail. By far all I ever see from these
providers is Spam. If someone really does *not* have access to any other
form of email they can pick up the phone and call us and we can exempt
them. I've yet to find a legitimate business use any of them as their
primary email provider. Postini customers are also pushing their luck
with the way the sending server never sends a 'QUIT' on the end of the
session. This kind of sloppy crap is a different story but is mentioned
to show that even so called professional email organisations can be
sloppy and not do things as they should.
Finally - and this is the point where it is specifically relevant to
Spamassassin - it won't trip a set score in SA. There is no need for
legitimate mail to score high with SA.
That's my take on it and it works for us. We get the odd gripe from
managers called 'Steve' and 'Barry' that they have not had the 200 meg
of pictures from the weekend party. You know the kind - the self
important 'rules are not relevant to me' kind. It is usually sufficient
to remind them of the acceptable usage policy and that we are
overstaffed.
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Fri, 26 Jun 2009, LuKreme wrote:
>> > See, it all comes down to what you think 'legitimate' is.
>> The recipient wants the e-mail. DUH.
> That's not my definition at all....
The very reason for my posting. You need not repeat yourself.
> ..... it's not even the definition of any mailadmin I've ever met. We
> reject mail users *want* all the time. It's our job.
That got a genuine laugh.... Sounds like something out of the BOFH series.
> Nope, sometimes people WANT email that is laden down with malware,
> viruses, executable files, web bugs, or other things that compromise the
> security of not just themselves, but of others.
ROFLMAO - Now you're twisting the definition of WANT?
Excuse me, my BS threshold just got exceeded. I'm outta here!
-C
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 26-Jun-2009, at 14:54, Charles Gregory wrote:
> On Fri, 26 Jun 2009, LuKreme wrote:
>> On 26-Jun-2009, at 08:55, Charles Gregory wrote:
>>> we should not create a false sense of confidence that we will
>>> 'never' see legitimate mail come from a PBL-listed IP
>> Yes, we will *never* see legitimate mail from a PBL-listed IP.
>> See, it all comes down to what you think 'legitimate' is.
>
> The recipient wants the e-mail. DUH.
That's not my definition at all; it's not even the definition of any
mailadmin I've ever met. We reject mail users *want* all the time.
It's our job.
> A common, simple definition, and in terms of warning people about
> the imperfections of *any* blocklist, it is the one that MATTERS.
Nope, sometimes people WANT email that is laden down with malware,
viruses, executable files, web bugs, or other things that compromise
the security of not just themselves, but of others. Just because the
recipient WANTS it does not make it legitimate. Users also WANT to
send 50MB (or 3GB) attachments via email.
> This does not mean you have a bad policy. Nor does it mean that the
> people breaking
> their ISP's policy necessarily deserve to be given special treatment.
> It means only that you are misleading people to make them think that
> they will never have *wanted* mail blocked by PBL.
*wanted* mail is blocked all the time. What I say is that once a mail
is received by the server, it is never discarded; before I accept it
though, I will reject all sorts of mail for all sorts of reasons.
People are free to get their emil elsewhere. Most people find that
'elsewhere' means hundreds of more spam messages every single day. I
had one domain that was briefly hosted somewhere else. Their incoming
mail jumped from ~200 messages a day to nearly 2,000 messages a day.
They were completely overwhelmed with the mass of spam to the point
that their Outlook Database on their windows machines was overwhelmed
and corrupted itself. They lost all their email over the last three
years.
Fortunately for them, I had not deleted the maildirs off my server's
backups, so they were able to move their domain back and recover
almost all their mail.
> It has already happened. Will happen again. It is no different than
> some poor schmuck setting up their hosting and discovering they are
> in a spam-infested IP block. Doesn't mean their mail is 'not
> legitimate' because our policy agrees with spamhaus and blocks that
> whole range.
Again, you have a differing opinion of legitimate than I do.
> I don't care. It's the *meaning* that matters. Not the *word*.
Fine, then, the meaning. Your meaning is *wanted* and my meaning is
mail from a verifiable source with a verifiable (fixed) IP, correct
rDNS that is authorized to send mail and does not appear in the zen
RBL. It also has to helo with a legitimate hostname and the rDNS
cannot contain strings like 'pool' or 'dynamic' or 'dialup'.
--
I have a love child who sends me hate mail
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Fri, 26 Jun 2009, LuKreme wrote:
> On 26-Jun-2009, at 08:55, Charles Gregory wrote:
>> we should not create a false sense of confidence that we will 'never' see
>> legitimate mail come from a PBL-listed IP
> Yes, we will *never* see legitimate mail from a PBL-listed IP.
> See, it all comes down to what you think 'legitimate' is.
The recipient wants the e-mail. DUH.
A common, simple definition, and in terms of warning people about the
imperfections of *any* blocklist, it is the one that MATTERS. This does
not mean you have a bad policy. Nor does it mean that the people breaking
their ISP's policy necessarily deserve to be given special treatment.
It means only that you are misleading people to make them think that they
will never have *wanted* mail blocked by PBL. It has already happened.
Will happen again. It is no different than some poor schmuck setting up
their hosting and discovering they are in a spam-infested IP block.
Doesn't mean their mail is 'not legitimate' because our policy agrees with
spamhaus and blocks that whole range. Just means they are SOL. :)
Legitimate. If you're so hung up on the word, you can HAVE it.
I don't care. It's the *meaning* that matters. Not the *word*.
My appeal is to not confuse people who have a broader colloquial
understanding of the word. If someone is setting up their own mail filter,
they should know what to expect. And what they should expect is to
occasionally see someone complain about not being able to *receive* their
'legitimate' (by all common uses of the word) *wanted* e-mail because of
PBL or some other list.
You are, of course, welcome to argue with your users over the 'legitimacy'
of the e-mail being sent to them. :)
- Charles
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 26-Jun-2009, at 08:55, Charles Gregory wrote:
> we should not create a false sense of confidence that we will
> 'never' see legitimate mail come from a PBL-listed IP
Yes, we will *never* see legitimate mail from a PBL-listed IP.
See, it all comes down to what you think 'legitimate' is.
According to my 'legitimate' it is definitionally impossible for
legitimate mail to come to my mailserver from a PBL listed IP.
--
Satan oscillate my metallic sonatas
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Fri, 26 Jun 2009, Yet Another Ninja wrote:
> what you do is your choice.
(nod) I've already made my choice clear, and would advocate the same
for anyone else. My argument was only that we should not create a false
sense of confidence that we will 'never' see legitimate mail come from a
PBL-listed IP just because of the 'policy' basis. Some policies are just
plain stupid. LOL
But yeah, let's trashcan this one. I say again, thanks.
- Charles
Re: SORBS bites the dust
Posted by Yet Another Ninja <sa...@alexb.ch>.
On 6/26/2009 4:18 PM, Charles Gregory wrote:
> These people are not without 'other solutions'. But they are making the
> best of a bad one. Is this enough to warrant down-scoring the PBL? I no
> longer think so. But just so we're clear, just because an ISP says that
> they have a 'policy' does not mean we can brush off the attempts by
> people to bypass being *stuck* with those ISP's as not really being
> 'legitimate'.
> There are always exceptions.
what you do is your choice.
your MTA or SA or whatever give you the choice to implement *your* policy.
should we really keep on beating the dead horse, even in Spam-L .-)
(that was for ChrisH .-)
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Thu, 25 Jun 2009, LuKreme wrote:
> If only more people understood this. Thanks for the post John, you
> summarized it very well. If anyone ever whines about the PBL again,
> please repost.
Firstly, my thanks to all who commented. Based upon the weight of
this information, I have upgraded my MTA to full 'zen' RBL checking.
However, I would like to point out that there is a class of 'poor'
internet users who want to send mail legitimately directly from their
dynamic IP. These are people who either want to send more mail than their
ISP's outgoing server permits, or wish to avoid additional fees from their
ISP. Technically, yes, they are trying to get 'around' the policies of
their ISP. But (by most notewrothy example) if they are outside the area
for DSL service and *must* use the local cable high speed, and the cable
company's pricing policy presumes that any sender of large volumes of mail
simply 'must' be a commercial venture, immediately doubling the cost of
the home internet connection to a 'business' one, then the operator of a
small club mailing list may have no choice but to try and send their mail
directly. Oddly enough, these users are often able to buy a static IP for
a reasonable surcharge, so that they don't have issues with Dynamic IP
blocklists, but then they can still run into the PBL if their cable
company has sent in their IP ranges...
These people are not without 'other solutions'. But they are making the
best of a bad one. Is this enough to warrant down-scoring the PBL? I no
longer think so. But just so we're clear, just because an ISP says that
they have a 'policy' does not mean we can brush off the attempts by people
to bypass being *stuck* with those ISP's as not really being 'legitimate'.
There are always exceptions.
Thanks again for the discusssion/info.
- Charles
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 25-Jun-2009, at 16:01, John Rudd wrote:
> People who complain that the PBL is blocking things that aren't spam
> kind of don't get the point of the PBL. The PBL's definition means
> that it will block non-spam. It should also block a lot of spam, but
> the fact that it will block ham is not an indictment of the PBL. It
> just means that people who complain about that fact don't understand
> the PBL.
If only more people understood this. Thanks for the post John, you
summarized it very well. If anyone ever whines about the PBL again,
please repost.
I block the PBL at transaction because even if it's not spam, it is
unauthorized mail as defined by the owner of the IP. This means the
person on that IP has a legitimate NON-PBL method of sending mail, and
if they want to communicate with me, they will use it.
--
This is our music from the bachelor's den, the sound of loneliness
turned up to ten. A harsh soundtrack from a stagnant waterbed
and it sounds just like this. This is the sound of someone
losing the plot making out that they're OK when they're not.
You're gonna like it, but not a lot. And the chorus goes like
this...
Re: SORBS bites the dust
Posted by John Rudd <jr...@ucsc.edu>.
On Thu, Jun 25, 2009 at 14:41, mouss<mo...@ml.netoyen.net> wrote:
> James Wilkinson a écrit :
>> If you mean “IP address that should not have been in the PBL but was”,
>> that’s one thing. It’s a consistent definition, but not very useful for
>> stopping spam.
>>
>
> yes, the PBL may list blocks that contain networks which "want" to send
> mail directly, and which in principle, should be able to do so. but
> whatever decision you taéke here is difficult. if you say, I will only
> block those who I am certain are criminals, then some criminals will get
> in.
I think part of the point, though, is that the PBL isn't _directly_
about stopping spam. The PBL is about stopping portions of the
internet from sending email directly to hosts outside off their own
organizations. The "policy" that is the P in PBL is (someone's)
policy about who should or shouldn't be sending email directly to the
internet at large.
The PBL indirectly fights spam by keeping botnets from being able to
spew to the internet, and creating choke-points in each organization
through which that email will/should flow. But this is an indirect
result. There will be plenty of things that the PBL blocks that are
NOT spam, but are also not PBL false positives (in the sense that
"they are listed in the PBL and SHOULD be listed in the PBL, by the
definition of what the PBL says it will list").
People who complain that the PBL is blocking things that aren't spam
kind of don't get the point of the PBL. The PBL's definition means
that it will block non-spam. It should also block a lot of spam, but
the fact that it will block ham is not an indictment of the PBL. It
just means that people who complain about that fact don't understand
the PBL.
(and, people who block or score against PBL addresses in Received
headers, instead of only doing it against direct MTA connections,
probably also don't fully get the PBL)
Anyway, my point in reply to you is that it's not a difficult
stand/decision, as long as you understand what you're getting into.
You don't target PBL hosts to block/score spam, you block the PBL
hosts to enforce policies about who submits messages to whom.
If you agree with that policy concept, it's an easy decision (you use it).
If you don't agree with that policy concept, it's an easy decision
(you don't use it).
If you don't understand the policy concept, and you're just trying to
use it to "block spam and not block ham" then the difficulty is that
you're not using the right tool for the task at hand. That's not a
difficult decision, that's a difficulty understanding the world in
which you operate :-)
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 25-Jun-2009, at 15:41, mouss wrote:
> if you say, I will only block those who I am certain are criminals,
> then some criminals will get
> in.
s/some/almost all/
--
Battlemage? That's not a profession. It barely qualifies as a
hobby. 'Battlemage' is about impressive a title as 'Lord of the
Dance'. <PAUSE> I'm adding Lord of the Dance to my titles.
Re: SORBS bites the dust
Posted by mouss <mo...@ml.netoyen.net>.
James Wilkinson a écrit :
> mouss wrote (about the PBL):
>> stop spreading FUD. if you know of false positives, show us so that we
>> see what you exactly mean.
>>
>> a lot of people, including $self, use the PBL at smtp time.
>
> As usual, it depends on your definition of “false positive”.
>
fully agreed.
I personally find it bad to block any "non spamming network". but
sometimes, the only reasonable way to do this is via whitelists, and
unfortunatley, you can't whitelist unknown senders. so yes, I do block
some networks because I "think" they are too spammy (they may contain
"legitimate" IPs).
> If you mean “IP address that should not have been in the PBL but was”,
> that’s one thing. It’s a consistent definition, but not very useful for
> stopping spam.
>
> If you mean “solicited and/or non-bulk email that would have been
> stopped by the PBL”, then I’ve seen a number of small Indian and Chinese
> companies who are unaware of a lot of things, including the existence of
> the PBL and that it’s a Good Thing to send email through a smart host
> with a consistent IP address and reverse DNS.¹
>
yes, the PBL may list blocks that contain networks which "want" to send
mail directly, and which in principle, should be able to do so. but
whatever decision you taéke here is difficult. if you say, I will only
block those who I am certain are criminals, then some criminals will get
in.
whether you use them or not, lists that put some pressure on ISPs,
networks, .. are good, and are necessary. some time ago, open relay was
ok. now, you won't here much people saying "but I want the freedom to
relay... ".
yes, spammers are making us crazy ;-p
> Obviously, everyone’s email stream is different. Mine includes a
> commercially-significant amount of email from small companies in those
> two countries, and probably doesn’t include email from other countries
> where this takes place.
>
just to make things clear. while I do use zen, my setup is not what one
would call aggressive (I do complain about some networks, but I don't
block them. but I do block snowshoe spammers "too easily"). I do get
"alien" mail from some networks (and not even from Asia!), and while I
have thought of comibing checks (x AND y AND z), I found solicited mail
that matches every bad thing I wanted to mix in the rule!
> But by this definition, false positives do occur, and my company’s
> SpamAssassin installation has to try to handle them.
>
> James.
>
> ¹ Fortunately, they’re also unaware that signatures should be removed
> when replying. That, a standard corporate signature including company
> registration data, a standard domain in each Message-ID that doesn’t
> appear in public DNS, a few negatively-scored custom rules to detect
> these, and the AWL mean that once someone has responded to one of our
> emails, they get automatically whitelisted. So at least existing
> correspondents don’t get blocked.
>
Re: SORBS bites the dust
Posted by James Wilkinson <sa...@aprilcottage.co.uk>.
mouss wrote (about the PBL):
> stop spreading FUD. if you know of false positives, show us so that we
> see what you exactly mean.
>
> a lot of people, including $self, use the PBL at smtp time.
As usual, it depends on your definition of “false positive”.
If you mean “IP address that should not have been in the PBL but was”,
that’s one thing. It’s a consistent definition, but not very useful for
stopping spam.
If you mean “solicited and/or non-bulk email that would have been
stopped by the PBL”, then I’ve seen a number of small Indian and Chinese
companies who are unaware of a lot of things, including the existence of
the PBL and that it’s a Good Thing to send email through a smart host
with a consistent IP address and reverse DNS.¹
Obviously, everyone’s email stream is different. Mine includes a
commercially-significant amount of email from small companies in those
two countries, and probably doesn’t include email from other countries
where this takes place.
But by this definition, false positives do occur, and my company’s
SpamAssassin installation has to try to handle them.
James.
¹ Fortunately, they’re also unaware that signatures should be removed
when replying. That, a standard corporate signature including company
registration data, a standard domain in each Message-ID that doesn’t
appear in public DNS, a few negatively-scored custom rules to detect
these, and the AWL mean that once someone has responded to one of our
emails, they get automatically whitelisted. So at least existing
correspondents don’t get blocked.
--
E-mail: james@ | Top Tip: If you are being chased by a police dog, don’t
aprilcottage.co.uk | try to get away by crawling through a tunnel, going onto
| a little see-saw, and jumping through a hoop of fire.
| They are trained for that, you see.
| -- “Bystander”, London magistrate
Re: SORBS bites the dust
Posted by Henrik K <he...@hege.li>.
On Tue, Jun 23, 2009 at 02:34:05PM -0400, Charles Gregory wrote:
> On Tue, 23 Jun 2009, mouss wrote:
>>> When I did my research for setting up RBL's, I found old comparisons
>>> between RBL's that seemed to indicate that the spamhaus PBL and the
>>> spamcop lists had slightly higher levels of flase postives.
>> stop spreading FUD. if you know of false positives, show us so that we
>> see what you exactly mean.
>
> It's difficult to find current data. The original document I found,
> somewhere among old spamassassin wiki/forum files, was a decent
> comparison of the percentage FP's and FN's for many blocklists, but do
> you think I can find it now? :)
>
> I found *some* stats at http://stats.dnsbl.com which would seem to
> suggest that the spamcop database is now very accurate. Though I am
> somewhat hesitant to use spamcop as our own servers once had a brief
> listing with them (and it wasn't due to spam). Even so their stats
> all seem to be at least a year old?
>
> Still hoping to find something more recent and detailed....
Lets get serious. The only data you can trust is your _own_. Dont't shoot
you and us in the foot by trying to find stats like this. Try them on your
feed with logging.
Al Iverson has his own way of calculating things. If you look at the some
stats they make no sense like uceprotect-3 being near 0% etc.
Re: [sa] Re: SORBS bites the dust
Posted by mouss <mo...@ml.netoyen.net>.
Charles Gregory a écrit :
> On Wed, 24 Jun 2009, Matus UHLAR - fantomas wrote:
>>> somewhat hesitant to use spamcop as our own servers once had a brief
>>> listing with them (and it wasn't due to spam).
>> Got more info?
>
> Sadly, we're dealing with my aging memory. :)
>
> While I cannot remember precisely, categorically it was a situation like:
> 1) A piece of junk that one of our users had forwarded to another server
> and then THE USER 'reported' the spam (which naturally had *our* IP at
> the top), or,
> 2) Someone 'reported as spam' a bounce from our server that had their
> address forged as sender (for some condition like 'full mailbox' which
> even now still sometimes generates a DSN rather than being rejected at
> the SMTP gateway).
>
neither of these will et you listed on zen. zen is composed of
- pbl: these are IPs that are not supposed to send mail. this is either
decided by the ISP (then if you're listed, you know to whom to complain)
or by spamhaus (this is when the ISP doesn't want to tell which IPs are
"dynamic/residential/...").
- sbl: these are "confirmed" spammers. you don't end up here as a result
of a misconfiguration.
- xbl (cbl, njabl-proxy): these are "infected" boxes.
you may get listed on spamcop though, but such a listing expires
automatically unless the conditions are repeated. and I don't consider
such a listing to be an FP.
> Admittedly we've made massive improvements to our systems since that
> time. We now filter at SMTP time, rather than have the filter in
> procmail which is bypassed by .forward, and I've put in extra mechanisms
> to catch as many of the 'full mailbox' type of conditions as possible at
> SMTP time.
>
> But whichever the case was, it still bothered me that this major
> blocklist seemed to have added our IP for a singular incident/report.
> I would expect there to be a minimal threshold for accidental or false
> reporting.
>
if you talk about spamcop or cbl, you really need to reread how they
work. it is good even for you that they list you if they detect bad
behaviour. this gives you a chance to fix the problem. (I had this with
one IP, that I finally decided to block myself).
> Mind you, there is every chance that spamcop has upgraded their systems
> in the intervening years. All I have to go on is my experience. :)
>
spamcop has changed few years ago (3 years?). so if you're talking about
an old incident, then it's no more relevant.
> Anyways, there's what 'info' I have. I won't be surprised if it's not
> 'good enough' for anyone. If someone knows something improvements to
> their spam reporting, I would be interested..... Thanks.
>
I don't use spamcop at smtp level, because I know they block some
networks I want mail from, but the block is understandable (large
university where one of the internal dept has its own relay, which can't
be disabled for now, and which has a bogus list mgmt software that can't
yet be kicked off. in short, the block is bad for the university in the
short run, but it gives an argument to disable those old setups, which
is the way to go).
Re: [sa] Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Wed, 24 Jun 2009, Matus UHLAR - fantomas wrote:
>> somewhat hesitant to use spamcop as our own servers once had a brief
>> listing with them (and it wasn't due to spam).
> Got more info?
Sadly, we're dealing with my aging memory. :)
While I cannot remember precisely, categorically it was a situation like:
1) A piece of junk that one of our users had forwarded to another server
and then THE USER 'reported' the spam (which naturally had *our* IP at
the top), or,
2) Someone 'reported as spam' a bounce from our server that had their
address forged as sender (for some condition like 'full mailbox' which
even now still sometimes generates a DSN rather than being rejected at
the SMTP gateway).
Admittedly we've made massive improvements to our systems since that time.
We now filter at SMTP time, rather than have the filter in procmail which
is bypassed by .forward, and I've put in extra mechanisms to catch as many
of the 'full mailbox' type of conditions as possible at SMTP time.
But whichever the case was, it still bothered me that this major
blocklist seemed to have added our IP for a singular incident/report.
I would expect there to be a minimal threshold for accidental or false
reporting.
Mind you, there is every chance that spamcop has upgraded their systems in
the intervening years. All I have to go on is my experience. :)
Anyways, there's what 'info' I have. I won't be surprised if it's not
'good enough' for anyone. If someone knows something improvements to their
spam reporting, I would be interested..... Thanks.
- Charles
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Tue, 23 Jun 2009, mouss wrote:
>>> When I did my research for setting up RBL's, I found old comparisons
>>> between RBL's that seemed to indicate that the spamhaus PBL and the
>>> spamcop lists had slightly higher levels of flase postives.
>> stop spreading FUD. if you know of false positives, show us so that we
>> see what you exactly mean.
On 23.06.09 14:34, Charles Gregory wrote:
> It's difficult to find current data. The original document I found,
> somewhere among old spamassassin wiki/forum files, was a decent
> comparison of the percentage FP's and FN's for many blocklists, but do
> you think I can find it now? :)
The only FPs in PBL are IP addresses that don't really fullfill requirement
that they should not send mail. E.g. mail that is not dynamic and ISP agrees
it may send mail to destinations.
I think that in case of "yes you want mail from them" should not be called
a FP when those IPs are dynamic etc.
The same applies for sorbs dul ...
> I found *some* stats at http://stats.dnsbl.com which would seem to
> suggest that the spamcop database is now very accurate. Though I am
> somewhat hesitant to use spamcop as our own servers once had a brief
> listing with them (and it wasn't due to spam).
Got more info?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Tue, 23 Jun 2009, mouss wrote:
>> When I did my research for setting up RBL's, I found old comparisons
>> between RBL's that seemed to indicate that the spamhaus PBL and the
>> spamcop lists had slightly higher levels of flase postives.
> stop spreading FUD. if you know of false positives, show us so that we
> see what you exactly mean.
It's difficult to find current data. The original document I found,
somewhere among old spamassassin wiki/forum files, was a decent comparison
of the percentage FP's and FN's for many blocklists, but do you think I
can find it now? :)
I found *some* stats at http://stats.dnsbl.com which would seem to
suggest that the spamcop database is now very accurate. Though I am
somewhat hesitant to use spamcop as our own servers once had a brief
listing with them (and it wasn't due to spam). Even so their stats
all seem to be at least a year old?
Still hoping to find something more recent and detailed....
I think I will upgrade from using sbl-xbl to using 'zen' at the MTA level,
as it seems to be universally recommended....
- Charles
Re: SORBS bites the dust
Posted by mouss <mo...@ml.netoyen.net>.
Charles Gregory a écrit :
> On Mon, 22 Jun 2009, richard@buzzhost.co.uk wrote:
>> Really? Personally I find the PBL just kicks its ass.
>
> When I did my research for setting up RBL's, I found old comparisons
> between RBL's that seemed to indicate that the spamhaus PBL and the
> spamcop lists had slightly higher levels of flase postives.
stop spreading FUD. if you know of false positives, show us so that we
see what you exactly mean.
a lot of people, including $self, use the PBL at smtp time.
> Not 'bad',
> but just poor enough that I prefer to give PBL a weighted score in SA
> rather than run it as a poison pill in the MTA. Though with everything
> I've been seeing lately, I'm darned tempted to ramp it up. Especially if
> sorbs DUL list is going to go bye-bye....
>
> Perhaps it is time to do some new comparisons? Does anyone have some
> stats on the effectiveness of various RBL's versus the FP rate?
at this time, zen is _the_ list.
> Presumably the scoring defaults in SA are somehow based on this, but I
> wouldn't mind being able to decide for myself. Unfortunately, the
> privacy regs prevent me from keeping a good corpus here and doing my own
> tests.....
despite the privacy "regs" here (and not only because of regs. I am
extremely attached to privacy), I have no problem keeping a corpus of
spam from one hand, and a list of IPs that sent "other" mail.
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Mon, 22 Jun 2009, richard@buzzhost.co.uk wrote:
> Really? Personally I find the PBL just kicks its ass.
When I did my research for setting up RBL's, I found old comparisons
between RBL's that seemed to indicate that the spamhaus PBL and the
spamcop lists had slightly higher levels of flase postives. Not 'bad',
but just poor enough that I prefer to give PBL a weighted score in SA
rather than run it as a poison pill in the MTA. Though with everything
I've been seeing lately, I'm darned tempted to ramp it up. Especially if
sorbs DUL list is going to go bye-bye....
Perhaps it is time to do some new comparisons? Does anyone have some stats
on the effectiveness of various RBL's versus the FP rate? Presumably the
scoring defaults in SA are somehow based on this, but I wouldn't mind
being able to decide for myself. Unfortunately, the privacy regs prevent
me from keeping a good corpus here and doing my own tests.....
- Charles
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 22 Jun, 2009, at 16:17 , John Rudd wrote:
> You can wait 1 year ... or pay $50 to some approved charity. So, yes,
> you can not pay anything, if you're willing to wait a year. And if
> you do pay, you don't pay THEM exactly. But, it still remains that
> they expect some form of financial offset in order to get off their
> list in less than a year.
Actually, it is 1 year PER SPAM, or $50 PER SPAM. This was a way of
punishing actual spammers. I never heard of SORBS forcing anyone to
wait a year or pay $50 a spam for accidental listing, temporary
failures, or anything else along those line. In essence, this policy
was in place to scare off the real spammers who would be looking at
that thinking, "HOly, shit, I'd have to pay $50,000,000,000 to get
delisted!"
--
Amazingly Beautiful Creatures Dancing Excites the Forest
Glade, in my Heart how I do Jump like the Kudo Listen to the
Music so Nice the Organ Plays. Quietly Rests the Sleepy
Tiger Under the Vine tree at the Water's side and X marks
the spot 'neath the Yellow moon where the Zulu king and
I did hide.
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Tue, 23 Jun 2009, Jeremy Morton wrote:
> Maybe it was better back then, but maybe a year ago I had the same problem
> and got NO response. Its death actually is good news because it means not so
> many innocent people will be able to be listed now.
Perhaps, this was when Matthew was located in Brisbane where I am, last I
heard he moved down south (he maybe be back, have not had a need to talk
to him since so dont know)
SORBS is heavily used in AU, and blocks far more than spamcop or spamhaus,
might be different for other parts of the world, I dunno, but will be a
large spam increase for us here if it closes.
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by Jeremy Morton <ad...@game-point.net>.
Res wrote:
> On Mon, 22 Jun 2009, John Rudd wrote:
>
>> You can wait 1 year ... or pay $50 to some approved charity. So, yes,
>> you can not pay anything, if you're willing to wait a year. And if
>> you do pay, you don't pay THEM exactly. But, it still remains that
>> they expect some form of financial offset in order to get off their
>> list in less than a year.
>>
>> http://www.au.sorbs.net/faq/spamdb.shtml
>
>
> Rubbish, we had one of ours in it a couple years ago, it took a couple
> emails and no more than a few days for removal, nothing paid either.
Maybe it was better back then, but maybe a year ago I had the same
problem and got NO response. Its death actually is good news because it
means not so many innocent people will be able to be listed now.
Best regards,
Jeremy Morton (Jez)
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Mon, 22 Jun 2009, John Rudd wrote:
> You can wait 1 year ... or pay $50 to some approved charity. So, yes,
> you can not pay anything, if you're willing to wait a year. And if
> you do pay, you don't pay THEM exactly. But, it still remains that
> they expect some form of financial offset in order to get off their
> list in less than a year.
>
> http://www.au.sorbs.net/faq/spamdb.shtml
Rubbish, we had one of ours in it a couple years ago, it took a couple
emails and no more than a few days for removal, nothing paid either.
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by John Rudd <jr...@ucsc.edu>.
On Mon, Jun 22, 2009 at 15:06, Arvid Picciani<ae...@exys.org> wrote:
> Jeremy Morton wrote:
>>
>> You then have to pay their tithe money to get people to start receiving
>> your e-mail again.
>
> sorbs doesn't charge for delisting.
> Actually no trustworthy bl does.
Technically correct, but not literally.
You can wait 1 year ... or pay $50 to some approved charity. So, yes,
you can not pay anything, if you're willing to wait a year. And if
you do pay, you don't pay THEM exactly. But, it still remains that
they expect some form of financial offset in order to get off their
list in less than a year.
http://www.au.sorbs.net/faq/spamdb.shtml
Re: SORBS bites the dust
Posted by Arvid Picciani <ae...@exys.org>.
Jeremy Morton wrote:
> You then have to pay their tithe money to get people to start
> receiving your e-mail again.
sorbs doesn't charge for delisting.
Actually no trustworthy bl does.
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>> On Mon, 2009-06-22 at 19:40 +0200, Arvid Picciani wrote:
>>> richard@buzzhost.co.uk wrote:
>>>> It comes with great sadness that I have to announce the imminent
>>>> closure
>>>> of SORBS. The University of Queensland have decided not to honor their
>>>> agreement with myself and SORBS and terminate the hosting contract.
>>>>
>>>>
>>> crap ... sorbs is the only list I trust enough to have them at SMTP level.
> richard@buzzhost.co.uk wrote:
>> Really? Personally I find the PBL just kicks its ass. People tended to
>> bitch that sorbs charged for removal, but I can't say why they said
>> that.
On 22.06.09 23:01, Jeremy Morton wrote:
> You really can't?
>
> SORBS accidentally blacklist your domain. You then have to pay their
> tithe money to get people to start receiving your e-mail again. I say
> that sucks. BTW, it happened to my domain, I tried to contact them, and
> got one automated response e-mail. Nothing more. Good riddance to them.
they don't "accidentally" blacklist. The $50 fee is/was only required for
"spam" database you can get into only by spamming sorbs.
And the "spam" was taken out of agregate sorbs blacklist long time ago.
We were able to contact them and delist spamming IPs, not once
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Tue, 23 Jun 2009, Matus UHLAR - fantomas wrote:
>> On Tue, 23 Jun 2009, mouss wrote:
>>> payment were only needed for spam, not for "dul"....
>
> On 23.06.09 11:07, Res wrote:
>> not really :) despite what their site said/says.. its kind of a detterent
>> i think sunno we never paid
>
> well, we've had out IPs in the DUL (i asked for listing them) and we got
> them removed by the instructions on their web... I have no proofs they don't
> delist from DUL if you fullfill their (imho proper) requirements
We had no problem with them listing our residential DUL ranges, we were
happy for that, only unhappy when one of our mal servers got listed :),
but as mentioned, it was fairly painless to get it removed back then.
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Tue, 23 Jun 2009, mouss wrote:
>> payment were only needed for spam, not for "dul"....
On 23.06.09 11:07, Res wrote:
> not really :) despite what their site said/says.. its kind of a detterent
> i think sunno we never paid
well, we've had out IPs in the DUL (i asked for listing them) and we got
them removed by the instructions on their web... I have no proofs they don't
delist from DUL if you fullfill their (imho proper) requirements
>> anyway, this is getting way off topic. whatever you & I think of how
>> sorbs should have been run (and thinking != running), its death, if
>> confirmed, is sad news.
>
> If it is confirmed it wil indeed be sad times, SORBS catches the most of
> the crap that comes in here
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"They say when you play that M$ CD backward you can hear satanic messages."
"That's nothing. If you play it forward it will install Windows."
Re: SORBS bites the dust
Posted by Benny Pedersen <me...@junc.org>.
On Thu, June 25, 2009 15:08, Res wrote:
> On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
> Actually, you were first blocked by a milter because your SPF record
> contains "junk" get someone with a clue to set it up for you
http://old.openspf.org/wizard.html?mydomain=buzzhost.co.uk&submit=Go!
remove ptr also, doom ? :)
> -Beware of programmers who carry screwdrivers
beware of apple that did not want there phones to show comodore 64 games,
i can just say "nokia connecting people" :)
--
xpoint
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Thu, 25 Jun 2009, LuKreme wrote:
> On 25-Jun-2009, at 07:08, Res wrote:
>> On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
>>
>>> 1. It's 'You're' a joke - not 'your' a joke
>>
>> Ah the classic sign of someone in defeat, has to nit pick someones grammer
>
> NB: it's spelt grammar
yyyaaaaaawwwwnnnnn
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 25-Jun-2009, at 07:08, Res wrote:
> On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
>
>> 1. It's 'You're' a joke - not 'your' a joke
>
> Ah the classic sign of someone in defeat, has to nit pick someones
> grammer
NB: it's spelt grammar
--
There is a tragic flaw in our precious Constitution, and I don t
know what can be done to fix it. This is it: Only nut cases
want to be president.
Re: SORBS bites the dust
Posted by Arvid Picciani <ae...@exys.org>.
Jack Pepper wrote:
> How long will this go before Godwin's law finally kicks in?
It already did.
> 1. It's 'You're' a joke - not 'your' a joke
> Now I'm just watching for the fun of it
Try IRC :-P
Re: SORBS bites the dust
Posted by "J.D. Falk" <jd...@cybernothing.org>.
DAve wrote:
> Jack Pepper wrote:
>> How long will this go before Godwin's law finally kicks in? Now I'm
>> just watching for the fun of it .....
>
> Yea, this is why when my bosses ask where I get my information I tell
> them from a closed forum. If they read the adolescent ramblings that got
> posted on email/spam lists they wouldn't allow us to use half the
> software we do.
One of my co-workers was recently talking as if he thought SpamAssassin was
some businesslike organization we could negotiate with. I've been tempted
to send him this thread.
(Not sure what he wanted to negotiate /for/, either.)
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
Re: SORBS bites the dust
Posted by DAve <da...@pixelhammer.com>.
Jack Pepper wrote:
> How long will this go before Godwin's law finally kicks in? Now I'm
> just watching for the fun of it .....
Yea, this is why when my bosses ask where I get my information I tell
them from a closed forum. If they read the adolescent ramblings that got
posted on email/spam lists they wouldn't allow us to use half the
software we do.
DAve
>
> Quoting Res <re...@ausics.net>:
>
>> On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
>>
>>> 1. It's 'You're' a joke - not 'your' a joke
>>
>> Ah the classic sign of someone in defeat, has to nit pick someones
>> grammer
>>
>>> 2. You could always try setting up your Mickey Mouse 'blocked using
>>> dnsbl.lan' restriction so it works properly LOL.
>>
>> Actually, you were first blocked by a milter because your SPF record
>> contains "junk" get someone with a clue to set it up for you
>>
>> your internal bloack list blocks this mail servers IP anyway, so pot
>> kettle black, tosser.
>>
>>> 3. The day I give a shit about what an Australian spammer thinks of me,
>>> will be the day hell freezes over.
>>
>> oh im a spammer now am I, awww poor widdle wicky, go cry to mummy, or
>> tell someone who gives a fuck.
>>
>>
>> --
>> Res
>>
>> -Beware of programmers who carry screwdrivers
>
--
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams
http://appleseedinfo.org
Re: SORBS bites the dust
Posted by Jack Pepper <pe...@autoshun.org>.
How long will this go before Godwin's law finally kicks in? Now I'm
just watching for the fun of it .....
Quoting Res <re...@ausics.net>:
> On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
>
>> 1. It's 'You're' a joke - not 'your' a joke
>
> Ah the classic sign of someone in defeat, has to nit pick someones grammer
>
>> 2. You could always try setting up your Mickey Mouse 'blocked using
>> dnsbl.lan' restriction so it works properly LOL.
>
> Actually, you were first blocked by a milter because your SPF record
> contains "junk" get someone with a clue to set it up for you
>
> your internal bloack list blocks this mail servers IP anyway, so pot
> kettle black, tosser.
>
>> 3. The day I give a shit about what an Australian spammer thinks of me,
>> will be the day hell freezes over.
>
> oh im a spammer now am I, awww poor widdle wicky, go cry to mummy,
> or tell someone who gives a fuck.
>
>
> --
> Res
>
> -Beware of programmers who carry screwdrivers
--
Simple compliance is a hacker's best friend
----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com
Re: SORBS bites the dust
Posted by jdow <jd...@earthlink.net>.
From: "Res" <re...@ausics.net>
Sent: Thursday, 2009/June/25 06:08
> On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
>> 3. The day I give a shit about what an Australian spammer thinks of me,
>> will be the day hell freezes over.
>
> oh im a spammer now am I, awww poor widdle wicky, go cry to mummy, or tell
> someone who gives a fuck.
And, Res, profanity is the effort of a weak mind to express itself.
Now all of you pull your keyboard's plug.
{^_^}
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
> 1. It's 'You're' a joke - not 'your' a joke
Ah the classic sign of someone in defeat, has to nit pick someones grammer
> 2. You could always try setting up your Mickey Mouse 'blocked using
> dnsbl.lan' restriction so it works properly LOL.
Actually, you were first blocked by a milter because your SPF record
contains "junk" get someone with a clue to set it up for you
your internal bloack list blocks this mail servers IP anyway,
so pot kettle black, tosser.
> 3. The day I give a shit about what an Australian spammer thinks of me,
> will be the day hell freezes over.
oh im a spammer now am I, awww poor widdle wicky, go cry to mummy, or tell
someone who gives a fuck.
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Thu, 2009-06-25 at 18:24 +1000, Res wrote:
> On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
>
> > On Thu, 2009-06-25 at 17:41 +1000, Res wrote:
> >
> >> if you jump on a bandwagon without first hand experience, thats *exactly*
> >> what you are, if you had experienced it first hand of course you become an
> >> authority on the subject in your your case, and your opinion matters as
> >> factual, but you by your own admission, you have not, and last I checked
> >> guilt by association was not a crime in modernised civil countries :)
> >
> > Indeed. I can only apologise for any offence or 'trolling'.
>
> LOL your a joke, you send this on list, yet send me a private email
> calling me a wanker.. LOL dont bother replying :)
>
>
4 things;
1. It's 'You're' a joke - not 'your' a joke
2. You could always try setting up your Mickey Mouse 'blocked using
dnsbl.lan' restriction so it works properly LOL.
3. The day I give a shit about what an Australian spammer thinks of me,
will be the day hell freezes over.
4. If that cap fits dude - wear it.
*plonk*
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
> On Thu, 2009-06-25 at 17:41 +1000, Res wrote:
>
>> if you jump on a bandwagon without first hand experience, thats *exactly*
>> what you are, if you had experienced it first hand of course you become an
>> authority on the subject in your your case, and your opinion matters as
>> factual, but you by your own admission, you have not, and last I checked
>> guilt by association was not a crime in modernised civil countries :)
>
> Indeed. I can only apologise for any offence or 'trolling'.
LOL your a joke, you send this on list, yet send me a private email
calling me a wanker.. LOL dont bother replying :)
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Thu, 2009-06-25 at 17:41 +1000, Res wrote:
> if you jump on a bandwagon without first hand experience, thats *exactly*
> what you are, if you had experienced it first hand of course you become an
> authority on the subject in your your case, and your opinion matters as
> factual, but you by your own admission, you have not, and last I checked
> guilt by association was not a crime in modernised civil countries :)
Indeed. I can only apologise for any offence or 'trolling'.
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Thu, 25 Jun 2009, richard@buzzhost.co.uk wrote:
> Personally I have mixed views on charging for delisting. In some
> instances it would be appropriate and I would not dismiss it out of
> hand. Certainly for repeat offenders I think it would be highly
> desirable.
Agreed, its one wya to make the admin team get off their ass.
>
> I don't recall saying you were a liar anywhere and I'm glad you are not
Not you, Mouss implied it.
> hissy fits, throwing their toys out of their prams and suggesting people
> are 'trolls' because they don't like the opinions of others.
if you jump on a bandwagon without first hand experience, thats *exactly*
what you are, if you had experienced it first hand of course you become an
authority on the subject in your your case, and your opinion matters as
factual, but you by your own admission, you have not, and last I checked
guilt by association was not a crime in modernised civil countries :)
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Thu, 2009-06-25 at 09:16 +1000, Res wrote:
> On Wed, 24 Jun 2009, richard@buzzhost.co.uk wrote:
>
> >> This is wrong. if you have evidence, show it. if not, stop spreading
> >> rumours. I have delisted an IP in the past, and I have been watching
> >> people trying to delist a block but without clues on how to do it...
> >>
> > I have to agree with Mouss here. I've not tried with Sorbs but I used to
> > get a ton of calls at Barracuda because people had ended up on their
> > 'reputation' list. Charming calls in fact, often describe sexual acts my
> > mother was alleged to perform in the vicinity of the devil.
> >
>
> You agree with him but have never had to do it? Thats akin to trolling
> since you admit you speak without knowing first hand, I speak from first
> hand, and I wont lose any sleep over some ignorant clown who calls me a
> liar, however, any respect I had for that person is now out the window,
> I have no doubt that there might be 'spammer safe havens' that they have
> refused to de-list without payment, but they never demanded it from us,
> 2006 I think it was when one of our key servers got listed, once they were
> happy that we dealt with the (virus infected windows) customer, all was
> good, Matthew created us a login on their site so that we could see all
> the headers for any complaints, and deal with them promptly like we
> always did once we knew who they were.
>
>
I agree with the point that getting delisted is probably not that
difficult - but yes, as far as sorbs has gone I've not had to try.
Therefore I related similar experience but appreciate that is not exact.
Personally I have mixed views on charging for delisting. In some
instances it would be appropriate and I would not dismiss it out of
hand. Certainly for repeat offenders I think it would be highly
desirable.
I don't recall saying you were a liar anywhere and I'm glad you are not
going to loose any sleep. I don't tend to loose sleep over people having
hissy fits, throwing their toys out of their prams and suggesting people
are 'trolls' because they don't like the opinions of others.
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Wed, 24 Jun 2009, richard@buzzhost.co.uk wrote:
>> This is wrong. if you have evidence, show it. if not, stop spreading
>> rumours. I have delisted an IP in the past, and I have been watching
>> people trying to delist a block but without clues on how to do it...
>>
> I have to agree with Mouss here. I've not tried with Sorbs but I used to
> get a ton of calls at Barracuda because people had ended up on their
> 'reputation' list. Charming calls in fact, often describe sexual acts my
> mother was alleged to perform in the vicinity of the devil.
>
You agree with him but have never had to do it? Thats akin to trolling
since you admit you speak without knowing first hand, I speak from first
hand, and I wont lose any sleep over some ignorant clown who calls me a
liar, however, any respect I had for that person is now out the window,
I have no doubt that there might be 'spammer safe havens' that they have
refused to de-list without payment, but they never demanded it from us,
2006 I think it was when one of our key servers got listed, once they were
happy that we dealt with the (virus infected windows) customer, all was
good, Matthew created us a login on their site so that we could see all
the headers for any complaints, and deal with them promptly like we
always did once we knew who they were.
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Wed, 2009-06-24 at 00:07 +0200, mouss wrote:
> Res a écrit :
> > On Tue, 23 Jun 2009, mouss wrote:
> >
> >> payment were only needed for spam, not for "dul"....
> >
> > not really :) despite what their site said/says.. its kind of a
> > detterent i think sunno we never paid
> >
>
> This is wrong. if you have evidence, show it. if not, stop spreading
> rumours. I have delisted an IP in the past, and I have been watching
> people trying to delist a block but without clues on how to do it...
>
I have to agree with Mouss here. I've not tried with Sorbs but I used to
get a ton of calls at Barracuda because people had ended up on their
'reputation' list. Charming calls in fact, often describe sexual acts my
mother was alleged to perform in the vicinity of the devil.
The conversation (typically)
You are blocking my email - why?
Your IP has been seen to send spam.
How do I get delisted?
How do you know you have been listed?
I had a email message telling me so.
What did the mail say?
Nothing much - it had a link in it which I clicked on and it took me to
Barracudacentral.org.
Did you see the link 'Removal Request'?
Yes.
Did you try it.
No.
Please go and try it. Is there anything else I can help you with today?
<CLICK>
I doubt that Sorbs make it any harder - but I've not had to do it.
Re: SORBS bites the dust
Posted by mouss <mo...@ml.netoyen.net>.
Res a écrit :
> On Tue, 23 Jun 2009, mouss wrote:
>
>> payment were only needed for spam, not for "dul"....
>
> not really :) despite what their site said/says.. its kind of a
> detterent i think sunno we never paid
>
This is wrong. if you have evidence, show it. if not, stop spreading
rumours. I have delisted an IP in the past, and I have been watching
people trying to delist a block but without clues on how to do it...
>> anyway, this is getting way off topic. whatever you & I think of how
>> sorbs should have been run (and thinking != running), its death, if
>> confirmed, is sad news.
>
> If it is confirmed it wil indeed be sad times, SORBS catches the most of
> the crap that comes in here
>
>
Re: SORBS bites the dust
Posted by John Rudd <jr...@ucsc.edu>.
On Mon, Jun 22, 2009 at 18:07, Res<re...@ausics.net> wrote:
> On Tue, 23 Jun 2009, mouss wrote:
>
>> payment were only needed for spam, not for "dul"....
>
> not really :) despite what their site said/says.. its kind of a detterent i
> think sunno we never paid
I think it's fair to hold/criticize/ridicule them to/for their public
statement of de-listing policy. Even more so if they don't enforce it
uniformly.
I know there are sites that haven't pursued it (for incidental events,
I'm not talking about spammers), or haven't used/supported them,
because of what their public de-listing policy says. So, whether they
enforce it reliably or not, the effect can be the same. (don't tell me
"they should have just emailed them!" -- bs. It's not the burden of
every person on the planet to second guess whether or not their
official policy is their _actual_ policy, but it IS SORBS burden to
live with the PR type implications of the policy they publish)
In general, I'm sad to see anti-spam resources go, sad to see
alternative strategies fail, and see the population of people trying
to solve the problem diminish. But, I'm not going to be too sad to
see this particular one go away.
Re: SORBS bites the dust
Posted by Res <re...@ausics.net>.
On Tue, 23 Jun 2009, mouss wrote:
> payment were only needed for spam, not for "dul"....
not really :) despite what their site said/says.. its kind of a detterent
i think sunno we never paid
> anyway, this is getting way off topic. whatever you & I think of how
> sorbs should have been run (and thinking != running), its death, if
> confirmed, is sad news.
If it is confirmed it wil indeed be sad times, SORBS catches the most of
the crap that comes in here
--
Res
-Beware of programmers who carry screwdrivers
Re: SORBS bites the dust
Posted by mouss <mo...@ml.netoyen.net>.
Gary Smith a écrit :
> If you follow the unlisting proceedure and meet all of the requirements, then you get unlisted. As with all things, it just takes a little patients. After converting my IP's over from my ISP to my DNS servers, I was listed (because the ISP no longer listed us a static). We were able to resolve it in a fairly resonable amount of time. I don't recall even paying a dime.
>
payment were only needed for spam, not for "dul"....
anyway, this is getting way off topic. whatever you & I think of how
sorbs should have been run (and thinking != running), its death, if
confirmed, is sad news.
RE: SORBS bites the dust
Posted by Gary Smith <Ga...@primeexalia.com>.
If you follow the unlisting proceedure and meet all of the requirements, then you get unlisted. As with all things, it just takes a little patients. After converting my IP's over from my ISP to my DNS servers, I was listed (because the ISP no longer listed us a static). We were able to resolve it in a fairly resonable amount of time. I don't recall even paying a dime.
________________________________________
From: Jeremy Morton [admin@game-point.net]
Sent: Monday, June 22, 2009 3:01 PM
To: richard@buzzhost.co.uk
Cc: users@spamassassin.apache.org
Subject: Re: SORBS bites the dust
richard@buzzhost.co.uk wrote:
You really can't?
SORBS accidentally blacklist your domain. You then have to pay their
tithe money to get people to start receiving your e-mail again. I say
that sucks. BTW, it happened to my domain, I tried to contact them, and
got one automated response e-mail. Nothing more. Good riddance to them.
Best regards,
Jeremy Morton (Jez)
Re: SORBS bites the dust
Posted by Jeremy Morton <ad...@game-point.net>.
richard@buzzhost.co.uk wrote:
> On Mon, 2009-06-22 at 19:40 +0200, Arvid Picciani wrote:
>> richard@buzzhost.co.uk wrote:
>>> It comes with great sadness that I have to announce the imminent
>>> closure
>>> of SORBS. The University of Queensland have decided not to honor their
>>> agreement with myself and SORBS and terminate the hosting contract.
>>>
>>>
>> crap ... sorbs is the only list I trust enough to have them at SMTP level.
> Really? Personally I find the PBL just kicks its ass. People tended to
> bitch that sorbs charged for removal, but I can't say why they said
> that.
You really can't?
SORBS accidentally blacklist your domain. You then have to pay their
tithe money to get people to start receiving your e-mail again. I say
that sucks. BTW, it happened to my domain, I tried to contact them, and
got one automated response e-mail. Nothing more. Good riddance to them.
Best regards,
Jeremy Morton (Jez)
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Mon, 2009-06-22 at 19:40 +0200, Arvid Picciani wrote:
> richard@buzzhost.co.uk wrote:
> > It comes with great sadness that I have to announce the imminent
> > closure
> > of SORBS. The University of Queensland have decided not to honor their
> > agreement with myself and SORBS and terminate the hosting contract.
> >
> >
> crap ... sorbs is the only list I trust enough to have them at SMTP level.
Really? Personally I find the PBL just kicks its ass. People tended to
bitch that sorbs charged for removal, but I can't say why they said
that.
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Tue, 23 Jun 2009, Jeff Moss wrote:
> WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
> organization while SORBS is a POS that helped give all blacklists a bad
> name.
As an interesting side-note, when I went looking for fresh RBL stats
I found a lot of indications that SORBS gets a lot more FP's than it used
to.... (based on previous research, sorry I can't cite).
> I don't know if SpamAssassin has ever used it.
There are SORBS rules in the default set, but they don't score very high.
- C
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > 50_scores.cf:score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3
> > 50_scores.cf:score RCVD_IN_SORBS_DUL 0 1.615 0 0.877 # n=0 n=2
> > 50_scores.cf:score RCVD_IN_SORBS_HTTP 0 0.001 0 0.001 # n=0 n=2
> > 50_scores.cf:score RCVD_IN_SORBS_MISC 0 0.001 0 0.353 # n=0 n=2
> > 50_scores.cf:score RCVD_IN_SORBS_SMTP 0 # n=0 n=1 n=2 n=3
> > 50_scores.cf:score RCVD_IN_SORBS_SOCKS 0 0.182 0 0.801 # n=0 n=2
> > 50_scores.cf:score RCVD_IN_SORBS_WEB 0 1.117 0 0.619 # n=0 n=2
> > 50_scores.cf:score RCVD_IN_SORBS_ZOMBIE 0 # n=0 n=1 n=2 n=3
On 23.06.09 14:50, Rosenbaum, Larry M. wrote:
> Notice that the SORBS "spam sources" list (the one that charged a delisting fee) is not used.
I know. It's neither in dnsbl.sorbs.net agregate zone for some time.
It was apparently removed indirectly because of the $50 delisting fee.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.
RE: SORBS bites the dust
Posted by "Rosenbaum, Larry M." <ro...@ornl.gov>.
> -----Original Message-----
> From: Matus UHLAR - fantomas [mailto:uhlar@fantomas.sk]
> > >IMPORTANT: If sorbs does not get picked-up by a new host, will SA
> > >developers be ready to roll-out an SA update to remove the sorbs
> rules, so
> > >that we don't suffer a bunch of timeouts? Or how does that work?
>
> On 23.06.09 09:29, Jeff Moss wrote:
> > WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
> > organization while SORBS is a POS that helped give all blacklists a
> bad name.
>
> sorbs makes good job, although there are some whiners not understanding
> the
> stuff...
>
> > I don't know if SpamAssassin has ever used it.
>
> it still does:
>
> 50_scores.cf:score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3
> 50_scores.cf:score RCVD_IN_SORBS_DUL 0 1.615 0 0.877 # n=0 n=2
> 50_scores.cf:score RCVD_IN_SORBS_HTTP 0 0.001 0 0.001 # n=0 n=2
> 50_scores.cf:score RCVD_IN_SORBS_MISC 0 0.001 0 0.353 # n=0 n=2
> 50_scores.cf:score RCVD_IN_SORBS_SMTP 0 # n=0 n=1 n=2 n=3
> 50_scores.cf:score RCVD_IN_SORBS_SOCKS 0 0.182 0 0.801 # n=0 n=2
> 50_scores.cf:score RCVD_IN_SORBS_WEB 0 1.117 0 0.619 # n=0 n=2
> 50_scores.cf:score RCVD_IN_SORBS_ZOMBIE 0 # n=0 n=1 n=2 n=3
Notice that the SORBS "spam sources" list (the one that charged a delisting fee) is not used.
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Remember half the people you know are below average.
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> >On Mon, 22 Jun 2009, Arvid Picciani wrote:
> >> richard@buzzhost.co.uk wrote:
> >>> It comes with great sadness that I have to announce the imminent
> >>> closure of SORBS.
> >> crap ... sorbs is the only list I trust enough to have them at SMTP level.
> >
> >In the past, I did some tests to determine which lists caught the most
> >spam without FP's, and found that sbl-xbl.spamhaus.org (not the full
> >'zen' rbl), was catching over 90% of spam. I also use njabl, though
> >lately it looks like it mostly overlaps with spamhaus, but the 'web' and
> >'dul' lists from sorbs are still catching a couple of 100 spam each day
> >that were not caught by spamhaus. So I would really hate to see SORBS go.
> >
> >IMPORTANT: If sorbs does not get picked-up by a new host, will SA
> >developers be ready to roll-out an SA update to remove the sorbs rules, so
> >that we don't suffer a bunch of timeouts? Or how does that work?
On 23.06.09 09:29, Jeff Moss wrote:
> WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
> organization while SORBS is a POS that helped give all blacklists a bad name.
sorbs makes good job, although there are some whiners not understanding the
stuff...
> I don't know if SpamAssassin has ever used it.
it still does:
50_scores.cf:score RCVD_IN_SORBS_BLOCK 0 # n=1 n=2 n=3
50_scores.cf:score RCVD_IN_SORBS_DUL 0 1.615 0 0.877 # n=0 n=2
50_scores.cf:score RCVD_IN_SORBS_HTTP 0 0.001 0 0.001 # n=0 n=2
50_scores.cf:score RCVD_IN_SORBS_MISC 0 0.001 0 0.353 # n=0 n=2
50_scores.cf:score RCVD_IN_SORBS_SMTP 0 # n=0 n=1 n=2 n=3
50_scores.cf:score RCVD_IN_SORBS_SOCKS 0 0.182 0 0.801 # n=0 n=2
50_scores.cf:score RCVD_IN_SORBS_WEB 0 1.117 0 0.619 # n=0 n=2
50_scores.cf:score RCVD_IN_SORBS_ZOMBIE 0 # n=0 n=1 n=2 n=3
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average.
Re: SORBS bites the dust
Posted by MATSUDA Yoh-ichi / 松田陽一 <ki...@yahoo.co.jp>.
Hello.
From: Arvid Picciani <ae...@exys.org>
Subject: Re: SORBS bites the dust
Date: Tue, 23 Jun 2009 22:17:03 +0200
> Should i care to investigate and maybe reject the the entire block? I'm
> pretty new on hunting down sources. All I know is the whois databse
> which is mostly useless for that purpose.
ex.
dihe's IP-Index
URL: http://ipindex.homelinux.net/./
>
>
> --
> Arvid
>
>
--
Yoh-ichi MATSUDA(yoh)
mailto:yoh@flcl.org
http://www.flcl.org/~yoh/diary/
Re: SORBS bites the dust
Posted by Per Jessen <pe...@computer.org>.
Arvid Picciani wrote:
>> serious hosting providers" - I was thinking more of organisations
>> such as 1and1, hetzner, rackspace etc. etc.
>
> whats the issue with hetzner? I'm a customer so i'd be very
> interested in any spam issue not beeing processed by them.
There is no issue with Hetzner. Read my posting:
>Blacklisting a large and serious hosting provider is just not serious
>and very bad for business.
/Per Jessen, Zürich
Re: SORBS bites the dust
Posted by Michelle Konzack <li...@tamay-dogan.net>.
Am 2009-06-25 08:56:00, schrieb Matus UHLAR - fantomas:
> Why not? I do that and intentionally - I don't like receiving spam from
> companies that don't accept complaints...
Hihi...
----[ '/etc/courier/bofh' ]---------------------------------------------
badfrom @hotmail.com
badfrom @hotmail.de
badfrom @hotmail.fr
badfrom @live.com
badfrom @live.de
badfrom @live.fr
badfrom @msn.com
badfrom @facebookmail.com
badfrom @facebook.com
badfrom @badoo.com
badfrom @email.dm2decisionmaker.com
badfrom @mail.ustc.edu.cn
badfrom @superhappypanda.com
badfrom @pixelatedresource.com
badfrom @perceivearound.com
badfrom @mms.metropcs.net
badfrom @thekidbase.com
badfrom @familyfunmedia.com
badfrom @sjwater.com
badfrom @boatbibble.com
badfrom @studiogazzara.it
badfrom @spb.solidworks.ru
badfrom @notesay.com
badfrom @greatyarnmarket.com
badfrom @newmediapoint.com
badfrom @mymainserver.com
badfrom @elixis.cccampaigns.com
badfrom @lists.lifechangersusa.org
badfrom @.cccampaigns.com
badfrom @emv.com
badfrom @.emv2.com
------------------------------------------------------------------------
This list is for ANY E-Mails on <tamay-dogan.net> because I have gotten
OVER 12000 spams a day.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/> Michelle Konzack
<http://www.can4linux.org/> c/o Vertriebsp. KabelBW
<http://www.flexray4linux.org/> Blumenstrasse 2
Jabber linux4michelle@jabber.ccc.de 77694 Kehl/Germany
IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947
ICQ #328449886 Tel. FR: +33 6 61925193
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> Matus UHLAR - fantomas wrote:
>
> >> > On Wed, June 24, 2009 13:59, Per Jessen wrote:
> >>
> >> 3) I wouldn't refer to rfc-ignorant as a blacklist - nobody with half
> >> a brain would block email just because of RFC ignorance on the part
> >> of the sender.
> >
> > Why not? I do that and intentionally - I don't like receiving spam
> > from companies that don't accept complaints...
On 25.06.09 11:42, Per Jessen wrote:
> Why not?? - because you thereby block thousands of perfectly legitimate
perfectly incompetent?
> and non-spamming companies and individuals who happen to have a
> mail-admin who is a bit slow.
I wouldn't call not having abuse contact for years "a bit slow" especially
for cases I warned the admin.
> Using rfc-ignorant for scoring is fine, but not for blocking.
I have a policy of requiring postmaster abuse contact, so refusing ignorants
it fine. They still can fix their behavior.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
Re: SORBS bites the dust
Posted by Per Jessen <pe...@computer.org>.
Matus UHLAR - fantomas wrote:
>> > On Wed, June 24, 2009 13:59, Per Jessen wrote:
>>
>> 3) I wouldn't refer to rfc-ignorant as a blacklist - nobody with half
>> a brain would block email just because of RFC ignorance on the part
>> of the sender.
>
> Why not? I do that and intentionally - I don't like receiving spam
> from companies that don't accept complaints...
Why not?? - because you thereby block thousands of perfectly legitimate
and non-spamming companies and individuals who happen to have a
mail-admin who is a bit slow. Using rfc-ignorant for scoring is fine,
but not for blocking.
/Per Jessen, Zürich
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> > On Wed, June 24, 2009 13:59, Per Jessen wrote:
> >> Blacklisting a large and serious hosting provider is just not serious
> >> and very bad for business.
> Benny Pedersen wrote:
> > http://rfc-ignorant.org/tools/lookup.php?domain=yahoo.com
> > http://rfc-ignorant.org/tools/lookup.php?domain=hotmail.com
> > http://rfc-ignorant.org/tools/lookup.php?domain=gmail.com
> > http://rfc-ignorant.org/tools/lookup.php?domain=aol.com
> > http://rfc-ignorant.org/tools/lookup.php?domain=live.com
> >
> > you think WE block them ?, no thay block them self
> > and users that use such domains dont know
On 24.06.09 19:00, Per Jessen wrote:
> 1) I dunno who 'WE' are in this context. Please enlighten me.
> 2) I didn't include free email providers in my list of "large and
> serious hosting providers" - I was thinking more of organisations such
> as 1and1, hetzner, rackspace etc. etc.
> 3) I wouldn't refer to rfc-ignorant as a blacklist - nobody with half a
> brain would block email just because of RFC ignorance on the part of
> the sender.
Why not? I do that and intentionally - I don't like receiving spam from
companies that don't accept complaints...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
Re: SORBS bites the dust
Posted by Arvid Picciani <ae...@exys.org>.
> serious hosting providers" - I was thinking more of organisations such
> as 1and1, hetzner, rackspace etc. etc.
whats the issue with hetzner? I'm a customer so i'd be very interested
in any spam issue not beeing processed by them.
Re: SORBS bites the dust
Posted by Yet Another Ninja <sa...@alexb.ch>.
On 6/25/2009 4:12 PM, Matus UHLAR - fantomas wrote:
> On 25.06.09 12:38, Yet Another Ninja wrote:
>> Could this thread be moved to spam-l ?
>> Seems it has little to do with SA
>
> spam-l was closed iirc ;-)
yes and no
it was taken over and its nice & busy
http://spam-l.com/mailman/listinfo
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 25.06.09 12:38, Yet Another Ninja wrote:
> Could this thread be moved to spam-l ?
> Seems it has little to do with SA
spam-l was closed iirc ;-)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
Re: SORBS bites the dust
Posted by Yet Another Ninja <sa...@alexb.ch>.
Could this thread be moved to spam-l ?
Seems it has little to do with SA
Re: SORBS bites the dust
Posted by LuKreme <kr...@kreme.com>.
On 25-Jun-2009, at 03:55, richard@buzzhost.co.uk wrote:
> On Thu, 2009-06-25 at 11:39 +0200, Per Jessen wrote:
>> richard@buzzhost.co.uk wrote:
>>
>>> On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote:
>>>> Benny Pedersen wrote:
>>>
>>>> 2) I didn't include free email providers in my list of "large and
>>>> serious hosting providers" - I was thinking more of organisations
>>>> such as 1and1, hetzner, rackspace etc. etc.
>>>
>>> My special award goes to 1and1. I get *so much* spam from their
>>> 'customers' that I block all of their ranges. I've come across many
>>> others who do the same.
>>
>> Really? Well, I can't afford that sort of thing, my customers
>> would get
>> up and leave pretty quickly.
> I have found the opposite to be true. When I have pointed out to my
> customers that using 1and1 is going to give *them* issues with
> deliverability of *their* email, they are often keen to find another
> provider. No small business wants the hassle of their mail getting
> dropped silently on the floor because of the provider they are with
> and
> it's a buyers market.
Yep. I'm not familiar with 1and1 specifically, but I've been in the
position of having to tell someone that if they didn't move their
domain and mail to a reliable and non-spam friendly host they were
going to have a lot of mail not getting delivered. The most recent
one was a friend of a friend who notice that the volume on his mailing-
lists had been dropping steadily for months. I checked and his IP
block was listed in several RBLs.
Once he moved his domain his mailinglist recovered very quickly.
It's sort of like a nice store that is in a really bad neighborhood. A
lot of people will simply not go there, no matter how great the store
is. you want the best access, you move to a nicer neighborhood.
--
Bishops move diagonally. That's why they often turn up where the
kings don't expect them to be.
Re: SORBS bites the dust
Posted by Per Jessen <pe...@computer.org>.
richard@buzzhost.co.uk wrote:
> On Thu, 2009-06-25 at 11:39 +0200, Per Jessen wrote:
>> richard@buzzhost.co.uk wrote:
>>
>> > On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote:
>> >> Benny Pedersen wrote:
>> >
>> >> 2) I didn't include free email providers in my list of "large and
>> >> serious hosting providers" - I was thinking more of organisations
>> >> such as 1and1, hetzner, rackspace etc. etc.
>> >
>> > My special award goes to 1and1. I get *so much* spam from their
>> > 'customers' that I block all of their ranges. I've come across many
>> > others who do the same.
>>
>> Really? Well, I can't afford that sort of thing, my customers would
>> get up and leave pretty quickly.
>
> I have found the opposite to be true. When I have pointed out to my
> customers that using 1and1 is going to give *them* issues with
> deliverability of *their* email, they are often keen to find another
> provider. No small business wants the hassle of their mail getting
> dropped silently on the floor because of the provider they are with
> and it's a buyers market.
None of my customers _use_ 1and1 themselves (afaik), but they may very
well be communicating with other legitimate businesses hosted by 1and
or 1und1 (same company), which is why I can't just block 1and1.
/Per Jessen, Zürich
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Thu, 2009-06-25 at 11:39 +0200, Per Jessen wrote:
> richard@buzzhost.co.uk wrote:
>
> > On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote:
> >> Benny Pedersen wrote:
> >
> >> 2) I didn't include free email providers in my list of "large and
> >> serious hosting providers" - I was thinking more of organisations
> >> such as 1and1, hetzner, rackspace etc. etc.
> >
> > My special award goes to 1and1. I get *so much* spam from their
> > 'customers' that I block all of their ranges. I've come across many
> > others who do the same.
>
> Really? Well, I can't afford that sort of thing, my customers would get
> up and leave pretty quickly.
I have found the opposite to be true. When I have pointed out to my
customers that using 1and1 is going to give *them* issues with
deliverability of *their* email, they are often keen to find another
provider. No small business wants the hassle of their mail getting
dropped silently on the floor because of the provider they are with and
it's a buyers market.
>
> > I guess when you are bottom feeding in the Hosting marketplace
> > spammers will make use of your facilities.
>
> I think spammers will make use of whatever facilities they can get hold
> of, even if it's only until they're shut down by the hosting company.
Sure as eggs is eggs they will. It's relatively easy to block dynamic
ranges and bots with confidence - this makes it attractive to look for
'cheap' hosts that off 'trials' to stage mailouts - and 1and1 fit that
bill nicely.
>
>
> /Per Jessen, Zürich
>
Re: SORBS bites the dust
Posted by Per Jessen <pe...@computer.org>.
richard@buzzhost.co.uk wrote:
> On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote:
>> Benny Pedersen wrote:
>
>> 2) I didn't include free email providers in my list of "large and
>> serious hosting providers" - I was thinking more of organisations
>> such as 1and1, hetzner, rackspace etc. etc.
>
> My special award goes to 1and1. I get *so much* spam from their
> 'customers' that I block all of their ranges. I've come across many
> others who do the same.
Really? Well, I can't afford that sort of thing, my customers would get
up and leave pretty quickly.
> I guess when you are bottom feeding in the Hosting marketplace
> spammers will make use of your facilities.
I think spammers will make use of whatever facilities they can get hold
of, even if it's only until they're shut down by the hosting company.
/Per Jessen, Zürich
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Wed, 2009-06-24 at 19:00 +0200, Per Jessen wrote:
> Benny Pedersen wrote:
> 2) I didn't include free email providers in my list of "large and
> serious hosting providers" - I was thinking more of organisations such
> as 1and1, hetzner, rackspace etc. etc.
My special award goes to 1and1. I get *so much* spam from their
'customers' that I block all of their ranges. I've come across many
others who do the same.
I guess when you are bottom feeding in the Hosting marketplace spammers
will make use of your facilities.
Re: SORBS bites the dust
Posted by Per Jessen <pe...@computer.org>.
Benny Pedersen wrote:
>
> On Wed, June 24, 2009 13:59, Per Jessen wrote:
>> Blacklisting a large and serious hosting provider is just not serious
>> and very bad for business.
>
> http://rfc-ignorant.org/tools/lookup.php?domain=yahoo.com
> http://rfc-ignorant.org/tools/lookup.php?domain=hotmail.com
> http://rfc-ignorant.org/tools/lookup.php?domain=gmail.com
> http://rfc-ignorant.org/tools/lookup.php?domain=aol.com
> http://rfc-ignorant.org/tools/lookup.php?domain=live.com
>
> you think WE block them ?, no thay block them self
> and users that use such domains dont know
1) I dunno who 'WE' are in this context. Please enlighten me.
2) I didn't include free email providers in my list of "large and
serious hosting providers" - I was thinking more of organisations such
as 1and1, hetzner, rackspace etc. etc.
3) I wouldn't refer to rfc-ignorant as a blacklist - nobody with half a
brain would block email just because of RFC ignorance on the part of
the sender.
/Per Jessen, Zürich
Re: SORBS bites the dust
Posted by Benny Pedersen <me...@junc.org>.
On Wed, June 24, 2009 13:59, Per Jessen wrote:
> Blacklisting a large and serious hosting provider is just not serious
> and very bad for business.
http://rfc-ignorant.org/tools/lookup.php?domain=yahoo.com
http://rfc-ignorant.org/tools/lookup.php?domain=hotmail.com
http://rfc-ignorant.org/tools/lookup.php?domain=gmail.com
http://rfc-ignorant.org/tools/lookup.php?domain=aol.com
http://rfc-ignorant.org/tools/lookup.php?domain=live.com
you think WE block them ?, no thay block them self
and users that use such domains dont know
--
xpoint
Re: SORBS bites the dust
Posted by Per Jessen <pe...@computer.org>.
richard@buzzhost.co.uk wrote:
> Some U.K. providers (such as Fasthosts & Rackspace(UK)) never seem to
> get a listing for any of their ranges - which is interesting when you
> consider they are probably the largest providers of hosting in the UK
> and that Spamhaus hosts with one of them.
Blacklisting a large and serious hosting provider is just not serious
and very bad for business.
/Per Jessen, Zürich
Re: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Tue, 2009-06-23 at 22:17 +0200, Arvid Picciani wrote:
> >> It does make you wonder why they never seem to end up on any of the
> >> spamhaus lists. Perhaps they are brilliant list washers ?
> >>
> >
> > Same here - I see lots of these and they don't score on many lists.
>
> It might be an uneducated guess, but i also have some very annoying
> hosts on the radar which i started blocking manually because they are on
> neither spamhaus nor sorbs.
>
> > Yep, that looks familiar...
> >
> > # The Solo Networks 8.19.136.0 - 8.19.143.255
> > 8.19.136.0/21 REJECT
> >
> > # The Solo Networks 67.218.160.0 - 67.218.191.255
> > # 67.218.164.0/24 Surpass Solutions - cybersonicview.com
> > # 67.218.173.0/24 X3 Hosting Systems
> > # 67.218.180.0/24 LogiTech Interactive
> > 67.218.160.0/19 REJECT
> >
> > My policy, I block the /24 straight away, and hits from 3 separate
> > /24's earns a block for the whole netblock (as illustrated above).
> >
You are a man after my own heart - that's what I do! I notice this
morning another 115 attempts from them overnight;
less /var/log/mail.info | grep localbl | wc -l
115
>
> How did you indentify these blocks as spammers
by the mail they send :-) Teeth Whitening for $100 -> Acai Power Slim
etc.
> and why doesnt spamhaus
I've asked that in the past of Spamhaus and was openly abused by people
running to their defence - even Steve Lindford himself. He called me a
'moron' (but he had just lost a Court Case so I forgive him). This was
over the very block I highlighted yesterday, and I asked him why
spamhaus was missing it. That must have been 4 months ago.
Some U.K. providers (such as Fasthosts & Rackspace(UK)) never seem to
get a listing for any of their ranges - which is interesting when you
consider they are probably the largest providers of hosting in the UK
and that Spamhaus hosts with one of them.
I know that Barracuda have a 'paid' white list (in addition to the
Mickey Mouse 'emailreg.org' thing they are selling). I wonder if
Spamhaus offer a similar 'feature'. The only other logical explanation
is that it is seriously lacking in missing this kind of trash.
> do so? They claim to have the worst spammer organisations on their list.
> I've got a whole list of Ips from india and korea which are on no list
> but send spam regulary.
I have to agree. I don't dispute that Spamhaus traps a lot of spam. What
is of more technical interest is what they miss. Being suspicious by
nature, it looks to be a bit too much to be a coincidence on occasions.
> Should i care to investigate and maybe reject the the entire block? I'm
> pretty new on hunting down sources. All I know is the whois databse
> which is mostly useless for that purpose.
There is a nice quirk. Whois the IP. A bad example of the output;
whois 8.19.138.6
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255
The Solo Networks LVLT-SPIRE-4-8-19-136 (NET-8-19-136-0-1)
8.19.136.0 - 8.19.143.255
>>From this I've blocked the lower line (Solo Networks) and my logs show
overnight attempts from 8.19.136->143 over 100 times a night. That would
be a serious amount of crap in an inbox in the morning.
>
> --
> Arvid
>
>
Re: SORBS bites the dust
Posted by Arvid Picciani <ae...@exys.org>.
>> It does make you wonder why they never seem to end up on any of the
>> spamhaus lists. Perhaps they are brilliant list washers ?
>>
>
> Same here - I see lots of these and they don't score on many lists.
It might be an uneducated guess, but i also have some very annoying
hosts on the radar which i started blocking manually because they are on
neither spamhaus nor sorbs.
> Yep, that looks familiar...
>
> # The Solo Networks 8.19.136.0 - 8.19.143.255
> 8.19.136.0/21 REJECT
>
> # The Solo Networks 67.218.160.0 - 67.218.191.255
> # 67.218.164.0/24 Surpass Solutions - cybersonicview.com
> # 67.218.173.0/24 X3 Hosting Systems
> # 67.218.180.0/24 LogiTech Interactive
> 67.218.160.0/19 REJECT
>
> My policy, I block the /24 straight away, and hits from 3 separate
> /24's earns a block for the whole netblock (as illustrated above).
>
How did you indentify these blocks as spammers and why doesnt spamhaus
do so? They claim to have the worst spammer organisations on their list.
I've got a whole list of Ips from india and korea which are on no list
but send spam regulary.
Should i care to investigate and maybe reject the the entire block? I'm
pretty new on hunting down sources. All I know is the whois databse
which is mostly useless for that purpose.
--
Arvid
Re: SORBS bites the dust
Posted by Ned Slider <ne...@unixmail.co.uk>.
richard@buzzhost.co.uk wrote:
> On Tue, 2009-06-23 at 09:29 -0400, Jeff Moss wrote:
>
>> WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
>> organization while SORBS is a POS that helped give all blacklists a
>> bad name.
>> I don't know if SpamAssassin has ever used it.
>>
> I respect any block list for targeting those that abuse email systems
> and this includes sorbs and spamhaus. I do wonder (and I don't want to
> start a war here) if Spamhaus is totally above board or can get 'dirt in
> their eyes'. The reason I wonder is stuff like this in my logs appearing
> every day, day in day out. Never opted in. Addresses long since dead,
> asking to 'removed' just add more and more attempts. I grew so tired of
> spamhaus missing them, I set up a local blocklist zone in Bind to take
> care of them.
>
> It does make you wonder why they never seem to end up on any of the
> spamhaus lists. Perhaps they are brilliant list washers ?
>
Same here - I see lots of these and they don't score on many lists
(sometimes barracuda hits them). This is snowshoe spam from whole
netblocks of throwaway domains trickled out at one per day from any one
domain/IP. From what I see they only hit legitimate addresses that exist
(or once existed) with no randomly guessed addresses. As you mention,
they also monitor delivery success and ramp up once they find a live
one. OTOH I've not really see much evidence to suggest they back off or
go away when unsuccessful, i.e, rejected at smtp level. I have one
client in particular that gets hammered with these (I suspect he tried
unsubscribing in the past).
>
> Jun 23 03:50:07 mail1 postfix/smtpd[5118]: NOQUEUE: reject: RCPT from
> mmx3.opticspace.co.uk[8.19.138.30]: 554 5.7.1 Rejected;
> mmx3.opticspace.co.uk blocked by ibl
Yep, that looks familiar...
# The Solo Networks 8.19.136.0 - 8.19.143.255
8.19.136.0/21 REJECT
# The Solo Networks 67.218.160.0 - 67.218.191.255
# 67.218.164.0/24 Surpass Solutions - cybersonicview.com
# 67.218.173.0/24 X3 Hosting Systems
# 67.218.180.0/24 LogiTech Interactive
67.218.160.0/19 REJECT
My policy, I block the /24 straight away, and hits from 3 separate /24's
earns a block for the whole netblock (as illustrated above).
RE: SORBS bites the dust
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
On Tue, 2009-06-23 at 09:29 -0400, Jeff Moss wrote:
> WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
> organization while SORBS is a POS that helped give all blacklists a
> bad name.
> I don't know if SpamAssassin has ever used it.
>
I respect any block list for targeting those that abuse email systems
and this includes sorbs and spamhaus. I do wonder (and I don't want to
start a war here) if Spamhaus is totally above board or can get 'dirt in
their eyes'. The reason I wonder is stuff like this in my logs appearing
every day, day in day out. Never opted in. Addresses long since dead,
asking to 'removed' just add more and more attempts. I grew so tired of
spamhaus missing them, I set up a local blocklist zone in Bind to take
care of them.
It does make you wonder why they never seem to end up on any of the
spamhaus lists. Perhaps they are brilliant list washers ?
Jun 23 03:50:07 mail1 postfix/smtpd[5118]: NOQUEUE: reject: RCPT from
mmx3.opticspace.co.uk[8.19.138.30]: 554 5.7.1 Rejected;
mmx3.opticspace.co.uk blocked by ibl
Jun 23 03:50:25 mail1 postfix/smtpd[5118]: NOQUEUE: reject: RCPT from
nup2.newuniversepartners.com[8.19.136.53]: 554 5.7.1 Rejected;
nup2.newuniversepartners.com blocked by localbl
Jun 23 03:59:19 mail1 postfix/smtpd[5360]: NOQUEUE: reject: RCPT from
cyb1.cyberbasket.co.uk[8.19.138.25]: 554 5.7.1 Rejected;
cyb1.cyberbasket.co.uk blocked by localbl
Jun 23 04:08:39 mail1 postfix/smtpd[5633]: NOQUEUE: reject: RCPT from
mmx1.opticspace.co.uk[8.19.138.28]: 554 5.7.1 Rejected;
mmx1.opticspace.co.uk blocked by localbl
Jun 23 04:18:16 mail1 postfix/smtpd[5954]: NOQUEUE: reject: RCPT from
top3.topcore.co.uk[8.19.138.12]: 554 5.7.1 Rejected; top3.topcore.co.uk
blocked by localbl
Jun 23 04:23:26 mail1 postfix/smtpd[6112]: NOQUEUE: reject: RCPT from
ahead4.planaheadshop.co.uk[8.19.136.44]: 554 5.7.1 Rejected;
ahead4.planaheadshop.co.uk blocked by ibl
Jun 23 04:36:23 mail1 postfix/smtpd[6521]: NOQUEUE: reject: RCPT from
ste2.virtualville.co.uk[8.19.138.7]: 554 5.7.1 Rejected;
ste2.virtualville.co.uk blocked by localbl
Jun 23 04:53:14 mail1 postfix/smtpd[7067]: NOQUEUE: reject: RCPT from
gen2.generalsearchteam.co.uk[8.19.136.35]: 554 5.7.1 Rejected;
gen2.generalsearchteam.co.uk blocked by localbl
Jun 23 05:03:27 mail1 postfix/smtpd[7284]: NOQUEUE: reject: RCPT from
cyb3.cyberbasket.co.uk[8.19.138.27]: 554 5.7.1 Rejected;
cyb3.cyberbasket.co.uk blocked by ibl
Jun 23 05:06:39 mail1 postfix/smtpd[7460]: NOQUEUE: reject: RCPT from
nup2.newuniversepartners.com[8.19.136.53]: 554 5.7.1 Rejected;
nup2.newuniversepartners.com blocked by ibl
Jun 23 05:42:30 mail1 postfix/smtpd[8692]: NOQUEUE: reject: RCPT from
inn15.innovatenow.co.uk[8.19.138.15]: 554 5.7.1 Rejected;
inn15.innovatenow.co.uk blocked by localbl
Jun 23 05:49:33 mail1 postfix/smtpd[8771]: NOQUEUE: reject: RCPT from
ahead3.planaheadshop.co.uk[8.19.136.43]: 554 5.7.1 Rejected;
ahead3.planaheadshop.co.uk blocked by ibl
Jun 23 05:52:29 mail1 postfix/smtpd[8983]: NOQUEUE: reject: RCPT from
top3.topcore.co.uk[8.19.138.12]: 554 5.7.1 Rejected; top3.topcore.co.uk
blocked by localbl
Jun 23 06:11:34 mail1 postfix/smtpd[9572]: NOQUEUE: reject: RCPT from
cd1.createdirect.co.uk[8.19.138.21]: 554 5.7.1 Rejected;
cd1.createdirect.co.uk blocked by ibl
Jun 23 06:16:14 mail1 postfix/smtpd[9796]: NOQUEUE: reject: RCPT from
exprod7og104.obsmtp.com[64.18.2.161]: 554 5.7.1 Rejected;
exprod7og104.obsmtp.com blocked by ibl
Jun 23 06:21:02 mail1 postfix/smtpd[9940]: NOQUEUE: reject: RCPT from
top3.topcore.co.uk[8.19.138.12]: 554 5.7.1 Rejected; top3.topcore.co.uk
blocked by localbl
Jun 23 06:36:47 mail1 postfix/smtpd[10464]: NOQUEUE: reject: RCPT from
now1.creditoptionsnow.co.uk[8.19.136.38]: 554 5.7.1 Rejected;
now1.creditoptionsnow.co.uk blocked by localbl
Jun 23 06:40:02 mail1 postfix/smtpd[10582]: NOQUEUE: reject: RCPT from
mmx3.opticspace.co.uk[8.19.138.30]: 554 5.7.1 Rejected;
mmx3.opticspace.co.uk blocked by localbl
Jun 23 06:59:31 mail1 postfix/smtpd[11266]: NOQUEUE: reject: RCPT from
mmx2.opticspace.co.uk[8.19.138.29]: 554 5.7.1 Rejected;
mmx2.opticspace.co.uk blocked by localbl
Jun 23 07:15:58 mail1 postfix/smtpd[11797]: NOQUEUE: reject: RCPT from
gen3.generalsearchteam.co.uk[8.19.136.36]: 554 5.7.1 Rejected;
gen3.generalsearchteam.co.uk blocked by ibl
Jun 23 07:31:23 mail1 postfix/smtpd[12056]: NOQUEUE: reject: RCPT from
nup1.newuniversepartners.com[8.19.136.52]: 554 5.7.1 Rejected;
nup1.newuniversepartners.com blocked by localbl
Jun 23 08:17:11 mail1 postfix/smtpd[13777]: NOQUEUE: reject: RCPT from
web1.directenergyweb.co.uk[8.19.136.45]: 554 5.7.1 Rejected;
web1.directenergyweb.co.uk blocked by ibl
Jun 23 08:46:25 mail1 postfix/smtpd[14643]: NOQUEUE: reject: RCPT from
web2.directenergyweb.co.uk[8.19.136.46]: 554 5.7.1 Rejected;
web2.directenergyweb.co.uk blocked by localbl
Jun 23 09:00:46 mail1 postfix/smtpd[15114]: NOQUEUE: reject: RCPT from
web2.directenergyweb.co.uk[8.19.136.46]: 554 5.7.1 Rejected;
web2.directenergyweb.co.uk blocked by localbl
Jun 23 09:15:55 mail1 postfix/smtpd[15615]: NOQUEUE: reject: RCPT from
int2.internetdelta.co.uk[8.19.136.50]: 554 5.7.1 Rejected;
int2.internetdelta.co.uk blocked by localbl
>
>
>
Re: SORBS bites the dust
Posted by Arvid Picciani <ae...@exys.org>.
> WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
> organization while SORBS is a POS that helped give all blacklists a
> bad name.
> I don't know if SpamAssassin has ever used it.
>
> Jeff Moss
>
>
All i read is "OMG THEY BANNED MY COLORFULL OPT OUT NEWSLETTER!!!!111"
Sorry.... i trust sorbs because they shield me from crap. Thats all i want.
RE: SORBS bites the dust
Posted by Jeff Moss <jm...@Huffmancorp.com>.
>On Mon, 22 Jun 2009, Arvid Picciani wrote:
>> richard@buzzhost.co.uk wrote:
>>> It comes with great sadness that I have to announce the imminent
>>> closure of SORBS.
>> crap ... sorbs is the only list I trust enough to have them at SMTP level.
>
>In the past, I did some tests to determine which lists caught the most
>spam without FP's, and found that sbl-xbl.spamhaus.org (not the full
>'zen' rbl), was catching over 90% of spam. I also use njabl, though
>lately it looks like it mostly overlaps with spamhaus, but the 'web' and
>'dul' lists from sorbs are still catching a couple of 100 spam each day
>that were not caught by spamhaus. So I would really hate to see SORBS go.
>
>IMPORTANT: If sorbs does not get picked-up by a new host, will SA
>developers be ready to roll-out an SA update to remove the sorbs rules, so
>that we don't suffer a bunch of timeouts? Or how does that work?
>
>- Charles
WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
organization while SORBS is a POS that helped give all blacklists a bad name.
I don't know if SpamAssassin has ever used it.
Jeff Moss
Re: SORBS bites the dust
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Mon, 22 Jun 2009, Arvid Picciani wrote:
>> richard@buzzhost.co.uk wrote:
>>> It comes with great sadness that I have to announce the imminent
>>> closure of SORBS.
>> crap ... sorbs is the only list I trust enough to have them at SMTP level.
On 22.06.09 13:54, Charles Gregory wrote:
> In the past, I did some tests to determine which lists caught the most
> spam without FP's, and found that sbl-xbl.spamhaus.org (not the full
> 'zen' rbl), was catching over 90% of spam.
1. sbl-xbl is obsolete and may be removed in the near future.
2. Why not zen?
> I also use njabl, though
> lately it looks like it mostly overlaps with spamhaus, but the 'web' and
> 'dul' lists from sorbs are still catching a couple of 100 spam each day
> that were not caught by spamhaus. So I would really hate to see SORBS go.
3. the dul.njabl.org is obsolete and should not be used. It was imported to
pbl.spamhaus.org and stopped being maintained. PBL is contained in zen.
- Again, why not zen?
> IMPORTANT: If sorbs does not get picked-up by a new host, will SA
> developers be ready to roll-out an SA update to remove the sorbs rules,
> so that we don't suffer a bunch of timeouts? Or how does that work?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
Re: SORBS bites the dust
Posted by Charles Gregory <cg...@hwcn.org>.
On Mon, 22 Jun 2009, Arvid Picciani wrote:
> richard@buzzhost.co.uk wrote:
>> It comes with great sadness that I have to announce the imminent
>> closure of SORBS.
> crap ... sorbs is the only list I trust enough to have them at SMTP level.
In the past, I did some tests to determine which lists caught the most
spam without FP's, and found that sbl-xbl.spamhaus.org (not the full
'zen' rbl), was catching over 90% of spam. I also use njabl, though
lately it looks like it mostly overlaps with spamhaus, but the 'web' and
'dul' lists from sorbs are still catching a couple of 100 spam each day
that were not caught by spamhaus. So I would really hate to see SORBS go.
IMPORTANT: If sorbs does not get picked-up by a new host, will SA
developers be ready to roll-out an SA update to remove the sorbs rules, so
that we don't suffer a bunch of timeouts? Or how does that work?
- Charles
Re: SORBS bites the dust
Posted by Arvid Picciani <ae...@exys.org>.
richard@buzzhost.co.uk wrote:
> It comes with great sadness that I have to announce the imminent
> closure
> of SORBS. The University of Queensland have decided not to honor their
> agreement with myself and SORBS and terminate the hosting contract.
>
>
crap ... sorbs is the only list I trust enough to have them at SMTP level.
> For any hosting suggestions/provision, please be aware that the 42RU
> space is a requirement at the moment,
42?!!
way out of my league..
any alternatives? :(
Re: SORBS bites the dust
Posted by John Hardin <jh...@impsec.org>.
On Mon, 22 Jun 2009, Jeremy Morton wrote:
> All together now,
>
> 3... 2... 1...
>
> WOOHOOOOOOOOOOOOOOO!!!
EXPN?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Perfect Security and Absolute Safety are unattainable; beware
those who would try to sell them to you, regardless of the cost,
for they are trying to sell you your own slavery.
-----------------------------------------------------------------------
12 days until the 233rd anniversary of the Declaration of Independence
Re: SORBS bites the dust
Posted by Jeremy Morton <ad...@game-point.net>.
All together now,
3... 2... 1...
WOOHOOOOOOOOOOOOOOO!!!
richard@buzzhost.co.uk wrote:
> Noted this over at NANAE;
>
> QUOTE:
> All,
>
>
> Please feel free to forward this message to any other location/mailing
> list.
>
>
> It comes with great sadness that I have to announce the imminent
> closure
> of SORBS. The University of Queensland have decided not to honor their
> agreement with myself and SORBS and terminate the hosting contract.
>
>
> I have been involved with institutions such as Griffith University
> trying to arrange alternative hosting for SORBS, but as of 12 noon,
> 22nd
> June 2009 no hosting has been acquired and therefore I have been forced
> in to this announcement. SORBS is officially "For Sale" should anyone
> wish to purchase it as a going concern, but failing that and failing to
> find alternative hosting for a 42RU rack in the Brisbane area of
> Queensland Australia SORBS will be shutting down permanently in 28
> days,
> on 20th July 2009 at 12 noon.
>
>
> This announcement will be replicated on the main SORBS website at the
> earliest opportunity.
>
>
> For information about the possible purchase of SORBS, the source code,
> data, hosts etc, I maybe contacted at michelle@sorbs.net, telephone +61
> 414 861 744.
>
>
> For any hosting suggestions/provision, please be aware that the 42RU
> space is a requirement at the moment, and the service cannot be made
> into a smaller rackspace without a lot of new hardware, virtual hosting
> is just not possible. The SORBS service services over 30 billion DNS
> queries per day, and has a number of database servers with fast disk to
> cope with the requirements.
>
>
> Thank you for all your support over the years,
>
>
> Michelle Sullivan
> (Previously known as Matthew Sullivan)
>
>