You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by James Gray <ja...@gray.net.au> on 2008/03/24 21:57:24 UTC
SORBS_DUL
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
practically useless and if you are an unfortunate who ends up
incorrectly listed in it, good luck getting off it! Case at hand, the
company I work for purchased a /19 address block directly from APNIC
before anyone else had it (IOW, we were the first users of that block).
We now have both our external mail IP's listed in SORBS_DUL despite the
fact the /24 they belong to, and the /24's on either side have NEVER
been part of a dynamic pool. SORBS refuse to delist them as our MX
records are different to these outgoing mail servers! FFS - we run
managed services for a number of ISP's why the hell would we *want* to
munge all our inbound and outbound mail through the same IP's?!?
Seriously folks, can we make SORBS_DUL optional and not "on by default"
in the general distribution?
Cheers,
James
RE: SORBS_DUL
Posted by "Rose, Bobby" <br...@med.wayne.edu>.
It does makes sense that they would list unused/unowned netblocks in
APNIC in their database probably because of the probability that such
blocks would get assigned to an ISP which more than likely offer it up
as dynamic. I haven't looked there in a while but I thought it
explained conditions for Ips and netblocks to be in the DUL database and
I thought it said it was because of published info by the ISP as well as
reverse lookup records. Over the years of my use of SORBS_DUL, I've
seen maybe a dozen or so .coms that had their static ISP assigned
address in SURBS_DUL because of their PTR records. Once they contacted
their ISP changed their PTR records so that it didn't look dynamic (IP
embedded), SORBS removed the IP from the DUL database.
-----Original Message-----
From: James Gray [mailto:james@gray.net.au]
Sent: Monday, March 24, 2008 4:57 PM
To: users@spamassassin.apache.org
Subject: SORBS_DUL
Why are rules that look up against this list still in the base of
SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
practically useless and if you are an unfortunate who ends up
incorrectly listed in it, good luck getting off it! Case at hand, the
company I work for purchased a /19 address block directly from APNIC
before anyone else had it (IOW, we were the first users of that block).
We now have both our external mail IP's listed in SORBS_DUL despite the
fact the /24 they belong to, and the /24's on either side have NEVER
been part of a dynamic pool. SORBS refuse to delist them as our MX
records are different to these outgoing mail servers! FFS - we run
managed services for a number of ISP's why the hell would we *want* to
munge all our inbound and outbound mail through the same IP's?!?
Seriously folks, can we make SORBS_DUL optional and not "on by default"
in the general distribution?
Cheers,
James
Re: SORBS_DUL
Posted by James Gray <ja...@gray.net.au>.
On Wed, 26 Mar 2008 11:51:32 am D Hill wrote:
> Actually, closer inspection shows your:
>
> ns2.viperplatform.net.au
>
> is still reporting back:
>
> smtp.mas.viperplatform.net.au
You're assuming gray.net.au and the viperplatform.net.au domains are the
same...they're not. If you query MY DNS server (202.77.91.40) you'll see it
lists the secondary MX for both gray.net.au and grayonline.id.au as
mail.mas...
James
--
It is often the case that the man who can't tell a lie thinks he is the best
judge of one.
-- Mark Twain, "Pudd'nhead Wilson's Calendar"
Re: SORBS_DUL
Posted by James Gray <ja...@gray.net.au>.
On Wed, 26 Mar 2008 12:09:47 pm D Hill wrote:
> Now your confusing the subject. The previous response you made was from:
>
> From: James Gray <ja...@dot.com.au>
>
> Now you are using:
>
> From: James Gray <ja...@gray.net.au>
>
> BOTH of those domains point to an MX that has a CNAME to:
>
> smtp.mas.viperplatform.net.au
So I use one mail client and occasionally forget to set the correct profile to
send as.. sorry.
No. None of the domains have any references to smtp.mas... as an MX record.
They all point to mail.mas... and they all have a default TTL of 38400 for
the zone.
Besides, this still doesn't change my original point that SORBS have a habit
of listing addresses (justifiably or not) then attempt to extract money to
remove the listing. That's just extortion, not a good RBL.
James
--
Q: What do Winnie the Pooh and John the Baptist have in common?
A: The same middle name.
Re: SORBS_DUL
Posted by D Hill <d....@yournetplus.com>.
Now your confusing the subject. The previous response you made was from:
From: James Gray <ja...@dot.com.au>
Now you are using:
From: James Gray <ja...@gray.net.au>
BOTH of those domains point to an MX that has a CNAME to:
smtp.mas.viperplatform.net.au
On Wed, 26 Mar 2008 at 00:51 -0000, d.hill@yournetplus.com confabulated:
> On Wed, 26 Mar 2008 at 00:47 -0000, d.hill@yournetplus.com confabulated:
>
>> On Wed, 26 Mar 2008 at 11:39 +1100, james.gray@dot.com.au confabulated:
>>
>>> On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
>>>> James Gray wrote:
>>>>> Why are rules that look up against this list still in the base of
>>>>> SpamAssassin?? The SORBS dynamic list is so poorly maintained that
>>>>> it's practically useless and if you are an unfortunate who ends up
>>>>> incorrectly listed in it, good luck getting off it! Case at hand, the
>>>>> company I work for purchased a /19 address block directly from APNIC
>>>>> before anyone else had it (IOW, we were the first users of that block).
>>>>>
>>>>> We now have both our external mail IP's listed in SORBS_DUL despite
>>>>> the fact the /24 they belong to, and the /24's on either side have
>>>>> NEVER been part of a dynamic pool. SORBS refuse to delist them as our
>>>>> MX records are different to these outgoing mail servers! FFS - we run
>>>>> managed services for a number of ISP's why the hell would we *want* to
>>>>> munge all our inbound and outbound mail through the same IP's?!?
>>>>>
>>>>> Seriously folks, can we make SORBS_DUL optional and not "on by
>>>>> default" in the general distribution?
>>>>
>>>> If you have a complaint, provide _evidence_. otherwise, it goes to
>>>> /dev/troll0.
>>>>
>>>> while you are at it, fix your DNS. your domain has been succesfully
>>>> submitted to rfci (boguxms):
>>>> http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
>>>
>>> I forgot to mention: thanks for getting me listed on rfci too:
>>>
>>> $ dig -x 82.239.111.75
>>> --8<-- snipped --8<--
>>> ;; ANSWER SECTION:
>>> 75.111.239.82.in-addr.arpa. 85430 IN PTR ouzoud.netoyen.net.
>>
>> MX records are not suppose to contain CNAMEs:
>>
>> %dig @localhost dot.com.au mx
>> ...
>> dot.com.au. 3600 IN MX 10 node.office.dot.net.au.
>>
>> ;; AUTHORITY SECTION:
>> dot.com.au. 3600 IN NS ns1.viperplatform.net.au.
>> dot.com.au. 3600 IN NS ns2.viperplatform.net.au.
>>
>> ;; Query time: 534 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Wed Mar 26 00:45:34 2008
>> ;; MSG SIZE rcvd: 139
>>
>> %nslookup smtp.mas.viperplatform.net.au
>> Server: 127.0.0.1
>> Address: 127.0.0.1#53
>>
>> Non-authoritative answer:
>> smtp.mas.viperplatform.net.au canonical name =
>> mail.mas.viperplatform.net.au.
>> Name: mail.mas.viperplatform.net.au
>> Address: 202.147.74.50
>>
>> Your MX contains a CNAME.
>
> Actually, closer inspection shows your:
>
> ns2.viperplatform.net.au
>
> is still reporting back:
>
> smtp.mas.viperplatform.net.au
>
> as the ONLY MX record.
>
> ----
> _|
> |_|
>
----
_|
|_|
Re: SORBS_DUL
Posted by D Hill <d....@yournetplus.com>.
On Wed, 26 Mar 2008 at 00:47 -0000, d.hill@yournetplus.com confabulated:
> On Wed, 26 Mar 2008 at 11:39 +1100, james.gray@dot.com.au confabulated:
>
>> On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
>>> James Gray wrote:
>>>> Why are rules that look up against this list still in the base of
>>>> SpamAssassin?? The SORBS dynamic list is so poorly maintained that
>>>> it's practically useless and if you are an unfortunate who ends up
>>>> incorrectly listed in it, good luck getting off it! Case at hand, the
>>>> company I work for purchased a /19 address block directly from APNIC
>>>> before anyone else had it (IOW, we were the first users of that block).
>>>>
>>>> We now have both our external mail IP's listed in SORBS_DUL despite
>>>> the fact the /24 they belong to, and the /24's on either side have
>>>> NEVER been part of a dynamic pool. SORBS refuse to delist them as our
>>>> MX records are different to these outgoing mail servers! FFS - we run
>>>> managed services for a number of ISP's why the hell would we *want* to
>>>> munge all our inbound and outbound mail through the same IP's?!?
>>>>
>>>> Seriously folks, can we make SORBS_DUL optional and not "on by
>>>> default" in the general distribution?
>>>
>>> If you have a complaint, provide _evidence_. otherwise, it goes to
>>> /dev/troll0.
>>>
>>> while you are at it, fix your DNS. your domain has been succesfully
>>> submitted to rfci (boguxms):
>>> http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
>>
>> I forgot to mention: thanks for getting me listed on rfci too:
>>
>> $ dig -x 82.239.111.75
>> --8<-- snipped --8<--
>> ;; ANSWER SECTION:
>> 75.111.239.82.in-addr.arpa. 85430 IN PTR ouzoud.netoyen.net.
>
> MX records are not suppose to contain CNAMEs:
>
> %dig @localhost dot.com.au mx
> ...
> dot.com.au. 3600 IN MX 10 node.office.dot.net.au.
>
> ;; AUTHORITY SECTION:
> dot.com.au. 3600 IN NS ns1.viperplatform.net.au.
> dot.com.au. 3600 IN NS ns2.viperplatform.net.au.
>
> ;; Query time: 534 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Wed Mar 26 00:45:34 2008
> ;; MSG SIZE rcvd: 139
>
> %nslookup smtp.mas.viperplatform.net.au
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> Non-authoritative answer:
> smtp.mas.viperplatform.net.au canonical name =
> mail.mas.viperplatform.net.au.
> Name: mail.mas.viperplatform.net.au
> Address: 202.147.74.50
>
> Your MX contains a CNAME.
Actually, closer inspection shows your:
ns2.viperplatform.net.au
is still reporting back:
smtp.mas.viperplatform.net.au
as the ONLY MX record.
----
_|
|_|
Re: SORBS_DUL
Posted by D Hill <d....@yournetplus.com>.
On Wed, 26 Mar 2008 at 11:39 +1100, james.gray@dot.com.au confabulated:
> On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
>> James Gray wrote:
>>> Why are rules that look up against this list still in the base of
>>> SpamAssassin?? The SORBS dynamic list is so poorly maintained that
>>> it's practically useless and if you are an unfortunate who ends up
>>> incorrectly listed in it, good luck getting off it! Case at hand, the
>>> company I work for purchased a /19 address block directly from APNIC
>>> before anyone else had it (IOW, we were the first users of that block).
>>>
>>> We now have both our external mail IP's listed in SORBS_DUL despite
>>> the fact the /24 they belong to, and the /24's on either side have
>>> NEVER been part of a dynamic pool. SORBS refuse to delist them as our
>>> MX records are different to these outgoing mail servers! FFS - we run
>>> managed services for a number of ISP's why the hell would we *want* to
>>> munge all our inbound and outbound mail through the same IP's?!?
>>>
>>> Seriously folks, can we make SORBS_DUL optional and not "on by
>>> default" in the general distribution?
>>
>> If you have a complaint, provide _evidence_. otherwise, it goes to
>> /dev/troll0.
>>
>> while you are at it, fix your DNS. your domain has been succesfully
>> submitted to rfci (boguxms):
>> http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
>
> I forgot to mention: thanks for getting me listed on rfci too:
>
> $ dig -x 82.239.111.75
> --8<-- snipped --8<--
> ;; ANSWER SECTION:
> 75.111.239.82.in-addr.arpa. 85430 IN PTR ouzoud.netoyen.net.
MX records are not suppose to contain CNAMEs:
%dig @localhost dot.com.au mx
...
dot.com.au. 3600 IN MX 10 node.office.dot.net.au.
;; AUTHORITY SECTION:
dot.com.au. 3600 IN NS ns1.viperplatform.net.au.
dot.com.au. 3600 IN NS ns2.viperplatform.net.au.
;; Query time: 534 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 26 00:45:34 2008
;; MSG SIZE rcvd: 139
%nslookup smtp.mas.viperplatform.net.au
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
smtp.mas.viperplatform.net.au canonical name =
mail.mas.viperplatform.net.au.
Name: mail.mas.viperplatform.net.au
Address: 202.147.74.50
Your MX contains a CNAME.
----
_|
|_|
Re: SORBS_DUL
Posted by James Gray <ja...@dot.com.au>.
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
> James Gray wrote:
> > Why are rules that look up against this list still in the base of
> > SpamAssassin?? The SORBS dynamic list is so poorly maintained that
> > it's practically useless and if you are an unfortunate who ends up
> > incorrectly listed in it, good luck getting off it! Case at hand, the
> > company I work for purchased a /19 address block directly from APNIC
> > before anyone else had it (IOW, we were the first users of that block).
> >
> > We now have both our external mail IP's listed in SORBS_DUL despite
> > the fact the /24 they belong to, and the /24's on either side have
> > NEVER been part of a dynamic pool. SORBS refuse to delist them as our
> > MX records are different to these outgoing mail servers! FFS - we run
> > managed services for a number of ISP's why the hell would we *want* to
> > munge all our inbound and outbound mail through the same IP's?!?
> >
> > Seriously folks, can we make SORBS_DUL optional and not "on by
> > default" in the general distribution?
>
> If you have a complaint, provide _evidence_. otherwise, it goes to
> /dev/troll0.
>
> while you are at it, fix your DNS. your domain has been succesfully
> submitted to rfci (boguxms):
> http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
I forgot to mention: thanks for getting me listed on rfci too:
$ dig -x 82.239.111.75
--8<-- snipped --8<--
;; ANSWER SECTION:
75.111.239.82.in-addr.arpa. 85430 IN PTR ouzoud.netoyen.net.
James
--
As flies to wanton boys are we to the gods; they kill us for their sport.
-- Shakespeare, "King Lear"
Re: SORBS_DUL
Posted by James Gray <ja...@gray.net.au>.
On Wed, 26 Mar 2008 12:59:19 pm mouss wrote:
> James Gray wrote:
> > On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
> >> James Gray wrote:
> >>> Why are rules that look up against this list still in the base of
> >>> SpamAssassin?? The SORBS dynamic list is so poorly maintained that
> >>> it's practically useless and if you are an unfortunate who ends up
> >>> incorrectly listed in it, good luck getting off it! Case at hand, the
> >>> company I work for purchased a /19 address block directly from APNIC
> >>> before anyone else had it (IOW, we were the first users of that block).
> >>>
> >>> We now have both our external mail IP's listed in SORBS_DUL despite
> >>> the fact the /24 they belong to, and the /24's on either side have
> >>> NEVER been part of a dynamic pool. SORBS refuse to delist them as our
> >>> MX records are different to these outgoing mail servers! FFS - we run
> >>> managed services for a number of ISP's why the hell would we *want* to
> >>> munge all our inbound and outbound mail through the same IP's?!?
> >>>
> >>> Seriously folks, can we make SORBS_DUL optional and not "on by
> >>> default" in the general distribution?
> >>
> >> If you have a complaint, provide _evidence_. otherwise, it goes to
> >> /dev/troll0.
> >
> > Meh - call me a troll. I'm posting here (personally, not as part of work)
> > as a long-time SpamAssassin and mail server user/administrator and have
> > no need to prove anything about my work systems.
>
> I am not asking you to prove anything about your work systems or about
> yourself. you have accused sorbs but provided nothing to support your
> accusation.
Talk to some admins who've been in this situation. Getting de-listed for
erroneous listings on SORBS is a time consuming and painful process. Compare
this with the process for RFCI, spamhaus, et al. I stand by my criticisms.
> The real issue is that your MX points to a CNAME. This is why I
> submitted the domain to rfci. fix this and get delisted (on rfci, of
> course).
No, my secondary MX pointed to A record, then another (junior) admin took it
upon themselves to "re-engineer" some DNS records. Consequently, what was
once-upon-a-time an A record, turned into a CNAME. I've updated the
secondary MX for my domains (and the affected work ones) and all is well with
the world.
James
--
"... an experienced, industrious, ambitious, and often quite often
picturesque liar."
-- Mark Twain
Re: SORBS_DUL
Posted by mouss <mo...@netoyen.net>.
James Gray wrote:
> On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
>
>> James Gray wrote:
>>
>>> Why are rules that look up against this list still in the base of
>>> SpamAssassin?? The SORBS dynamic list is so poorly maintained that
>>> it's practically useless and if you are an unfortunate who ends up
>>> incorrectly listed in it, good luck getting off it! Case at hand, the
>>> company I work for purchased a /19 address block directly from APNIC
>>> before anyone else had it (IOW, we were the first users of that block).
>>>
>>> We now have both our external mail IP's listed in SORBS_DUL despite
>>> the fact the /24 they belong to, and the /24's on either side have
>>> NEVER been part of a dynamic pool. SORBS refuse to delist them as our
>>> MX records are different to these outgoing mail servers! FFS - we run
>>> managed services for a number of ISP's why the hell would we *want* to
>>> munge all our inbound and outbound mail through the same IP's?!?
>>>
>>> Seriously folks, can we make SORBS_DUL optional and not "on by
>>> default" in the general distribution?
>>>
>> If you have a complaint, provide _evidence_. otherwise, it goes to
>> /dev/troll0.
>>
>
> Meh - call me a troll. I'm posting here (personally, not as part of work) as
> a long-time SpamAssassin and mail server user/administrator and have no need
> to prove anything about my work systems.
>
I am not asking you to prove anything about your work systems or about
yourself. you have accused sorbs but provided nothing to support your
accusation.
Note that I am not affiliated with sorbs.
>> while you are at it, fix your DNS. your domain has been succesfully
>> submitted to rfci (boguxms):
>> http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
>>
>
> Yes - that's one of my personal domains, not the work one. Yes the TTL's are
> short because I recently reorganised my DNS server and added some new slaves.
> I just haven't got around to changing the TTL's. TTL's are fixed now, along
> with the bum-steer regarding the address I got from the guys handling my
> secondary MX. Grrr.
>
> Thanks for the heads up.
The real issue is that your MX points to a CNAME. This is why I
submitted the domain to rfci. fix this and get delisted (on rfci, of
course).
Re: SORBS_DUL
Posted by James Gray <ja...@gray.net.au>.
Matus UHLAR - fantomas wrote:
>> On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
>>> while you are at it, fix your DNS. your domain has been succesfully
>>> submitted to rfci (boguxms):
>>> http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
>
> On 26.03.08 11:30, James Gray wrote:
>> Yes - that's one of my personal domains, not the work one. Yes the TTL's are
>> short because I recently reorganised my DNS server and added some new slaves.
>> I just haven't got around to changing the TTL's. TTL's are fixed now, along
>> with the bum-steer regarding the address I got from the guys handling my
>> secondary MX. Grrr.
>
> In your first mail you accused SORBS lis of being
>
> "poorly maintained that it'spractically useless"
>
> now you are saying that you have kept TTLs at 3600 because you
>
> "haven't got around to changing the TTL's"
Oh dear - confusion really has set into this thread :P The TTL's at
3600 were for my PERSONAL DNS, which ISN'T listed on SORBS (and never
has been). The addresses I have problems with are on a TOTALLY
DIFFERENT SYSTEM at work. People on *this* list made certain
assumptions based on my e-mail address as to which IP's I was referring
to - they were wrong. I have many e-mail addresses and switch and
change between them at will.
The SORBS_DUL seems to arbitrarily gobble up blocks that have never been
part of dynamic ranges, and never been parked either, then they refuse
to de-list them. That is the situation I am faced with currently. See
my most recent message to this list which has all the IP's in question.
> I'd say that your DNS is poorly maintained, not the SORBS DUL. The
> conditions for listing and requirements for delisting are imho logical and
> fair and I would sign under them.
As long as you're not in the process (like we were until about 5 days
ago) migrating a DNS cluster from one co-lo to another which required
short TTL's until the addresses were all migrated - this is pretty
standard practice in my experience. However, the listing on SORBS_DUL
occurred (before my time with this company) back in 2006 and was done
despite the DNS setup being perfectly "normal" with 24hour TTL's by default.
> If you think you have fixed all requirementd for delisting from SORBS DUL,
> you can re-request delisting, or ask in proper (sorbs) forum to validate
> them.
SORBS forum for support requests? Their website says the only way to
have them de-listed is to use their support form and the request must
come from someone responsible for the IP block (which I am):
https://www.us.sorbs.net/faq/supportreq.shtml
So you say forum, SORBS say support page...who's telling the truth?
Frankly I don't care, I would just rather walk away from SORBS; I
haven't missed them since scoring every SORBS rule at zero on our entire
mail cluster. However, knowing how badly our IP ranges have been
handled by SORBS, I wouldn't recommend them to anyone else - hence my
query regarding their inclusion as art of the SpamAssassin default rule set.
Wasn't trying to offend anyone - if you use SORBS and get reasonable
results, great...just hope none of our customers ever need to send your
users e-mail.
Cheers,
James
Re: SORBS_DUL
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
> > while you are at it, fix your DNS. your domain has been succesfully
> > submitted to rfci (boguxms):
> > http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
On 26.03.08 11:30, James Gray wrote:
> Yes - that's one of my personal domains, not the work one. Yes the TTL's are
> short because I recently reorganised my DNS server and added some new slaves.
> I just haven't got around to changing the TTL's. TTL's are fixed now, along
> with the bum-steer regarding the address I got from the guys handling my
> secondary MX. Grrr.
In your first mail you accused SORBS lis of being
"poorly maintained that it'spractically useless"
now you are saying that you have kept TTLs at 3600 because you
"haven't got around to changing the TTL's"
I'd say that your DNS is poorly maintained, not the SORBS DUL. The
conditions for listing and requirements for delisting are imho logical and
fair and I would sign under them.
If you think you have fixed all requirementd for delisting from SORBS DUL,
you can re-request delisting, or ask in proper (sorbs) forum to validate
them.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
Re: SORBS_DUL
Posted by James Gray <ja...@gray.net.au>.
On Wed, 26 Mar 2008 03:31:34 am mouss wrote:
> James Gray wrote:
> > Why are rules that look up against this list still in the base of
> > SpamAssassin?? The SORBS dynamic list is so poorly maintained that
> > it's practically useless and if you are an unfortunate who ends up
> > incorrectly listed in it, good luck getting off it! Case at hand, the
> > company I work for purchased a /19 address block directly from APNIC
> > before anyone else had it (IOW, we were the first users of that block).
> >
> > We now have both our external mail IP's listed in SORBS_DUL despite
> > the fact the /24 they belong to, and the /24's on either side have
> > NEVER been part of a dynamic pool. SORBS refuse to delist them as our
> > MX records are different to these outgoing mail servers! FFS - we run
> > managed services for a number of ISP's why the hell would we *want* to
> > munge all our inbound and outbound mail through the same IP's?!?
> >
> > Seriously folks, can we make SORBS_DUL optional and not "on by
> > default" in the general distribution?
>
> If you have a complaint, provide _evidence_. otherwise, it goes to
> /dev/troll0.
Meh - call me a troll. I'm posting here (personally, not as part of work) as
a long-time SpamAssassin and mail server user/administrator and have no need
to prove anything about my work systems.
> while you are at it, fix your DNS. your domain has been succesfully
> submitted to rfci (boguxms):
> http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
Yes - that's one of my personal domains, not the work one. Yes the TTL's are
short because I recently reorganised my DNS server and added some new slaves.
I just haven't got around to changing the TTL's. TTL's are fixed now, along
with the bum-steer regarding the address I got from the guys handling my
secondary MX. Grrr.
Thanks for the heads up.
Cheers,
James
--
You will be attacked by a beast who has the body of a wolf, the tail of
a lion, and the face of Donald Duck.
Re: SORBS_DUL
Posted by mouss <mo...@netoyen.net>.
James Gray wrote:
> Why are rules that look up against this list still in the base of
> SpamAssassin?? The SORBS dynamic list is so poorly maintained that
> it's practically useless and if you are an unfortunate who ends up
> incorrectly listed in it, good luck getting off it! Case at hand, the
> company I work for purchased a /19 address block directly from APNIC
> before anyone else had it (IOW, we were the first users of that block).
>
> We now have both our external mail IP's listed in SORBS_DUL despite
> the fact the /24 they belong to, and the /24's on either side have
> NEVER been part of a dynamic pool. SORBS refuse to delist them as our
> MX records are different to these outgoing mail servers! FFS - we run
> managed services for a number of ISP's why the hell would we *want* to
> munge all our inbound and outbound mail through the same IP's?!?
>
> Seriously folks, can we make SORBS_DUL optional and not "on by
> default" in the general distribution?
If you have a complaint, provide _evidence_. otherwise, it goes to
/dev/troll0.
while you are at it, fix your DNS. your domain has been succesfully
submitted to rfci (boguxms):
http://www.rfc-ignorant.org/tools/lookup.php?domain=gray.net.au
once you fix your MX, increase the TTL in your NS and your MX. small TTL
is indicative of fast flux. it's certainly conformant, but it's
suspicious, which is enough to get you on the dark side of the moon.
Re: SORBS_DUL
Posted by mouss <mo...@netoyen.net>.
James Gray wrote:
> Matt Kettler wrote:
>> James Gray wrote:
>>>
>>> Sorbs sux, don't use it. Last time we had this problem they wanted
>>> money (and not an insignificant amount either) to remove a listing
>>> from their systems. They arbitrarily add addresses to a database
>>> the IP's owner can't control, then demand money to remove the
>>> listing; where I come from, that's called extortion.
>> SORBS is an Australian entity, so they're "local" to you, at least in
>> a legal system sense.. If it is extortion in your legal system, you
>> might want to take advantage of that fact.
>
> Yes I'm aware of that :-/ Embarrassing isn't it? Unfortunately,
> being on SORBS_DUL doesn't impact us directly, and despite the claims
> that removal is free, th reality is proving to be quite different.
>
>> Regardless, what matters from a spamassassin perspective is the
>> accuracy of the list. That's the primary criteria that will get a
>> list kicked out.
>
> Indeed. Having not used SORBS, and not missing them, I have no stats
> of my own to confirm or deny the accuracy of the list. Only that our
> IP blocks have been listed and we have been given no explanation why;
> only that we must overhaul our DNS and MTA systems to suit SORBS, then
> maybe they will delist us.
>
>> SORBS-DUL is one of the most accurate RBLs spamassassin uses in the
>> mass-check tests. 99.4% of its hits are spam. This beats out all
>> other RBLs in spamassassin's config except PBL (which ties it), XBL,
>> and 4 lists with very low hit rates that wound up with no nonspam hits.
>
> See above.
>
>> If it's really as arbitrary and random as you claim, how's it so
>> accurate in real world tests?
>
> No idea. I'd hazard a guess that the previous admin's actions at some
> point got us listed; but he's moved to the opposite side of the
> country and the silence from SORBS as to why we were listed in the
> first place leaves me with one of two conclusions: previous admin
> screwed up royally (possible but unlikely), SORBS listed our IP's
> without fair justification.
>
>> Personally, it sounds like they listed you, and you've got a personal
>> beef. The real world tests don't support your claims that it's
>> operated on an arbitrary basis.
>
> I've just got customers (ISP's) on my back to get the MTA's IPs off
> the list. SORBS are being about as unco-operative as I've ever
> experienced in my years as an admin. My frustrations are firmly aimed
> at the one body that is causing me pain: SORBS. When all this is
> over, I still wont use SORBS :)
>
> We've crossed paths on other lists Matt, thanks for your objectivism.
> I need sleep and some quiet (from the customers and management) so
> maybe some of comment regarding SORBS have been a little harsh.
> Interestingly the customers (mostly APAC ISP wholesalers) *all* have
> similar opinions of SORBS as an entity to interact with.
and you continue. please stop this now. if you have real information
about sorbs or any dnsbl, say it, but once again, provide evidence. if
it's just litterature, we don't care.
1) you started this thread by accusing sorbs of many things without
providing any evidence (what IP, what you did to get delisted, ... etc)
and when I asked you, you went saying random stuff. then you continued
insulting sorbs people (crack-monkey...).
2) At the same time:
- the address you use had a bogus MX (didn't check if you fixed this)
- two of the IPs you showed didn't have rDNS (like most IPs of your block)
- your NS servers had a TTL of less about 7 minutes. whether this is RFC
compliant or not is irrelavant. No RFC forbids spam. and in any case,
this can hardly match your claim "... The default TTL is the recommended
3600 seconds for both forward and reverse..."
these few points give you a "bad reputation". as a result, you need to
do efforst to become "nuetral", lest to be able to claim things against
a widely used DNSBL.
3) After few exchanges, we learn that the network was administered by
someone else. you didn't say this at start. if we continue, may be we'll
learn other stuff...
4) you feel very confortable at attacking others without accepting your
share of responsibility. it's someone else's fault... don't you think
it's too easy?
5) instead of asking for information first, you started a crusade. this
is not the way to go. more people know sorbs than you.
6) you'll have a hard time convincing me that being listed at sorbs
causes SA to tag your mail as spam. as I said earlier, SA is score based
and being listed at sorbs is not enough. in fact, you are frustrated and
want a revenge. This is not the right place.
7) you failed to find the mailing list address on the sorbs site. a
simple search of "mailing" with a browser finds it immediately.
8) your "Talk to some admins who've been in this situation." is
completely silly. This is not honest as it suggests to the unaware
reader that sorbs has many problems. besides, most problems we have are
caused by "some admins".
9) there is no evidence that your network didn't spam people before. if
spam was received from IPs of yours, and these IPs don't have an rDNS,
then it is understandable to see them listed as dynamic. the reason is
that many ISPs with residential clients chose to use unresolvable IPs or
names.
If you are a responsible guy, then take a better approach:
- ask what may be wrong in your network
- fix what you can fix
- ask for delisting
- if you are not delisted, collect as much information as you can
- provide that information
this is getting way off topic, so I am quitting this thread.
Re: SORBS_DUL
Posted by James Gray <ja...@dot.com.au>.
Matt Kettler wrote:
> James Gray wrote:
>>
>> Sorbs sux, don't use it. Last time we had this problem they wanted
>> money (and not an insignificant amount either) to remove a listing
>> from their systems. They arbitrarily add addresses to a database the
>> IP's owner can't control, then demand money to remove the listing;
>> where I come from, that's called extortion.
> SORBS is an Australian entity, so they're "local" to you, at least in a
> legal system sense.. If it is extortion in your legal system, you might
> want to take advantage of that fact.
Yes I'm aware of that :-/ Embarrassing isn't it? Unfortunately, being
on SORBS_DUL doesn't impact us directly, and despite the claims that
removal is free, th reality is proving to be quite different.
> Regardless, what matters from a spamassassin perspective is the
> accuracy of the list. That's the primary criteria that will get a list
> kicked out.
Indeed. Having not used SORBS, and not missing them, I have no stats of
my own to confirm or deny the accuracy of the list. Only that our IP
blocks have been listed and we have been given no explanation why; only
that we must overhaul our DNS and MTA systems to suit SORBS, then maybe
they will delist us.
> SORBS-DUL is one of the most accurate RBLs spamassassin uses in the
> mass-check tests. 99.4% of its hits are spam. This beats out all other
> RBLs in spamassassin's config except PBL (which ties it), XBL, and 4
> lists with very low hit rates that wound up with no nonspam hits.
See above.
> If it's really as arbitrary and random as you claim, how's it so
> accurate in real world tests?
No idea. I'd hazard a guess that the previous admin's actions at some
point got us listed; but he's moved to the opposite side of the country
and the silence from SORBS as to why we were listed in the first place
leaves me with one of two conclusions: previous admin screwed up royally
(possible but unlikely), SORBS listed our IP's without fair justification.
> Personally, it sounds like they listed you, and you've got a personal
> beef. The real world tests don't support your claims that it's operated
> on an arbitrary basis.
I've just got customers (ISP's) on my back to get the MTA's IPs off the
list. SORBS are being about as unco-operative as I've ever experienced
in my years as an admin. My frustrations are firmly aimed at the one
body that is causing me pain: SORBS. When all this is over, I still
wont use SORBS :)
We've crossed paths on other lists Matt, thanks for your objectivism. I
need sleep and some quiet (from the customers and management) so maybe
some of comment regarding SORBS have been a little harsh. Interestingly
the customers (mostly APAC ISP wholesalers) *all* have similar
opinions of SORBS as an entity to interact with.
Cheers,
James
Re: SORBS_DUL
Posted by Matt Kettler <mk...@verizon.net>.
James Gray wrote:
>
> Sorbs sux, don't use it. Last time we had this problem they wanted
> money (and not an insignificant amount either) to remove a listing
> from their systems. They arbitrarily add addresses to a database the
> IP's owner can't control, then demand money to remove the listing;
> where I come from, that's called extortion.
SORBS is an Australian entity, so they're "local" to you, at least in a
legal system sense.. If it is extortion in your legal system, you might
want to take advantage of that fact.
Regardless, what matters from a spamassassin perspective is the
accuracy of the list. That's the primary criteria that will get a list
kicked out.
SORBS-DUL is one of the most accurate RBLs spamassassin uses in the
mass-check tests. 99.4% of its hits are spam. This beats out all other
RBLs in spamassassin's config except PBL (which ties it), XBL, and 4
lists with very low hit rates that wound up with no nonspam hits.
If it's really as arbitrary and random as you claim, how's it so
accurate in real world tests?
Personally, it sounds like they listed you, and you've got a personal
beef. The real world tests don't support your claims that it's operated
on an arbitrary basis.
RE: SORBS_DUL
Posted by "James E. Pratt" <jp...@norwich.edu>.
> >
> > Why? Can you remove them from the SORBS_DUL? No, then it's not
> really
> > relevant then is it ;)
>
> I was trying to help you find the real problem. If you don't want
help,
> stop
> bitching.
>
> I have seen more requests here to stop using some blacklists because
of
> the
> requestor was unable to understand something. I think this is just
> another
> case...
>
Here's a story, maybe some of the "whiners" will learn from it...
We got listed on SORBS once in early '06...
Yes, we had to pay $ to get removed - a whopping $50 AU to the
Australian children's hospital ... (not even $50 US at the time?)
Yes, this was a giant hassle and inconvenience, it caused us much
trouble, wasted time, loss of mail, as well as loss of productivity and
(possibly) business revenue.
Did we feel extorted? No. Why? Because it was indeed our fault (getting
listed) and the money did not go to SORBS, their whole point in making
it difficult to get de-listed is so you WON'T GET LISTED AGAIN and have
to FIX YOUR DNS AND/OR MTA! (..is this really a "bad thing"?)
Needless to say, we haven't been listed anywhere since, and it helped us
fix some major security holes we weren't aware of, so in the long run,
it was almost worth it...
Regards,
j
Re: SORBS_DUL
Posted by mouss <mo...@netoyen.net>.
James Gray wrote:
> [snip]
> I didn't ASK FOR HELP! I asked what people's thoughts were on keeping
> a list like SORBS_DUL in the base/default spamassassin rules. I'm
> quite capable of fixing the mess I inherited.
>
As long as
- it doesn't cause FPs
- it helps catch spam
- it is free for use/access
it's good to have it.
I don't think this is what bothers you. I think you are angry because
some people use sorbs in their MTA and thus reject your mail.
spamassassin is score based, so even if you're listed, this is not
enough to make your mail tagged as spam.
>> I have seen more requests here to stop using some blacklists because
>> of the
>> requestor was unable to understand something. I think this is just
>> another
>> case...
>
> You know nothing about me. You assume I engineered the mess that is
> the DNS system I'm currently unravelling. I didn't. It was a dog's
> breakfast when I started and I'm slowly sorting the mess out.
>
>> If you tried using their support forum to delist IPs that did not
>> meet their
>> delisting criteria, I don't wonder if they reject it without providing
>> (other) reason.
>
> Forum? Or support request page? People keep referring to this
> nebulous "SORBS support forum"....I only see their website:
> https://www.us.sorbs.net/faq/supportreq.shtml
while not a support forum, the dnsbl-users@sorbs.net list may be a good
place to ask
https://www.us.sorbs.net/lists.shtml
> [snip]
Re: SORBS_DUL
Posted by James Gray <ja...@dot.com.au>.
Matus UHLAR - fantomas wrote:
>>> On 25.03.08 07:57, James Gray wrote:
>>>> Why are rules that look up against this list still in the base of
>>>> SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
>>>> practically useless
>
>> Matus UHLAR - fantomas wrote:
>>> I don't find it useless. It works quite well
>
> On 26.03.08 08:23, James Gray wrote:
>> Unless you receive mail from any of our customers.
>
> Actually I don't - they are listed in SORBS DUL...
Precisely my point. You incorrectly reject their mail as SORBS' tell
you it's a dynamic IP. They aren't, and never have been, dynamically
allocated to anyone.
> while no RFC forces setting of a TTL, some of them advise values ~1 day or
> more for records that do not change that often. Having TTL 3600 for normal
> records imho indicates just what SORBS points out at. I wouldn't trust you
> too.
See my other post today. The TTL's were dropped recently (January 2008)
to accommodate the move of equipment/IP/etc from one co-lo to another.
They are now back up to more "normal" values. The blocks that have been
listed have never, and will never be used in any dynamic addressing
scheme, yet were listed anyway - according to you, because of short
TTL's. As I have stated, the TTL's were dropped recently and restored
back recently but the SORBS listing was made in 2006 - long before I
started with this company and long before the recent co-lo move.
>> Why? Can you remove them from the SORBS_DUL? No, then it's not really
>> relevant then is it ;)
>
> I was trying to help you find the real problem. If you don't want help, stop
> bitching.
I didn't ASK FOR HELP! I asked what people's thoughts were on keeping a
list like SORBS_DUL in the base/default spamassassin rules. I'm quite
capable of fixing the mess I inherited.
> I have seen more requests here to stop using some blacklists because of the
> requestor was unable to understand something. I think this is just another
> case...
You know nothing about me. You assume I engineered the mess that is the
DNS system I'm currently unravelling. I didn't. It was a dog's
breakfast when I started and I'm slowly sorting the mess out.
> If you tried using their support forum to delist IPs that did not meet their
> delisting criteria, I don't wonder if they reject it without providing
> (other) reason.
Forum? Or support request page? People keep referring to this nebulous
"SORBS support forum"....I only see their website:
https://www.us.sorbs.net/faq/supportreq.shtml
> using sorbs is quite efficient, the scoress say it all. If you (and other
> ISP's DNS admins) were able to configure DNS properly, they would be even
> more efficient without false positives.
I am perfectly capable of configuring DNS. In fact over the last 15
years or so that I've been doing DNS/MTA admin on Unix-based systems, a
lot of my work as a contractor and as an incumbent admin is fixing
messes left by previous admins. I'm currently stuck with a /19, /20 and
a few stand-alone class-C's that are all a complete debacle. It's odd
that other lists have automatically, and rapidly de-listed the odd IP
here and there, without me needing to jump through hoops.
SORBS make life hard for people to be de-listed: it's their idea of how
DNS/MTA's should be managed, or you can talk to the virtual hand. That
is my beef.
Why are you so adamant about defending them? There are plenty of other
(better IMHO) RBL's that are far more effective in filtering spam and
other nasties.
Peace,
James
Re: SORBS_DUL
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> >On 25.03.08 07:57, James Gray wrote:
> >>Why are rules that look up against this list still in the base of
> >>SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
> >>practically useless
> Matus UHLAR - fantomas wrote:
> >I don't find it useless. It works quite well
On 26.03.08 08:23, James Gray wrote:
> Unless you receive mail from any of our customers.
Actually I don't - they are listed in SORBS DUL...
> >>and if you are an unfortunate who ends up
> >>incorrectly listed in it, good luck getting off it!
> >
> >it's mostly problem of bad DNS configuration.
>
> Completely RFC compliant DNS. The default TTL is the recommended 3600
> seconds for both forward and reverse. Apparently they want us to use
> 14400 or something equally ludicrous...it's my DNS system, not theirs.
while no RFC forces setting of a TTL, some of them advise values ~1 day or
more for records that do not change that often. Having TTL 3600 for normal
records imho indicates just what SORBS points out at. I wouldn't trust you
too.
> >>Case at hand, the
> >>company I work for purchased a /19 address block directly from APNIC
> >>before anyone else had it (IOW, we were the first users of that block).
> >>
> >>We now have both our external mail IP's listed in SORBS_DUL despite the
> >>fact the /24 they belong to, and the /24's on either side have NEVER
> >>been part of a dynamic pool.
> >
> >what are those IPs and their DNS records?
>
> Why? Can you remove them from the SORBS_DUL? No, then it's not really
> relevant then is it ;)
I was trying to help you find the real problem. If you don't want help, stop
bitching.
I have seen more requests here to stop using some blacklists because of the
requestor was unable to understand something. I think this is just another
case...
> >> SORBS refuse to delist them as our MX
> >>records are different to these outgoing mail servers! FFS - we run
> >>managed services for a number of ISP's why the hell would we *want* to
> >>munge all our inbound and outbound mail through the same IP's?!?
> >
> >did you try discussing this problem on SORBS mailing lists?
>
> No, we tried using their support system as per their website (which was
> a tedious, time consuming wasted effort). If the forums/lists are how
> they "do" support for these sort of problems, then IMHO it's even more
> reason to deprecate the use of SORBS in the base SpamAssassin rules.
If you tried using their support forum to delist IPs that did not meet their
delisting criteria, I don't wonder if they reject it without providing
(other) reason.
> Sorbs sux, don't use it. Last time we had this problem they wanted
> money (and not an insignificant amount either) to remove a listing from
> their systems. They arbitrarily add addresses to a database the IP's
> owner can't control, then demand money to remove the listing; where I
> come from, that's called extortion.
using sorbs is quite efficient, the scoress say it all. If you (and other
ISP's DNS admins) were able to configure DNS properly, they would be even
more efficient without false positives.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
Re: SORBS_DUL
Posted by James Gray <ja...@dot.com.au>.
Matus UHLAR - fantomas wrote:
> On 25.03.08 07:57, James Gray wrote:
>> Why are rules that look up against this list still in the base of
>> SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
>> practically useless
>
> I don't find it useless. It works quite well
Unless you receive mail from any of our customers.
>> and if you are an unfortunate who ends up
>> incorrectly listed in it, good luck getting off it!
>
> it's mostly problem of bad DNS configuration.
Completely RFC compliant DNS. The default TTL is the recommended 3600
seconds for both forward and reverse. Apparently they want us to use
14400 or something equally ludicrous...it's my DNS system, not theirs.
>> Case at hand, the
>> company I work for purchased a /19 address block directly from APNIC
>> before anyone else had it (IOW, we were the first users of that block).
>>
>> We now have both our external mail IP's listed in SORBS_DUL despite the
>> fact the /24 they belong to, and the /24's on either side have NEVER
>> been part of a dynamic pool.
>
> what are those IPs and their DNS records?
Why? Can you remove them from the SORBS_DUL? No, then it's not really
relevant then is it ;)
>> SORBS refuse to delist them as our MX
>> records are different to these outgoing mail servers! FFS - we run
>> managed services for a number of ISP's why the hell would we *want* to
>> munge all our inbound and outbound mail through the same IP's?!?
>
> did you try discussing this problem on SORBS mailing lists?
No, we tried using their support system as per their website (which was
a tedious, time consuming wasted effort). If the forums/lists are how
they "do" support for these sort of problems, then IMHO it's even more
reason to deprecate the use of SORBS in the base SpamAssassin rules.
Sorbs sux, don't use it. Last time we had this problem they wanted
money (and not an insignificant amount either) to remove a listing from
their systems. They arbitrarily add addresses to a database the IP's
owner can't control, then demand money to remove the listing; where I
come from, that's called extortion.
Compared to the way other RBL's are operated, the clowns at SORBS are
just plain cowboys without a clue.
Cheers,
James
Re: SORBS_DUL
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 25.03.08 07:57, James Gray wrote:
> Why are rules that look up against this list still in the base of
> SpamAssassin?? The SORBS dynamic list is so poorly maintained that it's
> practically useless
I don't find it useless. It works quite well
> and if you are an unfortunate who ends up
> incorrectly listed in it, good luck getting off it!
it's mostly problem of bad DNS configuration.
> Case at hand, the
> company I work for purchased a /19 address block directly from APNIC
> before anyone else had it (IOW, we were the first users of that block).
>
> We now have both our external mail IP's listed in SORBS_DUL despite the
> fact the /24 they belong to, and the /24's on either side have NEVER
> been part of a dynamic pool.
what are those IPs and their DNS records?
> SORBS refuse to delist them as our MX
> records are different to these outgoing mail servers! FFS - we run
> managed services for a number of ISP's why the hell would we *want* to
> munge all our inbound and outbound mail through the same IP's?!?
did you try discussing this problem on SORBS mailing lists?
> Seriously folks, can we make SORBS_DUL optional and not "on by default"
> in the general distribution?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The early bird may get the worm, but the second mouse gets the cheese.