spam: block it or tag it?

Jeff A. Earickson jaearick at COLBY.EDU
Fri May 9 03:37:16 IST 2003


Gang,
   I don't hesitate to use sendmail RBLs, the Discard mailer, and
local IP/domain/spammer sendmail access-deny lists.  I seldom get
complaints about legit blocked email.  I've used RBL+ for over two
years, spamcop.net for over a year, spamhaus.org for 3 or 4 months.
Of these, spamcop is the best and blocks the most spam.

  This week, I looked thru my syslogs at the email tagged by the
Discard mailer.  I seldom add sites to the Discard list, and very
judiciously.  Most of the domains in my Discard list have been there
for months.  Those sites that have been hitting my machine steadily
for the past month got "promoted".  I studied the IP number and/or
netblocks of these domains, and then added them to my ipfilter settings
as IP-level blocks.  The mailer software at these domains now see
my mail server as down -- not a peep of response, no connection, nada.
FYI, here are the netblocks that got promoted to ipfilter blockage:

#---block chronic spam sites
#---doubleclick.net
block in quick on hme0 proto tcp from 216.73.80.0/20 to any port = 25
#---mindshare design, mb00.net
block in quick on hme0 proto tcp from 216.39.112.0/20 to any port = 25
#---flowgo.com
block in quick on hme0 proto tcp from 12.129.205.0/24 to any port = 25
#---dartmail.net
block in quick on hme0 proto tcp from 146.82.220.0/24 to any port = 25
#---sendmoreinfo.com
block in quick on hme0 proto tcp from 65.168.206.0/24 to any port = 25
#---crushlink.com
block in quick on hme0 proto tcp from 129.250.134.0/24 to any port = 25
#---yourmailsource.com
block in quick on hme0 proto tcp from 216.109.73.35 to any port = 25

May they rot in hell.

Yes, I also use the spam tagging (score=4) and high-spam discard (score=8)
features of MailScanner.  Still, the spam comes...

--- Jeff Earickson
    Colby College

On Fri, 9 May 2003, Steffan Henke wrote:

> Date: Fri, 9 May 2003 03:09:16 +0200
> From: Steffan Henke <henker at SHCOM.US>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: spamassassin 2.53 & MailScanner
>
> On Thu, 8 May 2003, Gerry Doris wrote:
>
> > don't reject/block messages.  I believe using them with sendmail will
> > actually reject the message but that isn't what happens when called from
> > MailScanner/Spamassassin.
> > The problem is that some of the RBL's are a little suspect and may score
> > a ham message enough to have it flagged as spam ie a false positive.
>
> Yep, I guess every admin has to figure out which RBL to use and which to
> avoid. I've been using list.dsbl.org, sbl.spamhaus.org and relays.ordb.org
> for 6 months - so far, I got ONE complaint from a user. That user had a
> dial-up-account that was blacklisted as an open relay. He disconnected,
> reconnected, got a new IP and could send emails again.
>
>
> Regards,
>
> Steffan
>



More information about the MailScanner mailing list