potential blacklist stats

Philip Parsons pparsons at COLUMBIAFUELS.COM
Tue Jul 13 22:31:43 IST 2004 

Point taking. 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Fred Broughton
Sent: Tuesday, July 13, 2004 1:32 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: potential blacklist stats

But when these IP addresses are listed in an RBL the email is flagged as
spam and enough of this gets the ip in the access list. What had
happened several times was that a prior unknown user that had been
assigned the IP address was the cause of it getting added to the access
table. Then my user would get the IP address, but there was no way to
use any logic or whitelisting to let him because he was blocked at the
MTA. I have chosen to opt for the higher level of control that using MW
- MS - SA give me and leave the access list for manual edits. At least I
am able to use all of the tools at my disposal to determine if I want to
handle the Email when I let it in the door. When I slam the door shut,
that's it. All of the other efforts can't make a bit of difference.

It only take a couple of times having the owner call you at 2am because
he's trying to send an urgent email from some Hotel room before he can
leave for the airport.......
If I was handling a huge volume of mail, I would be more interested in
keeping this to cut down on the resource utilization, but for now it's
not an issue and the combination of MS with RBLs and SA with Bayes and
Razor is keeping up just fine.



-----Original Message-----
From: Philip Parsons [mailto:pparsons at COLUMBIAFUELS.COM]
Sent: Tuesday, July 13, 2004 3:18 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: potential blacklist stats

You could add the From:email address of those Traveling to the
spam.whitelist.rules that way when they are sending mail into your
company they would not get tagged as spam and left out of the access
list.. 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Fred Broughton
Sent: Tuesday, July 13, 2004 12:38 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: potential blacklist stats

I had used Vispan until I was upgrading my MS and SA installations and
found MailWatch.

I was really hung up on the automatic updates to Sendmail access lists
and kept Vispan running for quite a while after I had installed
MailWatch for just that feature, but these caused issues at times once I
started using RBLs. I would at times have traveling users that were on
dynamic ISP addresses that were blacklisted. With it blocked at the
Sendmail access list, I had no way for them to authenticate for sending
so I finally shut Vispan off.



-----Original Message-----
From: Philip Parsons [mailto:pparsons at COLUMBIAFUELS.COM]
Sent: Tuesday, July 13, 2004 1:12 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: potential blacklist stats

I am using a program called Vispan
http://www.while.homeunix.net/mailstats/ not only does it get you stats
but is scans your maillog file and adds people to your access list that
have spammed x amount of time or even sent you viruses x amount of times
all configured by numbers you tell it..It is very cool and works well. 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of hermit921
Sent: Tuesday, July 13, 2004 10:45 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: potential blacklist stats

I intend to block at the MTA level when I add another blacklist.  But I
want to get an idea of the effects before I start using it.

I thought about extracting all the IP addresses that delivered mail and
running a script to check each of those against various lists, but I
hoped to find an easier way.

hermit921


At 03:48 PM 7/12/2004, Stephen Swaney wrote:
> > -----Original Message-----
> > Subject: potential blacklist stats
> >
> > I put one IP blacklist in place (postfix) and it is blocking about 
> > 20% of incoming mail attempts.  A good start.  Now I want to find 
> > the next most effective (and well documented, low false positive 
> > rate, etc) blacklist.  Is there a way for MailScanner to do a check 
> > against several blacklists such as XBL, CBL, SORBS, etc. and report 
> > how many connections come from an IP address on each list?  Then 
> > pick the best one and block that in postfix.  Repeat cycle as
feasible.
>
>
>We recommend blocking at the MTA level - on one RBL,
>
>         sbl.xbl.spamhaus.org (see www.spamhaus.org)
>
>Blocking reduces the load on MailScanner / SpamAssassin much more than 
>blacklisting. The email is never accepted for delivery so it never hits

>MailScanner, SpamAssassin or the virus scanner(s).
>
>Stephen Swaney
>President
>Fortress Systems Ltd.
>Steve.Swaney at FSL.com
>
> > This could provide us with some good data to persuade powers that be

> > to allow us to use more blacklists.  What I really want is to show 
> > that [make up a number here] 30% of what we tag as spam would have 
> > been rejected before it was allowed onto our mail server.
> >
> > hermit921
> >

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list