Anyone using zen.spamhaus.org?
Jim Holland
mailscanner at mango.zw
Wed Sep 6 11:22:42 IST 2006
On Tue, 5 Sep 2006, Dennis Willson wrote:
> Res wrote:
> > On Tue, 5 Sep 2006, Logan Shaw wrote:
> >
> >> Whether it defeats the purpose depends on what the purpose is.
> >
> > The purpose is made up of and in the order of...
> >
> > Protecting users as much as possible from privacy invaders
> > Lessen the load as much as possible on the SMTP servers
> > Bandwith usage/costs
> >
> > Why should anyone go out and spend say 10K on another basic server to
> > handle the extra load? nobody can ever tell me why I should do that,
> > its always "get more or better hardware so S.A can work better" er no
> > sorry, ill reduce the loading on the existing gear by preventing their
> > trash from even trying to occupy any more of my resources.
> >
> >> and bandwidth) available have versus the consequences of knowing
> >> that you've discarded/refused when you've had false positives.
> >
> > I've not yet once in all the years of use of RBL's, like back to when
> > maps was the in and only thing (and free) ever seen an IP wrongfully
> > blocked.
> Well I've been using RBLs for just as long and they have errors all the
> time. I depends on the RBL and how they get their listings as to how
> accurate they are. Recently I had problems with SpamCop listing yahoo
> groups servers and my users yelled about that...
I have also found many false positives, especially as I deliberately use a
somewhat aggressive RBL - t1.dnsbl.net.au.
> > If that scumbag shares a colo with 999 other hosts who are doing
> > nothing wrong, it is up to the admins of the zone to get off their
> > lazy useless asses and deal with the problem makers, most times (but
> > admittedly not all)
> > an IP only gets in a list because system admins ignore complaints and
> > fail to deal with them for fear of losing that customer, their actions
> > of ignoring it, now places them at risk of instead of losing the 1
> > idiot, they risk losing the other 999 innocent parties whos mail is
> > blocked instead.
> >
> > I also operate in similar way with the sendmail and qmail access
> > files, if we complain about spammers and a network fails to act after
> > multiple complaints then ill take them out. For instance, I currently
> > have
> > RHS blocking on telusplanet.net, comcast.net and hinet.net, 3 i
> > gather very large international ISP's. They prolly care about this as
> > much as i do now but at least my users wont see much if any of their
> > trash :)
> This is a poor way block Spam. Since most Spammers use spoofed email
> addresses including using valid user addresses who had nothing to do
> with the Spam (usually by picking an address from their sending list and
> use that as the From: address), so while it may block some Spam, it also
> blocks many many users that had nothing to do with sending Spam.
> Comcast.net itself does not send Spam, while some Spam comes from email
> addresses that say they're from comcast.net, this is generally due to
> spoofing. I have also tracked lots IP addresses of originating hosts to
> be on the comcast network... They were not from the comcast owned mail
> servers and the From: email address was not using the comcast.net domain
> so blocking the comcast.net domain doesn't really block Spam from
> comcast.net customers. At least this is where RBLs do a better job as
> they block based on the IP address of the server not the email address
> of the spoofed sender.
I presume that the previous sender was referring to comcast.net client
servers rather than their domain. I agree that blocking by domain is
generally not a good idea (with quite a few specific exceptions, such as
all the garageservice.biz type domains), and I wouldn't block comcast.net
e-mail addresses. However I do block all comcast.net servers with
hostnames of the form hsd1.xx.comcast.net - they just spew out spam all
the time. There I am of course being more aggressive than the RBLs.
> It would be nice if comcast used SPF to make it easier to verify spoofed
> email addresses....
>
> Actually I get the best results from Greet Pause, Sender Address
> Verification and Greylisting. I do a number of other things at the SMTP
> level as well, then follow it up with SpamAssasin/MailScanner to catch
> the remaining Spam.
Yes - all essential tools.
Regards
Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service
More information about the MailScanner
mailing list