Anyone using zen.spamhaus.org?

Jim Holland mailscanner at mango.zw
Wed Sep 6 11:22:42 IST 2006 

On Tue, 5 Sep 2006, Dennis Willson wrote:

> Res wrote:
> > On Tue, 5 Sep 2006, Logan Shaw wrote:
> >
> >> Whether it defeats the purpose depends on what the purpose is.
> >
> > The purpose is made up of and in the order of...
> >
> > Protecting users as much as possible from privacy invaders
> > Lessen the load as much as possible on the SMTP servers
> > Bandwith usage/costs
> >
> > Why should anyone go out and spend say 10K on another basic server to 
> > handle the extra load? nobody can ever tell me why I should do that,
> > its always "get more or better hardware so S.A can work better" er no 
> > sorry, ill reduce the loading on the existing gear by preventing their 
> > trash from even trying to occupy any more of my resources.
> >
> >> and bandwidth) available have versus the consequences of knowing
> >> that you've discarded/refused when you've had false positives.
> >
> > I've not yet once in all the years of use of RBL's, like back to when 
> > maps was the in and only thing (and free) ever seen an IP wrongfully 
> > blocked.
> Well I've been using RBLs for just as long and they have errors all the 
> time. I depends on the RBL and how they get their listings as to how 
> accurate they are. Recently I had problems with SpamCop listing yahoo 
> groups servers and my users yelled about that...

I have also found many false positives, especially as I deliberately use a
somewhat aggressive RBL - t1.dnsbl.net.au.
 
> > If that scumbag shares a colo with 999 other hosts who are doing 
> > nothing wrong, it is up to the admins of the zone to get off their 
> > lazy useless asses and deal with the problem makers, most times (but 
> > admittedly not all)
> > an IP only gets in a list because system admins ignore complaints and 
> > fail to deal with them for fear of losing that customer, their actions 
> > of ignoring it, now places them at risk of instead of losing the 1 
> > idiot, they risk losing the other 999 innocent parties whos mail is 
> > blocked instead.
> >
> > I also operate in similar way with the sendmail and qmail access 
> > files, if we complain about spammers and a network fails to act after 
> > multiple complaints then ill take them out. For instance, I currently 
> > have
> > RHS blocking on  telusplanet.net, comcast.net and hinet.net, 3 i 
> > gather very large international ISP's. They prolly care about this as 
> > much as i do now but at least my users wont see much if any of their 
> > trash :)
> This is a poor way block Spam. Since most Spammers use spoofed email 
> addresses including using valid user addresses who had nothing to do 
> with the Spam (usually by picking an address from their sending list and 
> use that as the From: address), so while it may block some Spam, it also 
> blocks many many users that had nothing to do with sending Spam. 
> Comcast.net itself does not send Spam, while some Spam comes from email 
> addresses that say they're from comcast.net, this is generally due to 
> spoofing. I have also tracked lots IP addresses of originating hosts to 
> be on the comcast network... They were not from the comcast owned mail 
> servers and the From: email address was not using the comcast.net domain 
> so blocking the comcast.net domain doesn't really block Spam from 
> comcast.net customers. At least this is where RBLs do a better job as 
> they block based on the IP address of the server not the email address 
> of the spoofed sender.

I presume that the previous sender was referring to comcast.net client
servers rather than their domain.  I agree that blocking by domain is
generally not a good idea (with quite a few specific exceptions, such as
all the garageservice.biz type domains), and I wouldn't block comcast.net
e-mail addresses.  However I do block all comcast.net servers with
hostnames of the form hsd1.xx.comcast.net - they just spew out spam all
the time.  There I am of course being more aggressive than the RBLs.
 
> It would be nice if comcast used SPF to make it easier to verify spoofed 
> email addresses....
> 
> Actually I get the best results from Greet Pause, Sender Address 
> Verification and Greylisting. I do a number of other things at the SMTP 
> level as well, then follow it up with SpamAssasin/MailScanner to catch 
> the remaining Spam.

Yes - all essential tools.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

More information about the MailScanner mailing list