On Sa, 11.12.2004, 01:18, Michael Loftis wrote:
...
> Actually as it turns out I can't send mail directly to you, something
> about
> my @modwest.com address is apprently offensive to your mailserver... 550
> Sender access denied for [EMAIL PROTECTED] -- I sent a second one from
> my
> home address
--On Saturday, December 11, 2004 10:50 +1100 Craig Sanders <[EMAIL PROTECTED]>
wrote:
diff -u ???
I'll attach privately the diff's from your version ( CVS)
Now that's a heck of a tactic LOL :)
oh yes, i forgot the most amusing thing about it. it not only sent it to
a subset of the spammer d
--On Friday, December 10, 2004 17:01 -0700 Michael Loftis
<[EMAIL PROTECTED]> wrote:
--On Saturday, December 11, 2004 10:50 +1100 Craig Sanders
<[EMAIL PROTECTED]> wrote:
diff -u ???
I'll attach privately the diff's from your version ( CVS)
Actually as it turns out I can't send mail directl
On Fri, Dec 10, 2004 at 05:01:33PM -0700, Michael Loftis wrote:
> So it's your fault they figured out the forged MAIL FROM trick! Bad
> craig, no donut! ;)
no, many of them already knew that. it was obvious anyway.
craig
--
craig sanders <[EMAIL PROTECTED]> (part time cyborg)
--
T
On Fri, Dec 10, 2004 at 11:20:28AM -0700, Michael Loftis wrote:
> >i certainly wouldn't recommend running it on a large installation.
> >i'm surprised you even tried.
>
> Well, we're very anti-spam, and willing ot try anything to help...I
> had to disable it after we got around ~8K rules in the tab
Am 2004-12-09 19:04:49, schrieb Richard Zuidhof:
> Michelle Konzack wrote:
> cbl.abuseat.org is included in xbl.spamhaus.org so it is not needed to
> use both. If you use sbl.spamhaus.org I do not see why not to use
sbl-xbl.spamhaus.org had never FP
> bl.spamcop.net as well. Both have some coll
--On Friday, December 10, 2004 22:48 +1100 Craig Sanders <[EMAIL PROTECTED]>
wrote:
On Thu, Dec 09, 2004 at 11:18:16PM -0700, Michael Loftis wrote:
--On Friday, December 10, 2004 16:43 +1100 Craig Sanders
<[EMAIL PROTECTED]> wrote:
> DoS is a huge exaggeration. a few smtpd processes waiting to t
On Friday 10 December 2004 09:36, Mark Bucciarelli wrote:
> (1) If SPF HELO checking is on and lookup matches connecting IP
> --> PASS
[..]
> Otherwise, return 517 HELO $hostname does not match $remote-ip
Sorry to reply to myself, but this sequence is more complicated if SPF
checking is turned
[CC'ing Bill Taroli who has been helping me with this on courier-user]
On Friday 10 December 2004 07:08, Russell Coker wrote:
> On Friday 10 December 2004 00:39, Mark Bucciarelli
> <[EMAIL PROTECTED]>
>
> wrote:
> > I've recently turned on EHLO/HELO validation and am encouraged by how
> > effectiv
On Fri, Dec 10, 2004 at 11:08:53PM +1100, Russell Coker wrote:
> I tried out "reject_unknown_hostname" but had to turn it off, too many
> machines had unknown hostnames.
>
> For example a zone foo.com has a SMTP server named postfix1 and puts
> postfix1.foo.com in the EHLO command but has an extern
On Friday 10 December 2004 00:39, Mark Bucciarelli <[EMAIL PROTECTED]>
wrote:
> I've recently turned on EHLO/HELO validation and am encouraged by how
> effective it is. WIth RBL's (spamcop and dnsbl) and SpamAssassin 3, only
> 88% of spam was stopped. So far, it's 100%. (This is a _very_ small
On Thu, Dec 09, 2004 at 11:18:16PM -0700, Michael Loftis wrote:
> --On Friday, December 10, 2004 16:43 +1100 Craig Sanders
> <[EMAIL PROTECTED]> wrote:
>
> >DoS is a huge exaggeration. a few smtpd processes waiting to timeout
> >does not constitute a DoS. neither does a few dozen.
>
> I had about 8
--On Friday, December 10, 2004 16:43 +1100 Craig Sanders <[EMAIL PROTECTED]>
wrote:
DoS is a huge exaggeration. a few smtpd processes waiting to timeout
does not constitute a DoS. neither does a few dozen.
I had about 800 waiting around in just a few minutes on the one server I
began testing
On Thu, Dec 09, 2004 at 10:22:24PM -0700, Michael Loftis wrote:
> >if you want to see it, look in http://taz.net.au/postfix/scripts/
> >
> >it's called watch-maillog.pl
>
> One little note about that script, the DROP needs to be changed since
> basically you're DoSing yourself by hanging a bunch of
--On Thursday, December 09, 2004 12:22 +1100 Craig Sanders <[EMAIL PROTECTED]>
wrote:
On Thu, Dec 09, 2004 at 11:27:27AM +1100, Russell Coker wrote:
On Thursday 09 December 2004 01:12, Craig Sanders <[EMAIL PROTECTED]> wrote:
> the log file noise issue is important to me - i've recently started
On Thu, Dec 09, 2004 at 07:04:49PM +0100, Richard Zuidhof wrote:
> To see some statistics on the hit rate of various blacklists see:
> http://cgi.monitor.nl/popstats.html
> http://www.sdsc.edu/~jeff/spam/cbc.html
or if you run postfix and want to compare RBLs against the client IP
f my spams and "abuseat" around 10%. The rest is done
by "Blacklists" and spamassassin.
cbl.abuseat.org is included in xbl.spamhaus.org so it is not needed to
use both. If you use sbl.spamhaus.org I do not see why not to use
bl.spamcop.net as well. Both have some collateral d
On Tuesday 07 December 2004 17:55, Michael Loftis wrote:
> --On Wednesday, December 08, 2004 08:47 +1100 Craig Sanders
>
> <[EMAIL PROTECTED]> wrote:
> >> Now I reject by 554 code... should I change to 4xx?
> >
> > if it suits your needs. i wouldn't.
>
> I have to agree with that statement. For
On Thursday 09 December 2004 00:42, Michael Loftis wrote:
> See my just prior response on this thread, most people don't
> understand bounces. Yes it could be argued a bounce needs to be
> reformatted so the humans can read it easier, but it's not my system
> generating the bounce message, I'm ju
On Thu, Dec 09, 2004 at 11:27:27AM +1100, Russell Coker wrote:
> On Thursday 09 December 2004 01:12, Craig Sanders <[EMAIL PROTECTED]> wrote:
> > the log file noise issue is important to me - i've recently started
> > monitoring mail.log and adding iptables rules to block smtp connections
i also w
On Thu, Dec 09, 2004 at 11:27:27AM +1100, Russell Coker wrote:
> On Thursday 09 December 2004 01:12, Craig Sanders <[EMAIL PROTECTED]> wrote:
> > the log file noise issue is important to me - i've recently started
> > monitoring mail.log and adding iptables rules to block smtp connections
> > from
On Thursday 09 December 2004 01:12, Craig Sanders <[EMAIL PROTECTED]> wrote:
> the log file noise issue is important to me - i've recently started
> monitoring mail.log and adding iptables rules to block smtp connections
> from client IPs that commit various spammish-looking crimes against my
> sys
On Wed, Dec 08, 2004 at 03:38:36PM -0700, Michael Loftis wrote:
> --On Thursday, December 09, 2004 01:12 +1100 Craig Sanders <[EMAIL
> PROTECTED]>
> wrote:
>
> >if it's a false positive, the sender will get a bounce from their MTA and
> >they can fix the problem or route around it. IMO, that's
On Wed, Dec 08, 2004 at 07:41:12PM +0100, Philipp Kern wrote:
> > > Received: from [217.226.195.183] by web60309.mail.yahoo.com via HTTP; Mon,
> > > 29 Nov 2004 19:12:36 CET Content-Type: text/plain; charset=iso-8859-1
>
> SpamAssassin looks at all the headers. If this is a good choice or not
> is
--On Wednesday, December 08, 2004 16:04 +0200 Ian Forbes
<[EMAIL PROTECTED]> wrote:
On Wednesday 08 December 2004 15:00, Russell Coker wrote:
I agree that we don't want to be nice to spammers. But there is also
the issue of being nice in the case of false-positives.
I think, that a permanent er
--On Thursday, December 09, 2004 01:12 +1100 Craig Sanders <[EMAIL PROTECTED]>
wrote:
if it's a false positive, the sender will get a bounce from their MTA and
they can fix the problem or route around it. IMO, that's far nicer to
legit senders than them not knowing that their mail isn't being d
On Wed, 2004-12-08 at 23:56 +1100, Russell Coker wrote:
> Yahoo server IP address space should not be in a dialup class. If that
> happens then notify the person maintaining the dialup-list that you use that
> they have an inaccuracy.
This is incorrect when you look at the headers.
> > Receive
On Wed, 2004-12-08 at 15:30 +0100, Michelle Konzack wrote:
> sbl-xbl.spamhaus.org
> opm.blitzed.org
> But now I have removed all exept the first two. "spamhaus"
> catchs more then 50% of my spams and "abuseat" around 10%.
> The rest is done by "Bla
Am 2004-12-05 10:54:03, schrieb Marek Podmaka:
> Hello debian-isp,
>
> which blacklists do you use to block spam emails on production
> boxes? I use relays.ordb.org and list.dsbl.org and now I have read
> about Spamhaus SBL and XBL on their website. What are your
> exper
On Wednesday 08 December 2004 15:00, Russell Coker wrote:
> I agree that we don't want to be nice to spammers. But there is also
> the issue of being nice in the case of false-positives.
I think, that a permanent error is the best response for a
false-positive.
The sender will then receive a b
On Thu, Dec 09, 2004 at 12:00:42AM +1100, Russell Coker wrote:
> On Wednesday 08 December 2004 20:16, Craig Sanders <[EMAIL PROTECTED]> wrote:
> > > Craig, why do you think it's undesirable to do so?
> >
> > because i dont want the extra retry traffic. i want spammers to take FOAD
> > as an answer
On Wednesday 08 December 2004 20:16, Craig Sanders <[EMAIL PROTECTED]> wrote:
> > Craig, why do you think it's undesirable to do so?
>
> because i dont want the extra retry traffic. i want spammers to take FOAD
> as an answer, and i dont want to welcome them with a pleasant "please try
> again lat
On Wednesday 08 December 2004 20:32, daniele becchi
<[EMAIL PROTECTED]> wrote:
> > Odd, since we don't see this. And when it does happen to 'big' mail
> > senders it's never AOL for one (they're on the whitelist). And it's
> > totally automatic so if they do end up on it's usually for less than
--On Wednesday, December 08, 2004 10:32 +0100 daniele becchi
<[EMAIL PROTECTED]> wrote:
if i would have used rbl checks in postfix instead of spamassim i would
never receive that mail, right?
the tracked ip is of course 217.226.195.186 and not the yahoo ip
216.109.118.120.
Or i didn't understan
Michael Loftis wrote:
--On Monday, December 06, 2004 09:34 +0100 Adrian 'Dagurashibanipal'
von Bidder <[EMAIL PROTECTED]> wrote:
Various AOL mailservers, the Debian mailservers, and other servers
sending out lots of regular mail get listed in spamcop regularly, so my
recommendation (and that o
On Wed, Dec 08, 2004 at 07:51:13PM +1100, Russell Coker wrote:
> On Wednesday 08 December 2004 09:55, Michael Loftis <[EMAIL PROTECTED]>
> wrote:
> > I have to agree with that statement. For us it suits our needs very
> > well. I don't mind handling the extra retry traffic if it means
> > legitima
On Wednesday 08 December 2004 09:55, Michael Loftis <[EMAIL PROTECTED]>
wrote:
> I have to agree with that statement. For us it suits our needs very well.
> I don't mind handling the extra retry traffic if it means legitimate mail
> on a 'grey/pink' host is just temporarily rejected or delayed wh
--On Wednesday, December 08, 2004 08:47 +1100 Craig Sanders
<[EMAIL PROTECTED]> wrote:
Now I reject by 554 code... should I change to 4xx?
if it suits your needs. i wouldn't.
I have to agree with that statement. For us it suits our needs very well.
I don't mind handling the extra retry traf
--On Tuesday, December 07, 2004 22:18 +0100 Marek Podmaka <[EMAIL PROTECTED]>
wrote:
Hello Michael,
You mean you reject spam only temporarily? By setting
maps_rbl_reject_code in postfix to 4xx? What value exactly?
We use either 450 or 454, don't remember the value exactly. And I'm not
sure
On Tue, Dec 07, 2004 at 10:18:28PM +0100, Marek Podmaka wrote:
> My question is - does the spam software (or whatever is used for
> sending majority of spams) try to re-send it?
most (if not all) spamware and viruses won't. open relays and spamhaus sites
and other real MTAs will.
> How ofte
Hello Michael,
You mean you reject spam only temporarily? By setting
maps_rbl_reject_code in postfix to 4xx? What value exactly?
My question is - does the spam software (or whatever is used for
sending majority of spams) try to re-send it? How often and for how
long? Now I reject by 554
--On Monday, December 06, 2004 09:34 +0100 Adrian 'Dagurashibanipal' von
Bidder <[EMAIL PROTECTED]> wrote:
Various AOL mailservers, the Debian mailservers, and other servers
sending out lots of regular mail get listed in spamcop regularly, so my
recommendation (and that of spamcop.net themselv
--On Monday, December 06, 2004 09:34 +0100 Adrian 'Dagurashibanipal' von
Bidder <[EMAIL PROTECTED]> wrote:
Various AOL mailservers, the Debian mailservers, and other servers
sending out lots of regular mail get listed in spamcop regularly, so my
recommendation (and that of spamcop.net themselv
On Monday 06 December 2004 19:34, Adrian 'Dagurashibanipal' von Bidder
<[EMAIL PROTECTED]> wrote:
> Various AOL mailservers, the Debian mailservers, and other servers sending
> out lots of regular mail get listed in spamcop regularly, so my
> recommendation (and that of spamcop.net themselves, btw
On Sunday 05 December 2004 11.31, Michael Loftis wrote:
> we use bl.spamcop.net up front at the SMTP level before taking any
> messages from a site.
Hmm.
Various AOL mailservers, the Debian mailservers, and other servers sending
out lots of regular mail get listed in spamcop regularly, so my
re
On So, 5.12.2004, 10:54, Marek Podmaka sagte:
> Hello debian-isp,
>
> which blacklists do you use to block spam emails on production
> boxes? I use relays.ordb.org and list.dsbl.org and now I have read
> about Spamhaus SBL and XBL on their website. What are your
> e
Marek Podmaka wrote:
which blacklists do you use to block spam emails on production
boxes? I use relays.ordb.org and list.dsbl.org and now I have read
about Spamhaus SBL and XBL on their website. What are your
experiences with it?
From what I understand XBL is a *private* list not for
--On Sunday, December 05, 2004 10:54 +0100 Marek Podmaka <[EMAIL PROTECTED]>
wrote:
Hello debian-isp,
which blacklists do you use to block spam emails on production
boxes? I use relays.ordb.org and list.dsbl.org and now I have read
about Spamhaus SBL and XBL on their website. What ar
Hello debian-isp,
which blacklists do you use to block spam emails on production
boxes? I use relays.ordb.org and list.dsbl.org and now I have read
about Spamhaus SBL and XBL on their website. What are your
experiences with it?
thanks
--
bYE, Marki
--
To UNSUBSCRIBE, email
question
is there another better blacklist somewhere around?
it not comfortable that google.at gets blocked
thanks
marco
My squidguard config looks like that
---
dbhome /etc/squid/blacklists
logdir /var/log/squid
dest porn {
domainlist porn/domains
50 matches
Mail list logo
