HAM from their IP blocks over 3
years ago. Seems like they’ve turned a corner.
192.227.128.0/17
198.23.128.0/17
172.245.0.0/16
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
On Oct 5, 2015, at 7:36 PM, Reindl Harald wrote:
> Am 06.10.2015 um 04:33 schrieb Jo Rhett:
>> Looking at my spam block statistics, not a single IP I’ve reported to
>> SoftLayer over the last two years has been shut down. Is there any
>> reason I shouldn’t just block all
Looking at my spam block statistics, not a single IP I’ve reported to SoftLayer
over the last two years has been shut down. Is there any reason I shouldn’t
just block all their allocations and save myself some effort?
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and
ried
Thunderbird, and while it is capable it’s more than 15 clicks and manual hand
editing to send a report. The two key combinations was far easier to use.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
> Patrick
> Online Safety Team
I’m blocking 64.4.0.0/18 on all MX targets now, aren’t you?
--
Jo Rhett
+1 (415) 999-1798
Skype: jorhett
Net Consonance : net philanthropy to improve open source and internet projects.
em not a single one provides a place to report a spam
sent by Yahoo.
Nutshell: Yahoo no longer accepts spam reports. I am therefore blocking Yahoo
on every mail gateway for which I have control, and listing them in the Pink
Providers blacklist effective immediately.
--
Jo Rhett
+1 (415) 999-1798
I've found that we persistently get more spam from their
netblocks, because they are actively avoiding dealing with it.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
marking spam and keeping scores, but
that's because years of personal experience demonstrated near-zero value. As
I have it configured today it works well without having to mark anything ;-)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other
randomness
rks. I'm looking at 3.3 carefully but nothing stands out.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Dec 19, 2009, at 9:23 AM, RobertH wrote:
you know, with all the duking it out on the list over some methods
and such,
where is Jo Rhett when you need him?
he was always short and to the point...
:-)
Eh? Whut? (in the manner of someone woken from sleep)
--
Jo Rhett
Net Consonance
er receive valid e-mail with
no text in it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
compile SA
rules, a package is created for the installed binaries. I don't see
the point myself since all the installed files are in a SA specific
directory.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Best Regards
--
[]'s
Thiago Henrique
Network Administration
Digirati Networks
K8 Networks
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
7, column 8: can't find symbol
command failed! at /usr/local/bin/sa-compile line 279, <$fh> line 3509.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
eceive all mail posted to it. Even non-
members can
read it all in archives.
He is acted as is common and expected. Others who, like you, don't
want private copies set Reply-To.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Dave, what are you complaining about? This thread went sideways
without my involvement. I was replying to someone else's query about
Benny's mail servers sending back random SPF failure backscatter
messages.
On Jun 26, 2008, at 5:22 PM, Dave Koontz wrote:
Jo, didn't you
sends
backscatter because he doesn't like the behavior, even though he could
easily configure his mailer so that when people hit reply it does what
he wants it to.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
source of backscatter, Benny.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
t the header address instead of
the envelope address.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Because it's a public mail server which gets legitimate mail
connections from all over the world.
I mean, why to accept connections from anything other?
I don't understand your question. My only answer you quoted above.
--
Jo Rhett
Net Consonance : consonant endings by net ph
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
reading the code it implies that maybe I should make
internal_networks explicitly defined (right now its implicit and
thus ==
trusted_networks) to be smaller than trusted networks. This will
probably solve my SPF problem. Is there a
Mostly works pretty
well that way ;-) This is why I want to avoid explicitly telling SA to
trust something it shouldn't if I can.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
oblem. Is there a reason
not to do this?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
x27;s a forged IP
and I don't trust it.
why to accept connecctions from anything but host B ?
Because it's a public mail server which gets legitimate mail
connections from all over the world.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
27;s return to securing SA properly.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
use this isn't
about networking, really. It's about SpamAssassin. I don't want my
spamassassin to trust something it shouldn't receive. That's the
nature of the question.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
st an IP
address which should never reach it?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
esign discussion and is
thus irrelevant in scope)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Jun 20, 2008, at 1:13 PM, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
on't trust anything that appears to be from the private network
that actually directly reaches my mail server. The mail server has no
ability to actually route a packet to that private network, so this is
clearly a forgery.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, op
That's the nature of the problem.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
ssibly set internal_networks to be less than trusted
hosts... that would likely fix it. But before I go "configure it all
wrong" tell me why this would be bad.
(no MX relays in our environment at all)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
autious,
but I'm not sure how you would think I'm doing it wrong?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Jun 20, 2008, at 12:23 PM, Henrik K wrote:
Jo, you are unbelievable in a funny way.
You always come up with dozens of posts seemingly with the attitude
"I must
be right". You don't configure things like they should be, and then
complain
that things don't work. Jus
ising number of 10.x packets make their way to
our hosts.
belt-and-suspenders: Even if it's unlikely for a 10.x packet to reach
the host, why should I trust it?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
hackery (although appreciate the
help) is kindof nonsense :-(
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
host won't add false headers to the e-mail. If you read the
description of trusted hosts, that's clearly what the rule is meant to
do.
trusted_hosts should mean "no, we really truly trust this host and
want everything it gives us"
--
Jo Rhett
Net Consonance : consonant
On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted
host
Henrik K wrote:
Matt, you should know better. ;) It&#
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated
on
an internal rfc1918 network and routed through a trusted host.
On Jun 20, 2008, at 10:37 AM, Benny Pedersen wrote:
netconsonance.com. IN TXT "v=spf1 ip4:64.13.1
w are you defining "external" in this context? What prevents
me from trusting an external hosts?
I don't actually have any "internal" hosts -- no NAT, no firewall,
it's all outside. There's hosts I trust, but none that aren't external.
--
Jo Rh
ompelling reason to not trust your internal hosts using 10/8?
Those internal hosts cannot connect to the mail server directly. Any
10.x address that does connect to the mailserver is guaranteed to be a
spammer.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
P=0.001, SPF_FAIL=3.5
Obviously, putting 10/8 into the published SPF record makes no sense
at all, nor does adding 10/8 to the trusted_networks.
So... how can I say "I trust Host B so much that I don't want to go
any farther for SPF checks?"
--
Jo Rhett
Net Conso
I'm beginning to think that this was a lark.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
pretends to be from our users, and I see no reason to
remove possible benefits of that distinction for mail that happens
to be addressed to the same user as it's addressed from.
You've presented good logic for acceping mail from self to self. But
you haven't explained by usin
logical sense to solve the problem.
If you do implement your fix and submit it, please make it an
option. I for one would turn it off since it would not improve
things here.
You are the first person to say so. Can you explain why?
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 21, 2008, at 1:08 PM, mouss wrote:
I read every document on their website, and saw zero mentions of
this feature.
if you can't find the docs that others have read, and still accuse
them of lack of research, there is a word for this: ridiculous.
Jo Rhett wrote:
There'
On May 22, 2008, at 1:23 PM, Dave Funk wrote:
Lots of users of this host have Windows PCs, and running SA on all
outbound mail has both alerted them quickly to the problem and
avoided nailing other people with spam and/or virus runs.
Genuine curiosity Jo, have you seen instances of viruses
running SA for SMTP-AUTH users is a hack much
like disabling a firewall and I won't do it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 22, 2008, at 7:29 AM, Jonas Eckerman wrote:
Jo Rhett wrote:
I'm not -- my Treo delivers mail directly to my mail server. From
DHCP-assigned addresses all over the world. I enjoy travel ;-)
Then I guess you use authenticated SMTP for that.
The easiest way to handle this probab
On May 21, 2008, at 1:44 PM, mouss wrote:
Good. Time for qmail to die ;-)
start by updating the RFCs.
The RFCs are, and have always been clear on how MX records are
supposed to be used.
Are you just a nonsense machine? The SA list's personal eliza run
through the borker?
e TCP session, not slowing the
responses. Bots already deal with slow replies, it's non-effective.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
was suggesting people actually read what's right
in front of them, not even asking that they search around. Your
insults are irrelevant to the topic here, and I won't put up with it.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
-researched opinions, so I try to flag them when I
see them so that someone else reading the thread will know that
"this isn't the overall impression of the list"
you'd better take time learning what research is.
now we're down to insults. *plonk*
--
Jo Rhett
Net
th this pointless conversation. Just stop
making authoritative statements about products you haven't researched.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
nothing more
than qmail does" which is clearly not true with even some basic
reading. This clearly indicates a lack of research.
I accept your accusation about my research IF you can please point me
to a document on FSL's website which addresses slowing down TCP
sessions. I can&#
On May 7, 2008, at 9:17 AM, mouss wrote:
what if he comes back later to the same MX, again and again (AFAIK,
this is the case with qmail)? mail will be lost.
Good. Time for qmail to die ;-)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other
thout breaking our internal auth schemes, but I will be doing so.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Jo Rhett wrote:
Matt, how can I possibly get you to move past this unfounded
assumption that my trust path is broken and focus on the real
problem? The trust path is not broken, it's just fine.
On May 20, 2008, at 5:47 PM, Matt Kettler wrote:
Ok, then the AWL code is *SEVERELY* b
n destination
address?
tools/check_whitelist
Where can I find this? It's not in the Mail-SpamAssassin tarfile...
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On May 20, 2008, at 10:51 AM, mouss wrote:
Jo Rhett wrote:
mouss, please do a little research
I did. I may get things wrong, and would be pleased to get
corrected. so please share your knowledge.
All I'm saying is that you're comparing what they are doing to things
which are n
at to do when an
"unknown mail server" contacts you is different in the approach.
greylist effectiveness is down to less than 10% effective at this
point, because the botnets know to retry now.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
s Ltd.
FYI: again, not affiliated and we're not using it either. But the
product is very well designed and it's a lot more clever/useful than
anything you're comparing it to.
I compare it to BarricadeMX and as I said, I think it is not so
clever.
Personal opinion.
Regards,
On May 19, 2008, at 11:43 PM, Koopmann, Jan-Peter wrote:
So yes: If their main "benefit" is tarpitting etc. then I agree it
probably is not worth the money or discussion.
Why is everyone willing to skip doing 5 minutes of research?
Mailchannels idea may not work for you. But it's worth doin
On May 19, 2008, at 2:05 PM, Benny Pedersen wrote:
On Mon, May 19, 2008 20:18, Ralf Hildebrandt wrote:
To be fair (I'm testing it right now): It's easy to get running.
Right now the Tarpit and slowdown features cannot be had in Postfix,
so I'm giving it a spin.
give longer greylist times will
mouss, please do a little research before you go online attacking
people. Your statements about what work and don't have no backup, and
go against all existing evidence today, and yet you're blasting them
for lack of serious study. Try to do some yourself.
On May 19, 2008, at 11:46 AM, mo
Let's focus this on specific technical details:
1. How does AWL deal with forgery (other than by saving a /16 of the
source IP)
2. How can I easily see the AWL database for a given destination
address?
On May 3, 2008, at 7:59 PM, Matt Kettler wrote:
Have you tried running one of the forged messages, and an actual
legitimate message through SA manually with the -D flag to see
what the trusted and untrusted hosts are, as SA sees it?
Yes. Many times. That's not the point of this thread.
I
this, but I
am suggesting that the AWL module should skip over self->self
messages. It seems too easy to forge, and no gain in doing so.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
s no trusted headers, then all messages are equally magic
to SA, and it will never distinguish mail you sent as compared to
mail an outsider forged as you.
Yes, it knows the localhost received header is valid. Basics of SA
setup 101. Now can we return to the topic?
--
Jo Rhett
Net Consona
the topic.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Apr 21, 2008, at 10:46 PM, Bob Proulx wrote:
Jo Rhett wrote:
Bob Proulx wrote:
Who to forge? The answer is "Everyone!" Any address that can be
You're going out of your way to miss the point. That's hard work
It is you who are missing the point. When spammers ge
atch
lhs for the forged sender. A few of my messages came from my other
accounts, many others (in the same spam run) came from people I
didn't know with the same lhs.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Justin Mason wrote:
hmm, I'm not sure. It depends on your trusted_networks setting.
try running "spamassassin -D" and see what it logs...
I'm sorry -- feeling dense, how is this supposed to help? From the
headers quoted below you know what spamassassin is seeing. There's
nothing in trust
Bob Proulx wrote:
Who to forge? The answer is "Everyone!" Any address that can be
obtained from a spam-virus infected PC and any address that can be
harvested from a web page. Forge them all. They are (mostly) valid
email addresses and will pass sender verification. Send To: and From:
all of
John Hardin wrote:
I'm only suggesting bypassing SA for mail that originates on the local
network and is destined to the local network.
No. I don't trust every user who can authenticate to this host to run
active anti-virus on their hosts. I scan all mail, everywhere.
And again, this isn'
Matt Kettler wrote:
There's
nothing in trusted networks, I don't trust anything...
Jo, that's impossible in spamassasin. You cannot have an empty trust, it
doesn't make any logical sense, and would cause spamassassin to fail
miserably.
I should rather have said trust is
, reduce
the TTL on that record.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
s SA skips the first Received header
and goes to the previous one. That's why I asked the question about
which IP is used.
This is usually true, but forging your own address is trivial.
yep, but ip should still limit the problem very much
I agree.
--
Jo Rhett
Net Consonance :
wer is a fix in the module.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
host, so problem is ?
Sorry, I don't understand your question.
I also don't see the value in having every possible mail account need
a setting like this manually inserted. That's why I'm asking about a
fix in the module...
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
velope-from [EMAIL PROTECTED])
X-Virus-Scanned: amavisd-new at netconsonance.com
X-Spam-Flag: NO
X-Spam-Score: -0.72
X-Spam-Level:
X-Spam-Status: No, score=-0.72 tagged_above=-999 required=3.8
tests=[ALL_TRUSTED=-1.44, AWL=0.720]
From: "Jo Rhett" <[EMAIL PROTECTED]>
Subje
y to forge.
Easy to forge, but who to forge? Hard for a spammer to know who I
correspond with frequently. Myself is the only one a spammer could
guess.
Again, not debating its merits just the implementation.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
g all the reports to yourself first.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
nned: amavisd-new at netconsonance.com
X-Spam-Flag: NO
X-Spam-Score: -0.72
X-Spam-Level:
X-Spam-Status: No, score=-0.72 tagged_above=-999 required=3.8
tests=[ALL_TRUSTED=-1.44, AWL=0.720]
From: "Jo Rhett" <[EMAIL PROTECTED]>
Subject: test awl
Date: 01 Apr 2008 13:14:00 -07
usually true, but forging your own address is
trivial.
On Mar 28, 2008, at 6:48 PM, Benny Pedersen wrote:
On Sat, March 29, 2008 02:09, Jo Rhett wrote:
I send myself a lot of email from my phone. So AWL properly scores
me well.
and the sender ip with a fuss of /16
I just got a piece of
On Mar 28, 2008, at 6:21 PM, Theo Van Dinter wrote:
On Fri, Mar 28, 2008 at 06:09:03PM -0700, Jo Rhett wrote:
I think that mail from self to self should be ignored by the AWL.
(it's harder to forged mail from a regular correspondent, so this
makes AWL more useful)
If you know the mail is
gular correspondent, so this
makes AWL more useful)
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
se their own servers, etc etc.
As more and more people do more and more of their e-mail from hand-
held devices, this problem only gets worse.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
which means that the user will never know that their session
was intercepted.
Yes, this means man-in-the-middle is trivial. No kidding. Beat up
the mail client creators.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
rizon force you to use their mail servers.
Some other data providers are now doing transparent proxy on outbound
e-mail. In short, the user can't always control that.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
ystem with Amavis/SA processes that much mail PER HOUR without
breaking a sweat. No MTA-level RBLs.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
ROTECTED]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
On Sep 23, 2007, at 5:17 PM, Michael Scheidell wrote:
Anyone have an answer that isn't obvious?
I already said I can't put it on the proxy.
No, you didn't. You mentioned that as an option.
And stop being rude to people who answer the question you asked.
--
Jo Rhett
e, it breaks some of the things I mentioned
above.
Anything else I missed?
Any solutions other then take the proxy server out and replace it with
the SpamAssassin/MTA combo?
--
Jo Rhett
Net Consonance ... net philanthropy, open source and other randomness
was the easiest way to (a) snap into sendmail without using a
separate front-end scanner and (b) had useful end-user tools for
managing spam controls.
That said, it does white/black/etc listing in its own databases, not
the SA ones, etc etc. So research it.
--
Jo Rhett
Net Consonance : co
code of that module.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
files.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
d -o
content_filter=smtp:[127.0.0.1]:10024
Filtering the localhost generated mails.
But I donno if it's the right approach.
Any help appreciated
Cheers
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
L and bayes are stored in MySQL
tables.
It seems to mostly help when it drops the message into a file for
clamav to scan.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
you're using something more IO-intensive.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
1 - 100 of 308 matches
Mail list logo
