--On Wednesday, August 29, 2007 1:58 AM -0400 Aaron Wolfe
<[EMAIL PROTECTED]> wrote:
The first 24 hours seemed promising. However today (tues) we have two
false positives, including one of their banks (!) and a small business
that is their long time customer.
It's scary that a bank has such a
On 8/27/07, Marc Perkel <[EMAIL PROTECTED]> wrote:
>
>
>
> Andy Sutton wrote:
>
> On Mon, 2007-08-27 at 12:59 -0700, Marc Perkel wrote:
>
> I've not run into a single instance where a legit server only tried
> the lowest MX. However, if I did there's a simple solution. If the
> fake lowest MX poin
David B Funk wrote:
I guess I didn't make my question clear enough;
How do you deal with mail from legit servers that are blocked by this
configuration?
(IE servers that for what ever reason will ONLY try the first mx, thus
failing to get past your fake MX.)
well, rfc mandates that they try
Andy Sutton wrote:
On Mon, 2007-08-27 at 12:59 -0700, Marc Perkel wrote:
I've not run into a single instance where a legit server only tried
the lowest MX. However, if I did there's a simple solution. If the
fake lowest MX points to an IP on the same server as the working MX
then you can us
On Mon, 2007-08-27 at 12:59 -0700, Marc Perkel wrote:
> I've not run into a single instance where a legit server only tried
> the lowest MX. However, if I did there's a simple solution. If the
> fake lowest MX points to an IP on the same server as the working MX
> then you can use iptables to block
On Mon, 27 Aug 2007, Marc Perkel wrote:
> David B Funk wrote:
> > On Mon, 27 Aug 2007, Marc Perkel wrote:
> >
> >> There aren't any false positives. That's what is so great about this trick.
> >>
> >
> > I guess I didn't make my question clear enough;
> > How do you deal with mail from legit serve
David B Funk wrote:
On Mon, 27 Aug 2007, Marc Perkel wrote:
David B Funk wrote:
On Sun, 26 Aug 2007, Marc Perkel wrote:
If you have one MX and you create a fake low MX and a fake high MX (or
many fake high MX) about 75% to 95% of your spam goes away. It's that
simple.
On Mon, 27 Aug 2007, Marc Perkel wrote:
> David B Funk wrote:
> > On Sun, 26 Aug 2007, Marc Perkel wrote:
> >
> >> If you have one MX and you create a fake low MX and a fake high MX (or
> >> many fake high MX) about 75% to 95% of your spam goes away. It's that
> >> simple.
> >
> > How do you deal
If you have one MX and you create a fake low MX and a fake high MX (or
many fake high MX) about 75% to 95% of your spam goes away. It's that
simple.
How do you deal with the false-positives, legit servers that are blocked
by this configuration?
There aren't any false positives. That
David B Funk wrote:
On Sun, 26 Aug 2007, Marc Perkel wrote:
If you have one MX and you create a fake low MX and a fake high MX (or
many fake high MX) about 75% to 95% of your spam goes away. It's that
simple.
How do you deal with the false-positives, legit servers that are blocked
b
On 27/08/07 12:19, martin f krafft wrote:
> also sprach mouss <[EMAIL PROTECTED]> [2007.08.26.1930 +0200]:
>> Indeed. reject != score. Moreover, I wouldn't put
>> - MX => private IP
>> - MX = "*.mx.*"
>
> Why *.mx.*?
>
> I happen to run all my MX as ?.mx.$my_domain and there is no reason
> why th
also sprach mouss <[EMAIL PROTECTED]> [2007.08.26.1930 +0200]:
> Indeed. reject != score. Moreover, I wouldn't put
> - MX => private IP
> - MX = "*.mx.*"
Why *.mx.*?
I happen to run all my MX as ?.mx.$my_domain and there is no reason
why this should be indicative of anything.
--
martin;
On Sun, 26 Aug 2007, Dave Pooser wrote:
>
> Except that I can verify addresses after checking blacklists, RDNS and other
> checks to make dictionary attacks harder on the spammers. It may be possible
> to put ACLs on VRFY in Exim, but I haven't looked into it.
I don't believe dictionary attacks ar
Marc Perkel wrote on Sun, 26 Aug 2007 17:36:55 -0700:
> So - who wan's to prove me wrong?
I'm sorry, but all the measures I take are not as restrictive as yours but
still I reject 90% or so of the spam before SA time. So, I don't see why I
should use wrong MXs, it's simply not necessary.
Anywa
Kenneth Porter wrote on Sun, 26 Aug 2007 12:39:44 -0700:
> Publishing a private address in a public MX record can lose mail. If the
> outside sender is using the same private address for his own mail server,
> then that server will either see a routing loop (since it's being told by
> MX that i
Marc Perkel wrote:
Kai Schaetzl wrote:
Duane Hill wrote on Sat, 25 Aug 2007 22:29:50 + (UTC):
What happens if the remote MX is within a private IP range? Should I
accept that message, knowing fully, the recipient would never be able to
respond?
This feature looks fine on first
On Sun, 26 Aug 2007, Marc Perkel wrote:
> If you have one MX and you create a fake low MX and a fake high MX (or
> many fake high MX) about 75% to 95% of your spam goes away. It's that
> simple.
How do you deal with the false-positives, legit servers that are blocked
by this configuration?
--
--On Sunday, August 26, 2007 5:31 PM -0700 Marc Perkel <[EMAIL PROTECTED]>
wrote:
If you have one MX and you create a fake low MX and a fake high MX (or
many fake high MX) about 75% to 95% of your spam goes away. It's that
simple.
I can do better. If I unplug my network cable, 100% of my spam
Kai Schaetzl wrote:
Marc Perkel wrote on Sat, 25 Aug 2007 13:51:43 -0700:
I'm using it on 1600 domains and I've eliminated all
my spam bot spam.
Yeah, yeah, Marc, we know that, you don't have to repeat it each and every
week :-)
Kai
While you guy all talk about it - I've do
Kai Schaetzl wrote:
Duane Hill wrote on Sat, 25 Aug 2007 22:29:50 + (UTC):
What happens if the remote MX is within a private IP range? Should I
accept that message, knowing fully, the recipient would never be able to
respond?
This feature looks fine on first glance, but on seco
On 8/26/2007 11:36 PM, John D. Hardin wrote:
On Sun, 26 Aug 2007, Nikolay Shopik wrote:
Just parse received headers in attached message in backscatter.
You can easily see what this message sent not by your server and
you can reject such backscatter, because you never sent such
messages.
Not t
On 8/26/2007 11:36 PM, John D. Hardin wrote:
On Sun, 26 Aug 2007, Nikolay Shopik wrote:
Just parse received headers in attached message in backscatter.
You can easily see what this message sent not by your server and
you can reject such backscatter, because you never sent such
messages.
Not t
--On Sunday, August 26, 2007 11:31 AM +0200 Kai Schaetzl
<[EMAIL PROTECTED]> wrote:
For instance the two MX
setup where one machine is behind a firewall and a gateway machine is
first MX and forwards to the machine behind the firewall. This is an
accepted setup. Couldn't I achieve the same th
On Sun, 26 Aug 2007, Nikolay Shopik wrote:
> Just parse received headers in attached message in backscatter.
> You can easily see what this message sent not by your server and
> you can reject such backscatter, because you never sent such
> messages.
Not true any longer. The joe job I've been suf
Kai Schaetzl wrote:
Michael Scheidell wrote on Sun, 26 Aug 2007 09:54:16 -0400:
Look for 'bogusmx' blacklist.
criteria are different.
Indeed. reject != score. Moreover, I wouldn't put
- MX => private IP
- MX = "*.mx.*"
- MX = CNAME or MX=IP
at the same level.
anyway, Michael has
> -Original Message-
> From: Kai Schaetzl [mailto:[EMAIL PROTECTED]
> Sent: Sunday, August 26, 2007 12:31 PM
> To: users@spamassassin.apache.org
> Subject: Re: Posioned MX is a bad idea [Was: Email forwarding
> and RBL trouble]
>
>
> Michael Scheidell wrot
On 8/26/2007 4:57 AM, Rob McEwen wrote:
Marc,
Overall good answers... but about six months ago, one of my users was
joe jobbed in "biblical proportions"... in this case, the spammer chose
this one "real" address and that spammer must have either sent the bots
this info, or pre-programmed the
On 8/26/2007 12:08 AM, John Rudd wrote:
mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You could at least
add some m
Michael Scheidell wrote on Sun, 26 Aug 2007 09:54:16 -0400:
> Look for 'bogusmx' blacklist.
criteria are different.
BTW: please consider using a client that is not broken. Your client
doesn't include threading information.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Interne
> On Sat, 25 Aug 2007, Dave Pooser wrote:
>>
>> So do you run your servers with VRFY enabled?
>
> Yes. If you are verifying addresses at RCPT time, which you must to avoid
> spam blowback, then there's no point disabling VRFY.
Except that I can verify addresses after checking blacklists, RDNS an
> -Original Message-
> From: mouss [mailto:[EMAIL PROTECTED]
> Sent: Saturday, August 25, 2007 3:52 PM
> To: users@spamassassin.apache.org
> Subject: Re: Posioned MX is a bad idea [Was: Email forwarding
> and RBL trouble]
>
> sure, which may lead to the
Kai Schaetzl wrote:
Duane Hill wrote on Sat, 25 Aug 2007 22:29:50 + (UTC):
What happens if the remote MX is within a private IP range? Should I
accept that message, knowing fully, the recipient would never be able to
respond?
This feature looks fine on first glance, but on second
John Rudd wrote:
mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You could at least
add some more backup MXs (that do
Marc Perkel wrote on Sat, 25 Aug 2007 13:51:43 -0700:
> I'm using it on 1600 domains and I've eliminated all
> my spam bot spam.
Yeah, yeah, Marc, we know that, you don't have to repeat it each and every
week :-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services
Marc Perkel wrote on Sat, 25 Aug 2007 15:33:46 -0700:
> You have to do SAV right. I
It doesn't matter what you do to reduce the load of SAV, this doesn't
eliminate the basic problem with SAV at all.
> And - more importantly - spammers don't use my donains to spam others
> because my servers a
On Sat, 25 Aug 2007, Dave Pooser wrote:
>
> So do you run your servers with VRFY enabled?
Yes. If you are verifying addresses at RCPT time, which you must to avoid
spam blowback, then there's no point disabling VRFY.
Tony.
--
f.a.n.finch <[EMAIL PROTECTED]> http://dotat.at/
IRISH SEA: SOUTHERL
Duane Hill wrote on Sat, 25 Aug 2007 22:29:50 + (UTC):
> What happens if the remote MX is within a private IP range? Should I
> accept that message, knowing fully, the recipient would never be able to
> respond?
This feature looks fine on first glance, but on second I think this is
dangero
Marc,
Overall good answers... but about six months ago, one of my users was joe
jobbed in "biblical proportions"... in this case, the spammer chose this
one "real" address and that spammer must have either sent the bots this
info, or pre-programmed the bots. When the spam run started, this pa
On Sat, 25 Aug 2007, Marc Perkel wrote:
> Rob McEwen wrote:
>
> > (2) On the other hand, consider the scenerio where a single e-mail
> > address is Joe Jobbed in millions of spams... and that address is
> > valid (and this is quite common as worms play musical chair with
> > infected computers
Rob McEwen wrote:
Marc Perkel said:
If someone is sending email using one of my domains I want people
verifying the sender addresses. That way spam that is spoofing my
domains won't get delivered.
Marc:
(1) Sure, this covers spoofing where the alias is invalid for that
domain, but it does
On Sat, 25 Aug 2007 at 13:42 -0700, [EMAIL PROTECTED] confabulated:
Duane Hill wrote:
On Sat, 25 Aug 2007 at 13:08 -0700, [EMAIL PROTECTED] confabulated:
Further, how does check_sender_mx_access differ from Sender Address
Verification (SAV)? (where SAV is an INCREDIBLY bad idea, and a blight
Marc Perkel said:
If someone is sending email using one of my domains I want people
verifying the sender addresses. That way spam that is spoofing my domains
won't get delivered.
Marc:
(1) Sure, this covers spoofing where the alias is invalid for that domain,
but it doesn't do anything about
> If
> someone is sending email using one of my domains I want people verifying
> the sender addresses.
So do you run your servers with VRFY enabled?
--
Dave Pooser
Cat-Herder-in-Chief
Pooserville.com
"Jon, the CIA's credibility has never been lower. Crazy people no longer
believe the CIA is imp
John Rudd wrote:
mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You could at least
add some more backup MXs (that
Nikolay Shopik wrote:
On 8/26/2007 12:08 AM, John Rudd wrote:
mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You cou
mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You could at least
add some more backup MXs (that don't exist) on to
Duane Hill wrote:
On Sat, 25 Aug 2007 at 13:08 -0700, [EMAIL PROTECTED] confabulated:
Further, how does check_sender_mx_access differ from Sender Address
Verification (SAV)? (where SAV is an INCREDIBLY bad idea, and a blight
upon the internet)
(meaning: if check_sender_mx_access is just the
On Sat, 25 Aug 2007 at 13:08 -0700, [EMAIL PROTECTED] confabulated:
Further, how does check_sender_mx_access differ from Sender Address
Verification (SAV)? (where SAV is an INCREDIBLY bad idea, and a blight upon
the internet)
(meaning: if check_sender_mx_access is just the postfix name for SA
mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You could at least
add some more backup MXs (that don't exist) on top
Kai Schaetzl wrote:
Mouss wrote on Sat, 25 Aug 2007 16:51:07 +0200:
check_sender_mx_access.
this won't detect MX hostnames resolving to valid but not reachable IP
no.s.
sure, which may lead to the creation of a dedicated blacklist.
Mouss wrote on Sat, 25 Aug 2007 16:51:07 +0200:
> check_sender_mx_access.
this won't detect MX hostnames resolving to valid but not reachable IP
no.s.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having just
one
Unfortunately, backup MXes attract spammers :-(. You could at least add
some more backup MXs (that don't exist) on top of that, that
52 matches
Mail list logo
