On Mon, 2008-09-22 at 10:58 -0500, Matt wrote:
> >> > I had the same issue and found that the system that's relaying
> >> > (216.129.105.40) those confirmation emails doesn't have a PTR record.
> >> > You'd think someone selling a antispam/email appliance would be familiar
> >> > with the RFCs.
>
Justin Mason wrote ... (9/22/2008 11:29 AM):
> In fairness -- if you drop mail with no rDNS, you are dropping 3.6% of
> legit email in general, going by the test results for our RDNS_NONE
> rule... ;)
>
> --j.
>
Thanks for that stat Justin. I was always curious what others were
seeing here. A
On Mon, 2008-09-22 at 11:24 +0100, Chris Russell wrote:
> > The problem is in false positives - you won't get any mail with it
>
> I've had servers listed on Barracuda before, despite 17 emails to their
> support systems we never had any response, and had to change a customers
> mail architectur
Err, the default behaviour is NDR's are off, in fact.
On Mon, 2008-09-22 at 10:08 -0700, fchan wrote:
> You can set up Barracuda to not to reply to spam which is default
> behavior, which I hate. This is the backscatter we all experienced
> from Barracuda devices. I set one up for a friend but i
This would probably only reach the list??? I have a dynamic IP-address and
no reverse DNS. I use Outlook Express as client.
--
Regards
Lars Ebeling
http://leopg9.no-ip.org
Hobbithobbyist
"It is better to keep your mouth shut and appear stupid than to open it and
remove all doubt."
-- Mark Tw
On 9/21/2008 8:51 AM, Jeff Chan wrote:
[Pardon the spam; thought this new blacklist might be worth at
least trying.]
Apparently Barracuda will be publishing a free-to-use sender
blacklist called BRBL:
http://www.barracudacentral.org/rbl
Haven't tried it myself but thought it may be of intere
> I've had servers listed on Barracuda before, despite 17 emails to
their
> support systems we never had any response, and had to change a
customers
> mail architecture to compensate.
>
> Very wary of them ..
>
> Chris
>
>
> That would be because they were spamming then. Shame on you.
Thats
This will actually work. I've been involved in a university experiment doing
this for over a year now. Simply put, trying to create a list of new spammer
domains is a "count to infinity" problem. Creating a list of old domains is
not.
Jeff Moss
From: Mar
Marc Perkel wrote:
Ken A wrote:
Marc Perkel wrote:
I don't know how this will work but I'm building the data now. For
those of you who are familiar with Day old bread lists to detect new
domains, as you know there's a lag time in the data and they often
don't have data from all the registri
Yet Another Ninja wrote:
On 9/21/2008 8:51 AM, Jeff Chan wrote:
[Pardon the spam; thought this new blacklist might be worth at
least trying.]
Apparently Barracuda will be publishing a free-to-use sender
blacklist called BRBL:
http://www.barracudacentral.org/rbl
Haven't tried it myself but t
Yet Another Ninja wrote:
FIW:
12 hr stats / tiny traffic trap box - no ham
I use a couple of DNSWLs to reject traffic from potential hammy IPs
RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
1RCVD_BARRACUDA 19721 83.30 83.46 8.00
Spam detection seem
On Tue, 23 Sep 2008, Rob McEwen wrote:
Or, these could be "False-False Positives"... which is a very good thing
because that would mean that those were really spams that would have
scored "below threshold" without use of the new list. (or, some mix of
these two)
So, for the purposes of an an
>> Everyone should block/defer ALL email with no reverse DNS. Then maybe
>> those email admins would get a clue.
>>
>
> We tried,
> But when the client yells "I am losing my mails", you got to change
> your rules
We had same experience as well. But I still think it should be done,
even though w
On 9/23/2008 5:12 PM, Johnny Stork wrote:
Yet Another Ninja wrote:
On 9/21/2008 8:51 AM, Jeff Chan wrote:
[Pardon the spam; thought this new blacklist might be worth at
least trying.]
Apparently Barracuda will be publishing a free-to-use sender
blacklist called BRBL:
http://www.barracudacen
John Hardin wrote:
On Tue, 23 Sep 2008, Rob McEwen wrote:
Or, these could be "False-False Positives"... which is a very good
thing because that would mean that those were really spams that would
have scored "below threshold" without use of the new list. (or, some
mix of these two)
So, for the
John Hardin writes:
> On Tue, 23 Sep 2008, Rob McEwen wrote:
>
> > Or, these could be "False-False Positives"... which is a very good thing
> > because that would mean that those were really spams that would have
> > scored "below threshold" without use of the new list. (or, some mix of
> > th
Matt wrote:
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with the RFCs.
That would explain why I got no confirmation, we do not accept
> This would probably only reach the list??? I have a
> dynamic IP-address and no reverse DNS. I use Outlook
> Express as client.
Your smart host (mc.sverige.net (Sverige.Net Mail server v2.1.3)) has a rDNS,
so no problems.
My SA did not report missing rDNS from this mail.
>
>
>> Justin M
Jesse Stroik wrote:
There are plenty of places still using mail gateways where the mail
server used for sending is still on an internal network, for a variety
of legitimate reasons, and those mail servers may resolve to a private
address. If you discard all mail with no appropriate reverse DNS
Jesse Stroik wrote:
> Matt wrote:
> >
> > Everyone should block/defer ALL email with no reverse DNS. Then
> > maybe those email admins would get a clue.
>
> No, they shouldn't.
>
> There are plenty of places still using mail gateways where the mail
> server used for sending is still on an inter
Everyone should block/defer ALL email with no reverse DNS. Then maybe
those email admins would get a clue.
AOL.com does just that.
No, they don't, really. They 'may' do that (see below). Try it.
Effective immediately: AOL
220- may no longer accept connections from IP addres
At 11:24 23-09-2008, Kris Deugau wrote:
I can't think of ANY reasons (beyond sysadmin and/or ISP
incompentence) that a public IP originating legitimate SMTP traffic
should not have a reverse DNS entry. (Never mind a properly-formed
one, a whole other argument on its own.)
There was a mailing
Kris Deugau wrote:
Jesse Stroik wrote:
There are plenty of places still using mail gateways where the mail
server used for sending is still on an internal network, for a variety
of legitimate reasons, and those mail servers may resolve to a private
address. If you discard all mail with no app
Bowie,
What does having the mail gateway on an internal network have to do with
anything? If it is going to send mail to the Internet, then it must
have a public IP address in order to do so. This address may be local
to the machine or it may be translated by a router or firewall, but
either
Ken A wrote:
> Marc Perkel wrote:
>>
>>
>> Ken A wrote:
>>> Marc Perkel wrote:
I don't know how this will work but I'm building the data now. For
those of you who are familiar with Day old bread lists to detect
new domains, as you know there's a lag time in the data and they
oft
On Tue, 23 Sep 2008, Joseph Brennan wrote:
Everyone should block/defer ALL email with no reverse DNS. Then maybe
those email admins would get a clue.
AOL.com does just that.
No, they don't, really. They 'may' do that (see below). Try it.
Effective immediately: AOL
220- may
Jesse Stroik wrote:
In my experience, I've come across exchange servers in private networks
behind mail gateways that were the originating server. In this case,
whether or not you and I think it is a poor configuration, it is a
legitimate SMTP configuration via the RFC and it will have no
rev
> The originating mail server could have a private address of, for
> example, 172.17.1.60, for exmaple. It could then send that message
> through another SMTP server that trusts the internal server. And now
> you've got 172.17.1.60 in your headers as the originating server and
> that doesn't (and
Jesse Stroik wrote:
> Bowie,
>
>
> > What does having the mail gateway on an internal network have to do
> > with anything? If it is going to send mail to the Internet, then
> > it must have a public IP address in order to do so. This address
> > may be local to the machine or it may be transla
Jesse Stroik wrote:
Kris Deugau wrote:
Jesse Stroik wrote:
There are plenty of places still using mail gateways where the mail
server used for sending is still on an internal network, for a
variety of legitimate reasons, and those mail servers may resolve to
a private address. If you discard
Jesse Stroik wrote:
Bowie,
What does having the mail gateway on an internal network have to do with
anything? If it is going to send mail to the Internet, then it must
have a public IP address in order to do so. This address may be local
to the machine or it may be translated by a router or
> -Original Message-
> From: Kris Deugau [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 23, 2008 3:27 PM
> To: users
> Subject: Re: New free blacklist: BRBL - Barracuda Reputation Block List
>
> IMO there's little excuse not to have *some* kind of rDNS on
> every single IP delegated
Jason Bertoch wrote:
-Original Message-
From: Kris Deugau [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2008 3:27 PM
To: users
Subject: Re: New free blacklist: BRBL - Barracuda Reputation Block List
IMO there's little excuse not to have *some* kind of rDNS on
every single IP del
Hi guys..
I would have expected to find this one so quickly, I tell you, either
my google skills are on hold this week, or its not a common question at all!!
How do i tell is sa-update is working?
I assume either i can check a file date somewhere, or a log file, but
tried looking about, and
Nathan wrote:
Hi guys..
I would have expected to find this one so quickly, I tell you, either
my google skills are on hold this week, or its not a common question
at all!!
How do i tell is sa-update is working?
I assume either i can check a file date somewhere, or a log file, but
tried loo
Nathan wrote:
Hi guys..
I would have expected to find this one so quickly, I tell you, either my
google skills are on hold this week, or its not a common question at all!!
How do i tell is sa-update is working?
I assume either i can check a file date somewhere, or a log file, but
tried look
Thanks all of you..
Found it!!
It seems I am running it from a cron, and all is working.. I was
just concerned as the amount of spam getting through seems to be increasing..
I guess I need to read more and tweak stuff!!
So, you may have guessed I am not good at this!!
What should a newbie
Nathan wrote:
>
> What should a newbie look at first, tweak, learn to do with
> Spamassassin, to get better results?? where should I apply my
> limited research skills? or what should I look into that will make
> this a more effective system for my users?
>
> I guess I am looking for the lists t
Getting back to the subject...can anyone enlighten us to the efficacy of
this DNSBL? For example, how does it compare to zen.spamhaus.org, varius
DUL type lists, etc. I would love to reject more before SA gets involved.
James Smallacombe PlantageNet, Inc. CEO and Janitor
SM wrote:
At 11:24 23-09-2008, Kris Deugau wrote:
I can't think of ANY reasons (beyond sysadmin and/or ISP
incompentence) that a public IP originating legitimate SMTP traffic
should not have a reverse DNS entry. (Never mind a properly-formed
one, a whole other argument on its own.)
There wa
On Tue, 2008-09-23 at 17:21 -0400, [EMAIL PROTECTED] wrote:
> Getting back to the subject...can anyone enlighten us to the efficacy of
> this DNSBL? For example, how does it compare to zen.spamhaus.org,
It hits significantly more spam than zen.spamhaus.org
On my primary mx, today I had 94 mails
Nathan <[EMAIL PROTECTED]> wrote:
> It seems I am running it from a cron, and all is working.. I was just
> concerned as the amount of spam getting through seems to be increasing..
>
> I guess I need to read more and tweak stuff!!
>
> So, you may have guessed I am not good at this!!
>
> What sho
On Tue, September 23, 2008 09:00, ram wrote:
> On Mon, 2008-09-22 at 10:58 -0500, Matt wrote:
>> Everyone should block/defer ALL email with no reverse DNS. Then maybe
>> those email admins would get a clue.
> We tried, But when the client yells "I am losing my mails", you got to
> change your rul
How do you tell if sa-update is running successfully? I am running it right
now (under Windows) but I don't know how to confirm that it is running. I
ran with the -D option but I don't understand all of the things that it is
reporting (no apparent error messages). Is there a file date and time
\
> It hits significantly more spam than zen.spamhaus.org
>
> On my primary mx, today I had 94 mails that hit a zen list but not brbl,
> 591 that hit a zen list and brbl, and 8042 that hit brbl but not zen.
>
> I am checking -lastexternal addresses only.
>
> Looking through the 2400 or so domain
45 matches
Mail list logo
