El 2 Oct 2002 a las 16:13, Rossz Vamos-Wentworth escribió: > > I use TMDA and simply add to its blacklist_wildcards list > > entries like *@=.kn (bye-bye North Korea) I currently limit its use > > in this way to rogue states. > > Doesn't that method filter after receipt? Also, doesn't it let through > forged headers? As I previously stated, I prefer to block at the mta > whenever possible. > > My blocklists are currently limited to spamhaus.org (rogue isp's), > china, north korea, nigeria, and all of infolink (they pissed me off by > ignoring my complaints). I've avoided using SPEWS because I > find them to be just a bit on the overzealous and fanatical side (if > SPEWS ran our justice system, it would be "better to convict 100 > innocents rather than let a single guilty person slip past").
Aren't you contradicting?... by limiting a whole country or ISP you are kinda doing the same thing SPEWS does and increasing the possibility of having collateral damage... only, maybe worse... Since infolink pissed you off, every infolink customer is prevented to send mail to you... they might change ISP or protest to infolink (not to you, since you're not accepting mail from them), but that is precisely what SPEWS thrives for... What's worse, if I lived in China, I could not move to another country as easly as you can change your ISP, could I? I'm not saying it's good or bad to do. You do what you please with your mail server, to the extent that the server is yours... if it belongs to an organization, you should verify that with the organization policy, if you're an ISP, your customers might well not be delighted if you started dropping legit messages... imagine some client of the ISP doing business with a Nigerian party. What I'm saying is that the use of RBL's that mark all of a country or ISP is analogous to using SPEWS at least in terms of possible collateral damage. The country I live and work in (and my IP address) is listed in http://blackholes.us/zones/country/argentina.txt as you can verify, and, even though I KNOW there are lots of spammers (in fact, the main problem is with a few very "professional" ones), there are also lots of legitimate users who do business and exchange messages with people all over the world... the moment you block my country, you block all of them. As a sidenote... some time ago I sent a message to someone working in the European Concilium and it bounced back saying I'm a spam source... After doing a lot of tests from different providers and free webmails, and even from my own mail server, I noticed that they were blocking envelope addresses ending in ".ar"... If I forged my envelope address, they wouldn't block it, but any legit mail coming from an Argentine address was bounced... They changed that after I had a mail dialog with one of the administrators, but the point is that an international organization that has relationships with Argentina started rejecting all legit mail from Argentina because of a couple of spam floods coming from here. DO evaluate risks before using one of the http://blackholes.us/ RBL's and, at least, give them a similar treatment (and weight) that you do with SPEWS, since they do, by definition, include inocent in them. OTOH, I think http://blackholes.us/ is an EXCELENT source of info for tagging... you can trace messages geographically and isp-ally... -- Mariano Absatz El Baby ---------------------------------------------------------- Who is General Failure and why is he reading my disk? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
