John, clearly you have a special case. For me the DYNABLOCK test is significant, and I'll explain why.
An ISP puts its blocks of IP addresses that are dynamically assigned into the black list because those addresses should not be sending mail directly. It's a way to enforce their terms of service. The specific reason is because that's how many spam generating programs work -- by operating as an SMTP server and sending email direct to destination MX hosts, bypassing the ISP's SMTP server. In my instance, if an email arrives at my SMTP server from a dynamic IP address block, it's almost certainly spam. In your instance, you may need to zero out the score for that test. I imagine you also have to be careful that you're not operating an open relay. :) Best regards, Mojo On Wed, 1 Oct 2003, VonEssen, John wrote: > Matt, > > Thanks for the clarification - it explains a few things. > > The reason for all this is because I provide "out-sourced" email > services to people who are willing to pay for added features like Spam > and Virus filtering. > > Most of my clients connect to the internet via DSL or Cable (Comcast). > We then reconfigure their outlook client to use my POP and SMPT server. > > This would explain why all my Comcast clients are testing positive for > DYNABLOCK. Their client IP is something like 68.80.102/24 and then they > relay through SMTP:64.239.136/24 > > Given your info, I am still confused why this test is in SA with a > significant score. Tons of people legitimately relay to mails hosts that > are off their network: > > - people who use a third party hosting company for @theirdomain.com > email > - ISP's who resell Verizon etc.,. DSL services and then uses their own > mail/dns/web servers. For example, www.kauailink.net - I setup their SA > stuff and they support DSL clients that they bill, even though they > don't own/run the DSL network - they just resell. > > I just don't understand why this test is significant. Especially with > the release of 2.60 it seems there are more and more RBL's. Its tough to > keep track of what does what, and how significant each one is in > reality. > > -John > > -----Original Message----- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 01, 2003 11:21 AM > To: VonEssen, John; [EMAIL PROTECTED] > Subject: Re: [SAtalk] dynablock confusion... > > First, most of your message has a lot of misconceptions about dynablock, > > and SA's use of it. It's also very long so, I'm just going to leave it > out, > and reply to your points of confusion free-form. > > Dynablock does not block spamsources. It lists the IPs of dialups, > cablemodems, and DSL, regardless of wether or not they've sent spam > before > or not. Period. See http://basic.wirehub.nl/dynablocker.html > > The purpose of dynablock is to block those users who do not send mail > via > their relay. It is not intended to be used to block dialup users that do > > send via their proper mail relay. > > SA should be checking every IP except the first IP in the received > chain. > It should skip the very first IP, so that it does not check the hand-off > > from their machine, to their ISP's mailserver. If you've got an example > where it has in fact checked the first IP (despite the code explicitly > avoiding doing so) then there's a bug in SA's handling. > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > -- Morris Jones <*> San Rafael, CA [EMAIL PROTECTED] http://www.whiteoaks.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
