rich...@buzzhost.co.uk wrote:
On Tue, 2009-06-23 at 09:29 -0400, Jeff Moss wrote:
WHAT? Sorbs and Spamhaus are polar opposites. Spamhaus is a great
organization while SORBS is a POS that helped give all blacklists a
bad name.
I don't know if SpamAssassin has ever used it.
I respect any block list for targeting those that abuse email systems
and this includes sorbs and spamhaus. I do wonder (and I don't want to
start a war here) if Spamhaus is totally above board or can get 'dirt in
their eyes'. The reason I wonder is stuff like this in my logs appearing
every day, day in day out. Never opted in. Addresses long since dead,
asking to 'removed' just add more and more attempts. I grew so tired of
spamhaus missing them, I set up a local blocklist zone in Bind to take
care of them.
It does make you wonder why they never seem to end up on any of the
spamhaus lists. Perhaps they are brilliant list washers ?
Same here - I see lots of these and they don't score on many lists
(sometimes barracuda hits them). This is snowshoe spam from whole
netblocks of throwaway domains trickled out at one per day from any one
domain/IP. From what I see they only hit legitimate addresses that exist
(or once existed) with no randomly guessed addresses. As you mention,
they also monitor delivery success and ramp up once they find a live
one. OTOH I've not really see much evidence to suggest they back off or
go away when unsuccessful, i.e, rejected at smtp level. I have one
client in particular that gets hammered with these (I suspect he tried
unsubscribing in the past).
Jun 23 03:50:07 mail1 postfix/smtpd[5118]: NOQUEUE: reject: RCPT from
mmx3.opticspace.co.uk[8.19.138.30]: 554 5.7.1 Rejected;
mmx3.opticspace.co.uk blocked by ibl
Yep, that looks familiar...
# The Solo Networks 8.19.136.0 - 8.19.143.255
8.19.136.0/21 REJECT
# The Solo Networks 67.218.160.0 - 67.218.191.255
# 67.218.164.0/24 Surpass Solutions - cybersonicview.com
# 67.218.173.0/24 X3 Hosting Systems
# 67.218.180.0/24 LogiTech Interactive
67.218.160.0/19 REJECT
My policy, I block the /24 straight away, and hits from 3 separate /24's
earns a block for the whole netblock (as illustrated above).
