Well, again, if we were to read the information from SORBS, we would already
know that.
dnsbl.sorbs.net - Aggregate zone (contains all the following DNS
zones
except spam.dnsbl.sorbs.net)
-----Original Message-----
From: "Gary Steiner" <[email protected]>
Sent: Monday, January 26, 2015 9:03am
To: [email protected]
Subject: [MBF] Re: False positives rising with SORBS
I've found that the aggregate zones (such as dnsbl.sorbs.net) don't always
work. For example, today while testing I found an address (91.218.112.72)
that was in spam.dnsbl.sorbs.net but wasn't in dnsbl.sorbs.net. Better to
use the individual zones for testing, but be careful about using
overlapping zones.
Gary Steiner
----------------------------------------
From: "John Tolmachoff" <[email protected]>
Sent: Friday, January 23, 2015 2:06 PM
To: [email protected]
Subject: [MBF] Re: False positives rising with SORBS
Tina what you are doing is giving a double fail to the return code
127.0.0.6. If you check the sorbs.net website, you would find this
explanation: new.spam.dnsbl.sorbs.net - List of hosts that have been noted
as sending spam/UCE/UBE to the admins of SORBS within the last 48 hours.
recent.spam.dnsbl.sorbs.net - List of hosts that have been noted as sending
spam/UCE/UBE to the admins of SORBS within the last 28 days (includes
new.spam.dnsbl.sorbs.net). So in other words you should NOT be using BOTH
checks. HOWEVER, what is BETTER and more EFFICIANT is to only query
dnsbl.sorbs.net and then use the various return codes for different tests.
John T eServices For You -----Original Message----- From: "Tina Cline"
<[email protected]> Sent: Thursday, January 22, 2015 8:34am To:
[email protected] Subject: [MBF] False positives rising with
SORBS We are seeing a few false positives because of the SORBS filter.
##http://www.au.sorbs.net/ SORBS IP4R dnsbl.sorbs.net * 4 0 SORBS-NEW IP4R
new.spam.dnsbl.sorbs.net 127.0.0.6 3 0 SORBS-RECENT IP4R
recent.spam.dnsbl.sorbs.net 127.0.0.6 3 0 SORBS-NOMAIL IP4R
nomail.rhsbl.sorbs.net 127.0.0.12 10 0 The false positives are verified IP
addresses on the SORBS list but not the fault of the sender as the hosting
IP is listed. Because SORBS is positive, they get a score of 4 and 3 and 3
(total 10) and maybe something else that pushes them over 10. (The emails
typically are failing all 3 SORBS lists, not just one - I did not expect to
see emails failing NEW and RECENT at the same time) This often happens in
replies as the replies go back and forth the SPAM weight gets heavier or
the senders IP from the hoster changes (hoster has multiple IPs, some of
which might be listed - such as Office365 users) My question: I have
lowered the weight on SORBS-NEW and SORBS-RECENT to only 1 point each so
that if all three filters fail they only get a score of 6. Is this what we
should do or should we only use the SORBS bl and not use SORBS-NEW or
RECENT? Any recommendations? We are basing this on the fact that if the
email is truly SPAM, other filters will give the additional weight so SORBS
need only be a few points. Tina Cline 270net Technologies
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[email protected]>
To switch to the DIGEST mode, E-mail to
<[email protected]>
To switch to the INDEX mode, E-mail to
<[email protected]>
Send administrative queries to <[email protected]>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[email protected]>
To switch to the DIGEST mode, E-mail to <[email protected]>
To switch to the INDEX mode, E-mail to <[email protected]>
Send administrative queries to <[email protected]>
