RE: Looking for hosts to white list
Yes, we run them - he seems perfectly legit spam blocking business if that's where the thread is going. When we first implemented his lists we saw several hits, many were the same hits as other blacklists, but I haven't checked lately. My opinion is it never hurts to have more blacklists.. Steve Radich - http://www.aspdeveloper.net / http://www.virtualserverfaq.com BitShop, Inc. - Development, Training, Hosting, Troubleshooting - http://www.bitshop.com -Original Message- From: James Pratt [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 22, 2008 9:38 PM To: spamassassin-users Subject: RE: Looking for hosts to white list > -Original Message- > From: Michael Scheidell [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 22, 2008 9:00 PM > To: spamassassin-users > Subject: Re: Looking for hosts to white list > > > I don't know if you noticed but I'm a spam filtering company. > > > > Must be true, its on his web site: > > This filter was developed by company founder and all around tech genius > Marc > Perkel. Marc is a leader in the spam filtering industry and was behind Has/Does anyone use his sa rules he has posted on his site? if so how, how was the accuracy?
RE: New DNS list for host information?
I'd agree it's useful - the more info the better - Did you already write a spamassassin plugin or are you saying someone needs to? Steve Radich - http://www.aspdeveloper.net / http://www.virtualserverfaq.com BitShop, Inc. - Development, Training, Hosting, Troubleshooting - http://www.bitshop.com -Original Message- From: Marc Perkel [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2008 11:10 AM To: users@SpamAssassin.apache.org Subject: New DNS list for host information? I'm considering a DNS list that would return strings as TXT records that contain key words that classify the Forward Confirmed rDNS name based on a number of flags. For example, if the host is yahoo.com it might contain "yellow freemail" indicating that it is yellow listed (mixed ham/spam) and that it is a freemail provider. Here's some tags I'm considering. black - blacklisted white - whitelisted yellow - mixed source nobl - nevr blacklist, but maybe whitelist freemail - fre mail service like yahoo, hotmail, gmail isp - isp consumer email servers - verizon, comcast etc. (mixed source) dynamic - end user dynamic IP range The idea being that there might be a number of different items that returns useful information to help process email. Exim is capable of processing these kind of conditionals. I'm not sure other MTAs are. SA could be modified to process it. Who likes this idea?
SA UNPARSEABLE_RELAY when host name in ( ) causes whitelist_from_rcvd to be ignored
I'm unclear if this is RFC compliant or not, the specs DO say in Section 3.8.2 "environments may not conform eactly to this specification" - see other RFC references.. The following line causes UNPARSEABLE_RELAY: Received: from host1.internal (host1.internal) by host2.internal (63.218.155.52) with ESMTP id m27NKoCv031779 for <[EMAIL PROTECTED]>; Fri, 7 Mar 2008 17:20:50 -0600 Simply changing the host IP to host1.internal in ( ) as below causes it to parse: Received: from host1.internal (63.218.155.52) by host2.internal (63.218.155.52) with ESMTP id m27NKoCv031779 for <[EMAIL PROTECTED]>; Fri, 7 Mar 2008 17:20:50 -0600 We have a site that we whitelist via whitelist_from_rcvd so when we get UNPARSEABLE_RELAY it ignores the whitelist. This SEEMS like a bug in spamassassin. RFC specs I read include: Section 4.1.3 Address Literals is the format, basically just IP address. Section 3.8.2:""Received:" fields of messages originating from other environments may not conform exactly to this specification..." Section 4.4 Page 51: Extended-Domain = Domain / ( Domain FWS "(" TCP-info ")" ) / ( Address-literal FWS "(" TCP-info ")" ) TCP-info = Address-literal / ( Domain FWS Address-literal ) ; Information derived by server from TCP connection ; not client EHLO. Steve Radich - http://www.aspdeveloper.net / http://www.virtualserverfaq.com BitShop, Inc. - Development, Training, Hosting, Troubleshooting - http://www.bitshop.com
RE: Bogus MX -> blacklist service viable?
Sorry; apparently I was unclear. MX records I'm saying as follows: 100 - Real 200 - Real perhaps, as many "real" as you want 300 - Bogus - one that blocks port 25 with tcp reset for example 400 - accept port, logs ip -> blacklist (not to be scored aggressively at all) with a 421/retry. If a whole bunch of places are seeing the same smtp server hitting this 400 level MX then I'm saying that seems like a useful thing to be included in a blacklist using a low score in sa. The point was to offer the 400 level mx as a free service to log the ips quickly for those that don't want to set up the server themselves. In theory the 400 level MX wouldn't be used by "real" smtp very often, hence it's likely a spammer and therefore the IP could be auto blacklisted. Realize I'm NOT proposing we block on this, just score based on this list. Steve Radich - http://www.aspdeveloper.net / http://www.virtualserverfaq.com BitShop, Inc. - Development, Training, Hosting, Troubleshooting - http://www.bitshop.com -Original Message- From: mouss [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 8:25 PM Cc: users@spamassassin.apache.org Subject: Re: Bogus MX -> blacklist service viable? McDonald, Dan wrote: > On Thu, 2008-02-21 at 21:58 +0100, Raymond Dijkxhoorn wrote: > >> Hi! >> >> >>> provide this hosted (i.e. I'm thinking of offering), but instead of ONLY >>> log it somehow feed / create a blacklist based on this? >>> >>> I'm not as familiar with blacklists as many of you, but the network / >>> smtp / logging side of this is easy for me to implement. >>> >>> I'm thinking make this a very public (free) service to gather data for >>> the blacklist, anyone could list the mx. >>> >> Whats wrong with : >> >> http://www.rfc-ignorant.org/tools/submit_form.php?table=bogusmx >> >> > > wrong direction. That lists domains that don't have their MX records > set up properly, not ip addresses that attempt to send mail to sites > that are not MX records. > and the difference is? if you force our servers to retry each time we connect to your server, then we will find other people to talk to (in short, we'll BL you) unless you ask the IETF to modify SMTP by adding a "knocking" requirement.
Bogus MX -> blacklist service viable?
What's everyone's opinion on something like: defermx..com bogusmx..com provide this hosted (i.e. I'm thinking of offering), but instead of ONLY log it somehow feed / create a blacklist based on this? I'm not as familiar with blacklists as many of you, but the network / smtp / logging side of this is easy for me to implement. I'm thinking make this a very public (free) service to gather data for the blacklist, anyone could list the mx. Thoughts? Steve Radich - http://www.aspdeveloper.net / http://www.virtualserverfaq.com BitShop, Inc. - Development, Training, Hosting, Troubleshooting - http://www.bitshop.com