Re: rbl's status?
On Sunday 13 June 2004 18.01, Dale Amon wrote: What are the recommended rbl's these days? Just one opinion more: (ok, this is postfix syntax. But let's not start this war here :-) reject_rbl_client cbl.abuseat.org, reject_rbl_client list.dsbl.org, these are very good and catch most. reject_rbl_client cn-kr.blackholes.us, And 70% of what is not caught above hangs here. Obviously, if you have regular emaul traffic with them, you shouldn't do this... reject_rbl_client relays.ordb.org, reject_rbl_client sbl.spamhaus.org, Catches not much these days, especially not much that is not already in abuseat. But still 10-20 emails per week. reject_rbl_client spews.blackholes.us, SPEWS is very controversial. It blocks spammers and spam-supporters, the latter may include big IP ranges from ISPs that do not react to complaints. Also, SPEWS is not really transparent. They have 'case files', but IMHO they are hard to read and not really clear. I've not had false positives that I know of because of this, but still, I wouldn't use it in a business server. Additionally, I used to use {comcast,rr}.blackholes.us, but abuseat contains most of the spamzombies already, so I dropped them. Similarly, reject_rhsbl_client spamdomains.blackholes.easynet.nl, reject_rhsbl_sender spamdomains.blackholes.easynet.nl, reject_rhsbl_client porn.rhs.mailpolice.com, reject_rhsbl_sender porn.rhs.mailpolice.com, reject_rhsbl_client bulk.rhs.mailpolice.com, reject_rhsbl_sender bulk.rhs.mailpolice.com, and warn_if_reject reject_rbl_client bogons.cymru.com, warn_if_reject reject_rbl_client spam.dnsrbl.net, warn_if_reject reject_rbl_client es.blackholes.easynet.nl, were dropped after they found nothing the ones I *do* use still didn't already find. I've stopped using the latter three quite some time ago, so maybe they don't work anymore now. Also you may want to look at the rfc-ignorant.org ones, but reading nanae I got the impression that they are more trouble than they're worth. In any case, I recommend that you thoroughly read information about the blacklists you use, and that you follow some news source about spam fighting, so that important news like some blacklist going bellyup and blacklisting the world will not creep up on you from behind. One source is nanae, which is unfortunately quite high volume and consists 70% of flamewars. But I've not found a better source for information - just ignore the trolls. (Honestly, when you follow nanae, the little arguments on the debian lists are really soothing to the mind in their mind-boggingly rationality and calm and to the point style of discussion.) cheers -- vbi -- featured link: http://fortytwo.ch/gpg/intro pgpIEVQHpeyHW.pgp Description: signature
Re: rbl's status?
On Mon, 14 Jun 2004 16:39, Adrian 'Dagurashibanipal' von Bidder [EMAIL PROTECTED] wrote: Also you may want to look at the rfc-ignorant.org ones, but reading nanae I got the impression that they are more trouble than they're worth. This thread inspired me to fiddle with my anti-spam settings again. Below is my current Postfix configuration for those who are interested. My latest addition is RHSBL entries. So far rhsbl.sorbs.net has not caught anything (only been on for about 30 mins and it's late in the list). The rfc-ignorant.org entries have been catching a lot, one thing that they cught is yahoo.com because [EMAIL PROTECTED] allegedly doesn't work. I've just sent a test message to [EMAIL PROTECTED] and it hasn't bounced yet... Maybe the Yahoo abuse team are being butt-head's about clicking on the removal URL. smtpd_client_restrictions = permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dsn.rfc-ignorant.org, reject_rhsbl_client postmaster.rfc-ignorant.org -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Mon, Jun 14, 2004 at 04:57:42PM +1000, Russell Coker wrote: a test message to [EMAIL PROTECTED] and it hasn't bounced yet... Maybe the Yahoo abuse team are being butt-head's about clicking on the removal URL. Yeah, just I found I got listed by ignoramuses about RFC's due to a mail helper program crashing... -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Mon, Jun 14, 2004 at 04:57:42PM +1000, Russell Coker wrote: relays.ordb.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dsn.rfc-ignorant.org, reject_rhsbl_client postmaster.rfc-ignorant.org Just to publicly eat my previous words... I submitted the request, had a *person* respond within 5 minutes and removal is already in the queue. Amazing. -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: This sort of thing is why I would rather use any RBL within SpamAssassin, rather than at SMTP delivery time. Even if one of these services goes completely belly up and blacklists the world, I don't automatically lose mail from it. Please dont do this. You MUST reject mails (by spam scanners, malware scanners or blacklists) on the SMTP level, otherwise you become a pretty big annoyance to the internet (if you bounce) or will siletnly lose mails (if you drop them). Bouncing or silently dropping potential spam are both obnoxious net behavior, but neither has anyhing to do with whether or not one does their spam classification before accepting mail at the SMTP level. Rejecting false positives can be pretty annoying, too! I find rejecting potential spam at the SMTP level to be riskier than I'd prefer, but this is a judgment call that sysadmins need to make based on the needs of their users. Neither choice forces poor netiquette. Matthew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
Bernd Eckenfels [EMAIL PROTECTED] writes: In article [EMAIL PROTECTED] you wrote: This sort of thing is why I would rather use any RBL within SpamAssassin, rather than at SMTP delivery time. Even if one of these services goes completely belly up and blacklists the world, I don't automatically lose mail from it. Please dont do this. You MUST reject mails (by spam scanners, malware scanners or blacklists) on the SMTP level, otherwise you become a pretty big annoyance to the internet (if you bounce) or will siletnly lose mails (if you drop them). Well, yes, choosing one of the broken options is broken. Just giving a message 5 spamassassin points for tripping a blacklist seems pretty reasonable, though. -Brian -- Brian Sniffen [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On 14 Jun 2004, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: This sort of thing is why I would rather use any RBL within SpamAssassin, rather than at SMTP delivery time. Even if one of these services goes completely belly up and blacklists the world, I don't automatically lose mail from it. Please dont do this. Eh? You seem to have made an incorrect assumption about what I do to the mail with SpamAssassin. You MUST reject mails (by spam scanners, malware scanners or blacklists) on the SMTP level, otherwise you become a pretty big annoyance to the internet (if you bounce) or will siletnly lose mails (if you drop them). ...or, options 3, I deliver them to the end user tagged as likely spam when they look like spam. Then the end user can filter them out as they please. I certainly agree that bouncing SPAM messages, just like reporting virus infections, is an anti-social behaviour. If I chose to silently drop mail after accepting it, though, that is a legitimate and reasonable disposition of the content, as far as I can see. Claims that this is anti-social seem spurious to me; can you expand on your reasoning there? Anyway, as I said, I don't take either of the options you suggests. I use RBL tests at the SpamAssassin level because I *don't* trust them to be one hundred percent accurate. If I didn't care more about real mail getting through than the occasional missed spam, then sure, using RBL blocking at the initial SMTP stage would be ideal... Daniel -- ... Far down the vault a man was screaming. His fists were tightly clenched and he was screaming out imprecations against the humming computers. There was a hopeless rage in his eyes - rage and bitter, savage defiance. -- Frank Bellknap, _It Was The Day Of The Robot_ (1963) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
Also, for Vassilii - you use the SpamCop blacklists. That is something that I would be very nervous of. They have some pretty liberal policies about what they accept, and their automatic tools are not that great at filtering out innocent parties... This is why on the primary MX (which I share with some friends) I don't use it at the SMTP level. OTOH, I do use it for my account and I never had a positive hit with it yet. If you have a huge server with a lot of users of various profiles, you probably should only use it for advisory tagging so your users can decide if they want to accept it.
Re: rbl's status?
On Sunday 13 June 2004 18.01, Dale Amon wrote: What are the recommended rbl's these days? Just one opinion more: (ok, this is postfix syntax. But let's not start this war here :-) reject_rbl_client cbl.abuseat.org, reject_rbl_client list.dsbl.org, these are very good and catch most. reject_rbl_client cn-kr.blackholes.us, And 70% of what is not caught above hangs here. Obviously, if you have regular emaul traffic with them, you shouldn't do this... reject_rbl_client relays.ordb.org, reject_rbl_client sbl.spamhaus.org, Catches not much these days, especially not much that is not already in abuseat. But still 10-20 emails per week. reject_rbl_client spews.blackholes.us, SPEWS is very controversial. It blocks spammers and spam-supporters, the latter may include big IP ranges from ISPs that do not react to complaints. Also, SPEWS is not really transparent. They have 'case files', but IMHO they are hard to read and not really clear. I've not had false positives that I know of because of this, but still, I wouldn't use it in a business server. Additionally, I used to use {comcast,rr}.blackholes.us, but abuseat contains most of the spamzombies already, so I dropped them. Similarly, reject_rhsbl_client spamdomains.blackholes.easynet.nl, reject_rhsbl_sender spamdomains.blackholes.easynet.nl, reject_rhsbl_client porn.rhs.mailpolice.com, reject_rhsbl_sender porn.rhs.mailpolice.com, reject_rhsbl_client bulk.rhs.mailpolice.com, reject_rhsbl_sender bulk.rhs.mailpolice.com, and warn_if_reject reject_rbl_client bogons.cymru.com, warn_if_reject reject_rbl_client spam.dnsrbl.net, warn_if_reject reject_rbl_client es.blackholes.easynet.nl, were dropped after they found nothing the ones I *do* use still didn't already find. I've stopped using the latter three quite some time ago, so maybe they don't work anymore now. Also you may want to look at the rfc-ignorant.org ones, but reading nanae I got the impression that they are more trouble than they're worth. In any case, I recommend that you thoroughly read information about the blacklists you use, and that you follow some news source about spam fighting, so that important news like some blacklist going bellyup and blacklisting the world will not creep up on you from behind. One source is nanae, which is unfortunately quite high volume and consists 70% of flamewars. But I've not found a better source for information - just ignore the trolls. (Honestly, when you follow nanae, the little arguments on the debian lists are really soothing to the mind in their mind-boggingly rationality and calm and to the point style of discussion.) cheers -- vbi -- featured link: http://fortytwo.ch/gpg/intro pgpADeU9SSqkC.pgp Description: signature
Re: rbl's status?
On Mon, 14 Jun 2004 16:39, Adrian 'Dagurashibanipal' von Bidder [EMAIL PROTECTED] wrote: Also you may want to look at the rfc-ignorant.org ones, but reading nanae I got the impression that they are more trouble than they're worth. This thread inspired me to fiddle with my anti-spam settings again. Below is my current Postfix configuration for those who are interested. My latest addition is RHSBL entries. So far rhsbl.sorbs.net has not caught anything (only been on for about 30 mins and it's late in the list). The rfc-ignorant.org entries have been catching a lot, one thing that they cught is yahoo.com because [EMAIL PROTECTED] allegedly doesn't work. I've just sent a test message to [EMAIL PROTECTED] and it hasn't bounced yet... Maybe the Yahoo abuse team are being butt-head's about clicking on the removal URL. smtpd_client_restrictions = permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dsn.rfc-ignorant.org, reject_rhsbl_client postmaster.rfc-ignorant.org -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: rbl's status?
On Mon, Jun 14, 2004 at 04:57:42PM +1000, Russell Coker wrote: a test message to [EMAIL PROTECTED] and it hasn't bounced yet... Maybe the Yahoo abuse team are being butt-head's about clicking on the removal URL. Yeah, just I found I got listed by ignoramuses about RFC's due to a mail helper program crashing... -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel --
Re: rbl's status?
On Mon, Jun 14, 2004 at 04:57:42PM +1000, Russell Coker wrote: relays.ordb.org, reject_rhsbl_client rhsbl.sorbs.net, reject_rhsbl_client dsn.rfc-ignorant.org, reject_rhsbl_client postmaster.rfc-ignorant.org Just to publicly eat my previous words... I submitted the request, had a *person* respond within 5 minutes and removal is already in the queue. Amazing. -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel --
Re: rbl's status?
In article [EMAIL PROTECTED] you wrote: This sort of thing is why I would rather use any RBL within SpamAssassin, rather than at SMTP delivery time. Even if one of these services goes completely belly up and blacklists the world, I don't automatically lose mail from it. Please dont do this. You MUST reject mails (by spam scanners, malware scanners or blacklists) on the SMTP level, otherwise you become a pretty big annoyance to the internet (if you bounce) or will siletnly lose mails (if you drop them). Greetings Bernd -- eckes privat - http://www.eckes.org/ Project Freefire - http://www.freefire.org/
Re: rbl's status?
Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: This sort of thing is why I would rather use any RBL within SpamAssassin, rather than at SMTP delivery time. Even if one of these services goes completely belly up and blacklists the world, I don't automatically lose mail from it. Please dont do this. You MUST reject mails (by spam scanners, malware scanners or blacklists) on the SMTP level, otherwise you become a pretty big annoyance to the internet (if you bounce) or will siletnly lose mails (if you drop them). Bouncing or silently dropping potential spam are both obnoxious net behavior, but neither has anyhing to do with whether or not one does their spam classification before accepting mail at the SMTP level. Rejecting false positives can be pretty annoying, too! I find rejecting potential spam at the SMTP level to be riskier than I'd prefer, but this is a judgment call that sysadmins need to make based on the needs of their users. Neither choice forces poor netiquette. Matthew
Re: rbl's status?
Bernd Eckenfels [EMAIL PROTECTED] writes: In article [EMAIL PROTECTED] you wrote: This sort of thing is why I would rather use any RBL within SpamAssassin, rather than at SMTP delivery time. Even if one of these services goes completely belly up and blacklists the world, I don't automatically lose mail from it. Please dont do this. You MUST reject mails (by spam scanners, malware scanners or blacklists) on the SMTP level, otherwise you become a pretty big annoyance to the internet (if you bounce) or will siletnly lose mails (if you drop them). Well, yes, choosing one of the broken options is broken. Just giving a message 5 spamassassin points for tripping a blacklist seems pretty reasonable, though. -Brian -- Brian Sniffen [EMAIL PROTECTED]
Re: rbl's status?
On 14 Jun 2004, Bernd Eckenfels wrote: In article [EMAIL PROTECTED] you wrote: This sort of thing is why I would rather use any RBL within SpamAssassin, rather than at SMTP delivery time. Even if one of these services goes completely belly up and blacklists the world, I don't automatically lose mail from it. Please dont do this. Eh? You seem to have made an incorrect assumption about what I do to the mail with SpamAssassin. You MUST reject mails (by spam scanners, malware scanners or blacklists) on the SMTP level, otherwise you become a pretty big annoyance to the internet (if you bounce) or will siletnly lose mails (if you drop them). ...or, options 3, I deliver them to the end user tagged as likely spam when they look like spam. Then the end user can filter them out as they please. I certainly agree that bouncing SPAM messages, just like reporting virus infections, is an anti-social behaviour. If I chose to silently drop mail after accepting it, though, that is a legitimate and reasonable disposition of the content, as far as I can see. Claims that this is anti-social seem spurious to me; can you expand on your reasoning there? Anyway, as I said, I don't take either of the options you suggests. I use RBL tests at the SpamAssassin level because I *don't* trust them to be one hundred percent accurate. If I didn't care more about real mail getting through than the occasional missed spam, then sure, using RBL blocking at the initial SMTP stage would be ideal... Daniel -- ... Far down the vault a man was screaming. His fists were tightly clenched and he was screaming out imprecations against the humming computers. There was a hopeless rage in his eyes - rage and bitter, savage defiance. -- Frank Bellknap, _It Was The Day Of The Robot_ (1963)
rbl's status?
I just noticed that my exim4 config access to rbl.mail-abuse.org is no longer valid. I'd heard Vixie had 'gone pro' but hadn't thought much about it. What are the recommended rbl's these days? -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
I just noticed that my exim4 config access to rbl.mail-abuse.org is no longer valid. I'd heard Vixie had 'gone pro' but hadn't thought much about it. I believe it's very old news, smth like 4-5 years or so. What are the recommended rbl's these days? Best thing is ask on NANAE or exim-users or whatever your favourite MTA is. Here's what I am using here RBL-wise: rbl_domains = bl.spamcop.net/reject : relays.osirusoft.com/reject :spamhaus.relays.osirusoft.com/reject : sbl.spamhaus.org/reject there is a bit of redundancy in my setup as spamhaus is aggregated from 2 places, but it is my secondary MX dedicated box and WTH - it works -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: What are the recommended rbl's these days? Best thing is ask on NANAE or exim-users or whatever your favourite MTA is. Here's what I am using here RBL-wise: rbl_domains = bl.spamcop.net/reject : relays.osirusoft.com/reject :spamhaus.relays.osirusoft.com/reject : sbl.spamhaus.org/reject You do realize that the osirusoft blacklists are defunct and have been for several months, right? Basing your decision of whether or not to accept mail from a given host based on an answer from a defunct blacklist is probably not a good idea. noah pgpk7x9guu3oQ.pgp Description: PGP signature
Re: rbl's status?
You do realize that the osirusoft blacklists are defunct and have been for several months, right? Basing your decision of whether or not to accept mail from a given host based on an answer from a defunct blacklist is probably not a good idea. *ouch* thanks. I'm revising my blacklists now, reading http://www.spambouncer.org/ for an up-to-date guideline -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Sun, Jun 13, 2004 at 12:54:11PM -0400, Noah Meyerhans wrote: On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: What are the recommended rbl's these days? Best thing is ask on NANAE or exim-users or whatever your favourite MTA is. Here's what I am using here RBL-wise: rbl_domains = bl.spamcop.net/reject : relays.osirusoft.com/reject :spamhaus.relays.osirusoft.com/reject : sbl.spamhaus.org/reject You do realize that the osirusoft blacklists are defunct and have been for several months, right? Basing your decision of whether or not to accept mail from a given host based on an answer from a defunct blacklist is probably not a good idea. At least he's more up to date than I! :-) -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: I believe it's very old news, smth like 4-5 years or so. I'd not thought about it because they are still used in the examples all over specs.txt. Perhaps I should email Philip about it. -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Sun, 2004-06-13 at 18:11, Dale Amon wrote: On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: I believe it's very old news, smth like 4-5 years or so. I'd not thought about it because they are still used in the examples all over specs.txt. Perhaps I should email Philip about it. Looks like he already knows: quote dnslists = list of domain names and other data This condition checks for entries in DNS black lists. These are also known as 'RBL lists', after the original Realtime Blackhole List, but note that the use of the lists at mail-abuse.org now carries a charge. /quote I'd guess that was easier than fixing all the references to the RBL[+], RSS and DUL littered through the documentation. Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Sun, Jun 13, 2004 at 06:33:13PM +0100, Adam D. Barratt wrote: I'd guess that was easier than fixing all the references to the RBL[+], RSS and DUL littered through the documentation. Point taken... but then again, who on Earth actually re-reads the whole doc a second time, rather than just a search for a specific keyword? I've tried a couple times. Puts me right to sleep :-) -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Sun, 2004-06-13 at 18:48, Dale Amon wrote: On Sun, Jun 13, 2004 at 06:33:13PM +0100, Adam D. Barratt wrote: I'd guess that was easier than fixing all the references to the RBL[+], RSS and DUL littered through the documentation. Point taken... but then again, who on Earth actually re-reads the whole doc a second time, rather than just a search for a specific keyword? I didn't. I did `zless /usr/share/doc/exim4/spec.txt.gz' and searched for RBL. That's the first hit. ;-) I've tried a couple times. Puts me right to sleep :-) No comment. :) The index is very useful... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
On Sun, 2004-06-13 at 17:01 +0100, Dale Amon wrote: I just noticed that my exim4 config access to rbl.mail-abuse.org is no longer valid. I'd heard Vixie had 'gone pro' but hadn't thought much about it. What are the recommended rbl's these days? -- i like the sbl-xbl lists at spamhaus... -- Douglas F. Calvert http://anize.org/dfc/ GPG Key: 0xC9541FB2 signature.asc Description: This is a digitally signed message part
Re: rbl's status?
On 14 Jun 2004, Noah Meyerhans wrote: On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: What are the recommended rbl's these days? Best thing is ask on NANAE or exim-users or whatever your favourite MTA is. Here's what I am using here RBL-wise: rbl_domains = bl.spamcop.net/reject : relays.osirusoft.com/reject :spamhaus.relays.osirusoft.com/reject : sbl.spamhaus.org/reject You do realize that the osirusoft blacklists are defunct and have been for several months, right? Basing your decision of whether or not to accept mail from a given host based on an answer from a defunct blacklist is probably not a good idea. This sort of thing is why I would rather use any RBL within SpamAssassin, rather than at SMTP delivery time. Even if one of these services goes completely belly up and blacklists the world, I don't automatically lose mail from it. Also, for Vassilii - you use the SpamCop blacklists. That is something that I would be very nervous of. They have some pretty liberal policies about what they accept, and their automatic tools are not that great at filtering out innocent parties... Daniel -- You come for me now with a cake that you've made Ravaged avenger with a clip in your hair Full of glass and bleach and my old razorblades Oh, where do we go now but nowhere -- Nick Cave, _Where Do We Go Now But Nowhere?_ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rbl's status?
Also, for Vassilii - you use the SpamCop blacklists. That is something that I would be very nervous of. They have some pretty liberal policies about what they accept, and their automatic tools are not that great at filtering out innocent parties... This is why on the primary MX (which I share with some friends) I don't use it at the SMTP level. OTOH, I do use it for my account and I never had a positive hit with it yet. If you have a huge server with a lot of users of various profiles, you probably should only use it for advisory tagging so your users can decide if they want to accept it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
rbl's status?
I just noticed that my exim4 config access to rbl.mail-abuse.org is no longer valid. I'd heard Vixie had 'gone pro' but hadn't thought much about it. What are the recommended rbl's these days? -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel --
Re: rbl's status?
I just noticed that my exim4 config access to rbl.mail-abuse.org is no longer valid. I'd heard Vixie had 'gone pro' but hadn't thought much about it. I believe it's very old news, smth like 4-5 years or so. What are the recommended rbl's these days? Best thing is ask on NANAE or exim-users or whatever your favourite MTA is. Here's what I am using here RBL-wise: rbl_domains = bl.spamcop.net/reject : relays.osirusoft.com/reject :spamhaus.relays.osirusoft.com/reject : sbl.spamhaus.org/reject there is a bit of redundancy in my setup as spamhaus is aggregated from 2 places, but it is my secondary MX dedicated box and WTH - it works
Re: rbl's status?
On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: What are the recommended rbl's these days? Best thing is ask on NANAE or exim-users or whatever your favourite MTA is. Here's what I am using here RBL-wise: rbl_domains = bl.spamcop.net/reject : relays.osirusoft.com/reject :spamhaus.relays.osirusoft.com/reject : sbl.spamhaus.org/reject You do realize that the osirusoft blacklists are defunct and have been for several months, right? Basing your decision of whether or not to accept mail from a given host based on an answer from a defunct blacklist is probably not a good idea. noah pgp1gZDfYRD76.pgp Description: PGP signature
Re: rbl's status?
You do realize that the osirusoft blacklists are defunct and have been for several months, right? Basing your decision of whether or not to accept mail from a given host based on an answer from a defunct blacklist is probably not a good idea. *ouch* thanks. I'm revising my blacklists now, reading http://www.spambouncer.org/ for an up-to-date guideline
Re: rbl's status?
On Sun, Jun 13, 2004 at 12:54:11PM -0400, Noah Meyerhans wrote: On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: What are the recommended rbl's these days? Best thing is ask on NANAE or exim-users or whatever your favourite MTA is. Here's what I am using here RBL-wise: rbl_domains = bl.spamcop.net/reject : relays.osirusoft.com/reject :spamhaus.relays.osirusoft.com/reject : sbl.spamhaus.org/reject You do realize that the osirusoft blacklists are defunct and have been for several months, right? Basing your decision of whether or not to accept mail from a given host based on an answer from a defunct blacklist is probably not a good idea. At least he's more up to date than I! :-) -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel --
Re: rbl's status?
On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: I believe it's very old news, smth like 4-5 years or so. I'd not thought about it because they are still used in the examples all over specs.txt. Perhaps I should email Philip about it. -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel --
Re: rbl's status?
On Sun, 2004-06-13 at 18:11, Dale Amon wrote: On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote: I believe it's very old news, smth like 4-5 years or so. I'd not thought about it because they are still used in the examples all over specs.txt. Perhaps I should email Philip about it. Looks like he already knows: quote dnslists = list of domain names and other data This condition checks for entries in DNS black lists. These are also known as 'RBL lists', after the original Realtime Blackhole List, but note that the use of the lists at mail-abuse.org now carries a charge. /quote I'd guess that was easier than fixing all the references to the RBL[+], RSS and DUL littered through the documentation. Adam
Re: rbl's status?
On Sun, Jun 13, 2004 at 06:33:13PM +0100, Adam D. Barratt wrote: I'd guess that was easier than fixing all the references to the RBL[+], RSS and DUL littered through the documentation. Point taken... but then again, who on Earth actually re-reads the whole doc a second time, rather than just a search for a specific keyword? I've tried a couple times. Puts me right to sleep :-) -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel --
Re: rbl's status?
On Sun, 2004-06-13 at 18:48, Dale Amon wrote: On Sun, Jun 13, 2004 at 06:33:13PM +0100, Adam D. Barratt wrote: I'd guess that was easier than fixing all the references to the RBL[+], RSS and DUL littered through the documentation. Point taken... but then again, who on Earth actually re-reads the whole doc a second time, rather than just a search for a specific keyword? I didn't. I did `zless /usr/share/doc/exim4/spec.txt.gz' and searched for RBL. That's the first hit. ;-) I've tried a couple times. Puts me right to sleep :-) No comment. :) The index is very useful... Adam
Re: rbl's status?
On Sun, 2004-06-13 at 17:01 +0100, Dale Amon wrote: I just noticed that my exim4 config access to rbl.mail-abuse.org is no longer valid. I'd heard Vixie had 'gone pro' but hadn't thought much about it. What are the recommended rbl's these days? -- i like the sbl-xbl lists at spamhaus... -- Douglas F. Calvert http://anize.org/dfc/ GPG Key: 0xC9541FB2 signature.asc Description: This is a digitally signed message part