Re: [mailop] I disabled Spamhaus checking due to false-positives
On 2021-07-15 at 09:06:14 UTC-0400 (Thu, 15 Jul 2021 14:06:14 +0100) Tim Bray via mailop is rumored to have said: Just check which DNS servers you are using. And lot of the 8.8.8.8 and 9.9.9.9 of the world and similar don't work very well for RBLs I usually install a local unbound. Sorry if that is too obvious, but has caught me out before. From the message you seem to be replying to: I use my own local resolver (unbound 1.13.1) with no forwarders configured. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] I disabled Spamhaus checking due to false-positives
On 7/15/21 12:26 PM, John Levine via mailop wrote: It appears that Tim Bray via mailop said: Just check which DNS servers you are using. And lot of the 8.8.8.8 and 9.9.9.9 of the world and similar don't work very well for RBLs s/very well/at all/ I usually install a local unbound. You have to unless the ISP DNS resolver is small enough not to run into the query limits that Spamhaus and other large BLs have. R's, John Off topic slightly, but someone might find the setup useful... I use a combination of dnsdist and powerdns recursor to give me a bit of flexibility and reliability. Each resolver node is set up of multiple pools that consist of resolvers I run, my provider, and 8.8.8.8/1.1.1.1. For stuff relating to big CDNs, its set to route queries to my upstream (CenturyLink for example) DNS servers for best possible geolocation based performance. For DNSbl queries, it routes to my own resolvers only. For general queries and any time the above pools are marked as 'down', its routed to the best performing 'up' servers built from the above pools plus the big ones (8.8.8.8, 1.1.1.1, opendns). Since queries are directed in pools towards the resolvers with lowest latency, it offers a pretty good combination of performance and reliability. I'd be happy to share the config with people if anyone wants to toy with it. Also works really really well as a load balancer and ddos filter for authorative servers. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] I disabled Spamhaus checking due to false-positives
It appears that Tim Bray via mailop said: >Just check which DNS servers you are using. And lot of the 8.8.8.8 >and 9.9.9.9 of the world and similar don't work very well for RBLs s/very well/at all/ >I usually install a local unbound. You have to unless the ISP DNS resolver is small enough not to run into the query limits that Spamhaus and other large BLs have. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Interesting spam network at AS207959
Hey friends, I'm a bit new to the mailing list and I'm really interested in sharing useful data with others. I have a lot of data to work with and I'm trying to find more and more ways to share it that benefits everyone. Email is one of those things where community really matters I think, because the more we share the better off all of our mail servers can be. One less inbound spam = one less accidentally forwarded spam = one less IP rate limited by Google this hour, all that jazz. Anyway, to say hello I wanted to share one of my latest findings: https://bgp.he.net/AS207959 From what I can tell this is an entirely (or very nearly entirely) spam network. If you start clicking through the prefixes and looking at the PTR records, it's pretty rough. Even the ones that look more questional like 195.62.32.0/24 I can only find spam in my logs for, no legitimate emails coming in. I keep adding them to my internal RBL (MXRBL if you want to use it) and they keep announcing new ranges to try to outpace it. Look out for them, they're worth blocking all around. Zero complaints from customers thus far. Anyway, a small gift and a hearty hello <3 Jarland Donnell MXroute ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] I disabled Spamhaus checking due to false-positives
Hi On Thu, Jul 15, 2021 at 04:29:24AM -0700, Mark Milhollan via mailop wrote: > Spamhaus has been working fine for me and has been a wonderful resource for > many years, but I recently decided I had to disable using them on my > personal, low volume mail server because of a few recent surprises (that's > right, I don't look at Spamhaus rejects, timestamps are UTC): Did you check the result of those RBL requests? Spamhaus also provides specific codes for errors, so you _must_ explicitely list what codes you want to accept. See https://www.spamhaus.org/faq/section/DNSBL%20Usage#200 what those mean. Bastian -- "What terrible way to die." "There are no good ways." -- Sulu and Kirk, "That Which Survives", stardate unknown ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] I disabled Spamhaus checking due to false-positives
On 15/07/2021 12:29, Mark Milhollan via mailop wrote: Spamhaus has been working fine for me and has been a wonderful resource for many years, but I recently decided I had to disable using them on my personal, low volume mail server because of a few recent surprises (that's right, I don't look at Spamhaus rejects, timestamps are UTC): Just check which DNS servers you are using. And lot of the 8.8.8.8 and 9.9.9.9 of the world and similar don't work very well for RBLs I usually install a local unbound. Sorry if that is too obvious, but has caught me out before. -- Tim Bray Huddersfield, GB t...@kooky.org ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] I disabled Spamhaus checking due to false-positives
Mark, Replying off list to see if we can figure out what is going on. On 7/15/2021 7:29 AM, Mark Milhollan via mailop wrote: > Spamhaus has been working fine for me and has been a wonderful > resource for many years, but I recently decided I had to disable using > them on my personal, low volume mail server because of a few recent > surprises (that's right, I don't look at Spamhaus rejects, timestamps > are UTC): > > Jul 10 22:20:34 mm-new smtpd[28996]: NOQUEUE: reject: RCPT from > s0.eburgsquare.com[104.223.145.19]: 554 5.7.1 Service unavailable; > Unverified Client host [s0.eburgsquare.com] blocked using > dbl.spamhaus.org; > https://www.spamhaus.org/query/domain/eburgsquare.com; > from= to=<[elided]@milhollan.com> > proto=ESMTP helo= > Jul 13 21:59:33 mm-new smtpd[20435]: NOQUEUE: reject: RCPT from > liaoningosaurus.mktdns.com[192.28.148.54]: 554 5.7.1 Service > unavailable; Client host [192.28.148.54] blocked using > sbl-xbl.spamhaus.org; > from=<733-ksk-625.0.175526.0.0.16914.9.10824...@email1.digium.com> > to=<[elided]@milhollan.com> proto=ESMTP helo= > Jul 14 00:13:04 mm-new smtpd[22318]: NOQUEUE: reject: RCPT from > mail-ej1-f68.google.com[209.85.218.68]: 554 5.7.1 Service unavailable; > Client host [209.85.218.68] blocked using sbl-xbl.spamhaus.org; > from= > to=<[elided]@milhollan.com> proto=ESMTP helo= > Jul 14 15:25:30 mm-new smtpd[3627]: NOQUEUE: reject: RCPT from > gk-w94-email.usps.gov[56.0.84.94]: 554 5.7.1 Service unavailable; > Client host [56.0.84.94] blocked using sbl-xbl.spamhaus.org; > from= > to=<[elided]@milhollan.com> proto=ESMTP helo= > Jul 14 22:37:33 mm-new smtpd[10015]: NOQUEUE: reject: RCPT from > my-mail.splashtop.com[34.208.80.28]: 554 5.7.1 Service unavailable; > Client host [34.208.80.28] blocked using sbl-xbl.spamhaus.org; > from= to=<[elided]@milhollan.com> > proto=ESMTP helo= > Jul 15 06:17:18 mm-new smtpd[14530]: NOQUEUE: reject: RCPT from > mta0.tedlarbagsale.com[134.73.145.18]: 554 5.7.1 Service unavailable; > Unverified Client host [mta0.tedlarbagsale.com] blocked using > dbl.spamhaus.org; > https://www.spamhaus.org/query/domain/tedlarbagsale.com; > from= to=<[elided]@milhollan.com> > proto=ESMTP helo= > Jul 15 10:00:11 mm-new smtpd[3294]: NOQUEUE: reject: RCPT from > mx.mailop.org[91.132.147.157]: 554 5.7.1 Service unavailable; Client > host [91.132.147.157] blocked using sbl-xbl.spamhaus.org; > from= to=<[elided]@milhollan.com> > proto=ESMTP helo= > > Both DBL rejections look to be spam. But all but 1 of these SBL-XBL > rejections were non-spam (I know those senders and want their > messages) so for me are false-positives -- the Gmail rejection looks > like spam (I don't know that sender). 16 rejections (9 good > rejections not shown) between Jul 10 00:00Z and Jul 15 10:20Z, 4 of > which were not appropriate makes for a not good ratio. > > Manually checking the SBL-XBL rejections on the mail server shortly > after the last rejection yielded null/NXDOMAIN responses via DNS using > getent/dig and showed "no issues" via the Spamhaus web site reputation > center. I use my own local resolver (unbound 1.13.1) with no > forwarders configured. > > > /mark > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] I disabled Spamhaus checking due to false-positives
Spamhaus has been working fine for me and has been a wonderful resource for many years, but I recently decided I had to disable using them on my personal, low volume mail server because of a few recent surprises (that's right, I don't look at Spamhaus rejects, timestamps are UTC): Jul 10 22:20:34 mm-new smtpd[28996]: NOQUEUE: reject: RCPT from s0.eburgsquare.com[104.223.145.19]: 554 5.7.1 Service unavailable; Unverified Client host [s0.eburgsquare.com] blocked using dbl.spamhaus.org; https://www.spamhaus.org/query/domain/eburgsquare.com; from= to=<[elided]@milhollan.com> proto=ESMTP helo= Jul 13 21:59:33 mm-new smtpd[20435]: NOQUEUE: reject: RCPT from liaoningosaurus.mktdns.com[192.28.148.54]: 554 5.7.1 Service unavailable; Client host [192.28.148.54] blocked using sbl-xbl.spamhaus.org; from=<733-ksk-625.0.175526.0.0.16914.9.10824...@email1.digium.com> to=<[elided]@milhollan.com> proto=ESMTP helo= Jul 14 00:13:04 mm-new smtpd[22318]: NOQUEUE: reject: RCPT from mail-ej1-f68.google.com[209.85.218.68]: 554 5.7.1 Service unavailable; Client host [209.85.218.68] blocked using sbl-xbl.spamhaus.org; from= to=<[elided]@milhollan.com> proto=ESMTP helo= Jul 14 15:25:30 mm-new smtpd[3627]: NOQUEUE: reject: RCPT from gk-w94-email.usps.gov[56.0.84.94]: 554 5.7.1 Service unavailable; Client host [56.0.84.94] blocked using sbl-xbl.spamhaus.org; from= to=<[elided]@milhollan.com> proto=ESMTP helo= Jul 14 22:37:33 mm-new smtpd[10015]: NOQUEUE: reject: RCPT from my-mail.splashtop.com[34.208.80.28]: 554 5.7.1 Service unavailable; Client host [34.208.80.28] blocked using sbl-xbl.spamhaus.org; from= to=<[elided]@milhollan.com> proto=ESMTP helo= Jul 15 06:17:18 mm-new smtpd[14530]: NOQUEUE: reject: RCPT from mta0.tedlarbagsale.com[134.73.145.18]: 554 5.7.1 Service unavailable; Unverified Client host [mta0.tedlarbagsale.com] blocked using dbl.spamhaus.org; https://www.spamhaus.org/query/domain/tedlarbagsale.com; from= to=<[elided]@milhollan.com> proto=ESMTP helo= Jul 15 10:00:11 mm-new smtpd[3294]: NOQUEUE: reject: RCPT from mx.mailop.org[91.132.147.157]: 554 5.7.1 Service unavailable; Client host [91.132.147.157] blocked using sbl-xbl.spamhaus.org; from= to=<[elided]@milhollan.com> proto=ESMTP helo= Both DBL rejections look to be spam. But all but 1 of these SBL-XBL rejections were non-spam (I know those senders and want their messages) so for me are false-positives -- the Gmail rejection looks like spam (I don't know that sender). 16 rejections (9 good rejections not shown) between Jul 10 00:00Z and Jul 15 10:20Z, 4 of which were not appropriate makes for a not good ratio. Manually checking the SBL-XBL rejections on the mail server shortly after the last rejection yielded null/NXDOMAIN responses via DNS using getent/dig and showed "no issues" via the Spamhaus web site reputation center. I use my own local resolver (unbound 1.13.1) with no forwarders configured. /mark ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
