Re: (Semi OT) RBL shakedown
On 24 Oct 2016, at 16:54, li...@lazygranch.com wrote: So you block all of AS14061 because there supposedly is a spammer in the block? The relevant TXT record in that DNSBL asserts 276 "abusers" on AS14061 in the past week. Eyeballing the visible routes for AS14061, that seems to be something like 0.2% of the advertised addresses. I grumblingly agreed when Wietse said it was proper to block a specific IP when only one user was spamming, but this seems excessive. It is, which is why UCEPROTECT and especially their "Level 3" list are not widely trusted as a basis for absolute banning. I don't recall seeing evidence that *any* of their lists are used as outright banning criteria by any sites with a significant number of users outside of German-speaking Europe.
Re: (Semi OT) RBL shakedown
li...@lazygranch.com [2016-10-24 14:52 -0700] : > Oh, I didn't me YOU as in you personally. Sorry about that. > Maybe it is an American was of speaking. No offenSe taken. ;-) > The reply from Digital Ocean is just to change my IP. I'm > shocked they don't want to defend their IP space. I suppose if > I actually get blocked, I will go though the hassle of changing > the IP. (Not trivial). Have you checked your logs whether you already got rejected because of level 3? Niklaas
Re: (Semi OT) RBL shakedown
Oh, I didn't me YOU as in you personally. Sorry about that. Maybe it is an American was of speaking. The reply from Digital Ocean is just to change my IP. I'm shocked they don't want to defend their IP space. I suppose if I actually get blocked, I will go though the hassle of changing the IP. (Not trivial). Original Message From: Niklaas Baudet von Gersdorff Sent: Monday, October 24, 2016 2:33 PM To: postfix-users@postfix.org Reply To: st...@niklaas.eu Subject: Re: (Semi OT) RBL shakedown li...@lazygranch.com [2016-10-24 13:54 -0700] : > So you block all of AS14061 because there supposedly is > a spammer in the block? I grumblingly agreed when Wietse said > it was proper to block a specific IP when only one user was > spamming, but this seems excessive. No, I personally don't. And I don't think anyone should. I only wanted to mention that (and I guess this is in line with what you wrote), next to mismanaging DNSBL's, you can misuse them. Niklaas
Re: (Semi OT) RBL shakedown
li...@lazygranch.com [2016-10-24 13:54 -0700] : > So you block all of AS14061 because there supposedly is > a spammer in the block? I grumblingly agreed when Wietse said > it was proper to block a specific IP when only one user was > spamming, but this seems excessive. No, I personally don't. And I don't think anyone should. I only wanted to mention that (and I guess this is in line with what you wrote), next to mismanaging DNSBL's, you can misuse them. Niklaas
Re: (Semi OT) RBL shakedown
So you block all of AS14061 because there supposedly is a spammer in the block? I grumblingly agreed when Wietse said it was proper to block a specific IP when only one user was spamming, but this seems excessive. One of the reasons I went VPS is not to be lumped in with spammers nor the occasional DDOS because some fool annoyed another fool. I guess I was delusional that a personal IP would solve that problem. Grumble. I've said enough. On a positive note, freebsd ports had a postfix update yesterday and as usual, no problem. Original Message From: Niklaas Baudet von Gersdorff Sent: Monday, October 24, 2016 1:41 PM To: postfix-users@postfix.org Reply To: st...@niklaas.eu Subject: Re: (Semi OT) RBL shakedown li...@lazygranch.com [2016-10-24 13:20 -0700] : > If you use the uceprotect RBL, note that they are involved in a > shakedown to solicit money to be removed from their list. Much like > spamrl, I'd suggest not using them since they have an obvious false > positive problem. > > http://www.uceprotect.net/en/rblcheck.php?ipr=107.170.248.198 > Their own system shows my domain is not the same as the spammers domain. You're only listed on Level 3, aren't you? They (kind of) recommend not to use that list: We believe that a professional service provider or carrier should be able to act promptly before listings are escalating up to Level 3, therefore by using Level 3 the chances are that you will mostly block “learning-resistant” service providers or carriers and their customers. NOTE: By using Level 3 for blocking, be prepared to lose some required mails too. DO NOT BLAME US, YOU HAVE BEEN FOREWARNED! The recommended use of Level 3 is incorporating it into a scoring system, to give e.g. 2 points on a ‘match’ where 5 or more points trigger a spam tag. Use of Level 3 for blocking is recommended only if you are a HARDLINER and you want to cause service providers and carriers that have spammer / abusive clients to be quickly and effectively blocked and it does not matter to you when required email is also rejected. This can bring a lot of pressure on service providers and carriers to get their act in order and resolve the issues within their responsibility. http://www.uceprotect.net/en/index.php?m=3&s=5 So, normally -- in case postmasters read uceprotect's advice, which we cannot be sure of -- your server shouldn't be blocked by serious mail servers. As far as I understand their policy, probably you're listed because your network has quite some spammers. > Plenty of good RBLs out there. No uses feeding the criminals > (uceprotect) or the incompetent (spamrl). Niklaas
Re: (Semi OT) RBL shakedown
li...@lazygranch.com [2016-10-24 13:20 -0700] : > If you use the uceprotect RBL, note that they are involved in a > shakedown to solicit money to be removed from their list. Much like > spamrl, I'd suggest not using them since they have an obvious false > positive problem. > > http://www.uceprotect.net/en/rblcheck.php?ipr=107.170.248.198 > Their own system shows my domain is not the same as the spammers domain. You're only listed on Level 3, aren't you? They (kind of) recommend not to use that list: We believe that a professional service provider or carrier should be able to act promptly before listings are escalating up to Level 3, therefore by using Level 3 the chances are that you will mostly block “learning-resistant” service providers or carriers and their customers. NOTE: By using Level 3 for blocking, be prepared to lose some required mails too. DO NOT BLAME US, YOU HAVE BEEN FOREWARNED! The recommended use of Level 3 is incorporating it into a scoring system, to give e.g. 2 points on a ‘match’ where 5 or more points trigger a spam tag. Use of Level 3 for blocking is recommended only if you are a HARDLINER and you want to cause service providers and carriers that have spammer / abusive clients to be quickly and effectively blocked and it does not matter to you when required email is also rejected. This can bring a lot of pressure on service providers and carriers to get their act in order and resolve the issues within their responsibility. http://www.uceprotect.net/en/index.php?m=3&s=5 So, normally -- in case postmasters read uceprotect's advice, which we cannot be sure of -- your server shouldn't be blocked by serious mail servers. As far as I understand their policy, probably you're listed because your network has quite some spammers. > Plenty of good RBLs out there. No uses feeding the criminals > (uceprotect) or the incompetent (spamrl). Niklaas
SV: (Semi OT) RBL shakedown
Agreed, they even list AS23456 , which is a reserved AS used for BGP32 routers to annouce themselves to BGP16 routers. (the BGP32 ASN is then embedded in the payload of the BGP16 packet, which result that when this BGP16 router then further annouce themselves to a BGP32 router, the real 32 bit ASN will unfold itself). UCEprotect then list this reserved ASN, instead of unfolding the packet and looking at the real payload, causing every BGP32 network which annouce BGP16 compatibility, to be listed in UCEPROTECT L3. -Ursprungligt meddelande- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För li...@lazygranch.com Skickat: den 24 oktober 2016 22:20 Till: postfix-users@postfix.org Ämne: (Semi OT) RBL shakedown If you use the uceprotect RBL, note that they are involved in a shakedown to solicit money to be removed from their list. Much like spamrl, I'd suggest not using them since they have an obvious false positive problem. http://www.uceprotect.net/en/rblcheck.php?ipr=107.170.248.198 Their own system shows my domain is not the same as the spammers domain. Plenty of good RBLs out there. No uses feeding the criminals (uceprotect) or the incompetent (spamrl). smime.p7s Description: S/MIME Cryptographic Signature
(Semi OT) RBL shakedown
If you use the uceprotect RBL, note that they are involved in a shakedown to solicit money to be removed from their list. Much like spamrl, I'd suggest not using them since they have an obvious false positive problem. http://www.uceprotect.net/en/rblcheck.php?ipr=107.170.248.198 Their own system shows my domain is not the same as the spammers domain. Plenty of good RBLs out there. No uses feeding the criminals (uceprotect) or the incompetent (spamrl).