Re: Mail abuse in syslog
On 0, Russell Nelson <[EMAIL PROTECTED]> wrote: > Todd A. Jacobs writes: > > On Thu, 11 Nov 1999, Subba Rao wrote: > > > > > Why am I getting this message? All the outbound/inbound mail is > > > transfering fine. > > > > Somehow your IP address has ended up on the RBL. You are being actively > > blocked as a spammer. If you are not a spammer, follow the directions to > > have yourself removed from the RBL. > > I'll bet Subba is dialling up to the net using ibm.net's dialups. > They're almost certainly to be on the DUL. One of the people he's > trying to send email to is a DUL subscriber. And a damn good idea > that is, too, if you look at the amount of spam that comes from > dialups. > > The solution, if you're running qmail on a dialup box, is to insert a > wildcard smtproute pointing to ibm.net's SMTP server. Like this (but > just guessing at ibm.net's SMTP server name): > > echo ':mail.ibm.net' >/var/qmail/control/smtproutes > This is right on the mark. I use Qmail on my server, but have dial-up connection. I became aware of DUL once I started using Qmail. Now, I have my smtp server from ibm.net in the smtproutes and the world is a happy place. It is my turn to fight spam. :-) I am going for the rblsmtpd package. Subba Rao [EMAIL PROTECTED] http://pws.prserv.net/truemax/
Re: Mail abuse in syslog
Todd A. Jacobs writes: > On Thu, 11 Nov 1999, Subba Rao wrote: > > > Why am I getting this message? All the outbound/inbound mail is > > transfering fine. > > Somehow your IP address has ended up on the RBL. You are being actively > blocked as a spammer. If you are not a spammer, follow the directions to > have yourself removed from the RBL. I'll bet Subba is dialling up to the net using ibm.net's dialups. They're almost certainly to be on the DUL. One of the people he's trying to send email to is a DUL subscriber. And a damn good idea that is, too, if you look at the amount of spam that comes from dialups. The solution, if you're running qmail on a dialup box, is to insert a wildcard smtproute pointing to ibm.net's SMTP server. Like this (but just guessing at ibm.net's SMTP server name): echo ':mail.ibm.net' >/var/qmail/control/smtproutes -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | Government schools are so 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Re: Mail abuse in syslog
>> Someone at mail-abuse.org came up with the idea of creating a list >> to enable ISP's to "blacklist" their pools of dialups. > Um, no. ISPs aren't expected to report this themselves. And the > idea came about because they noticed more and more spam coming from > dial-up IPs. Actually, most of the IPs in the DUL were contributed by the ISPs themselves. > And at least on my system, it blocks far more spam than anything > else I use, AND blocks far fewer legitemate connections than RBL or > ORBS have. I'd agree. I block connections from systems in the RBL or MAPS RSS (the non-insane service like ORBS) but I use a modified version of rblsmtpd that I call "detour" that routes DUL mail into my spam traps. I can confirm that far more than 99% of it is spam, and that the annual amount of legit mail that arrives here directly from dialups can be counted on my fingers. If anyone wants the detour program, just ask. It looks up the incoming IP in an RBL-ish domain, and sets RELAYCLIENT to a string from the command line if the IP matches. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: Mail abuse in syslog
On Thu, 11 Nov 1999, Subba Rao wrote: > Why am I getting this message? All the outbound/inbound mail is > transfering fine. Somehow your IP address has ended up on the RBL. You are being actively blocked as a spammer. If you are not a spammer, follow the directions to have yourself removed from the RBL. -- Todd A. Jacobs Network Systems Engineer
Re: Mail abuse in syslog
> > Mark Evans <[EMAIL PROTECTED]> writes on 12 November 1999 at 16:22:40 + > > > Someone at mail-abuse.org came up with the idea of creating a list to enable > > ISP's to "blacklist" their pools of dialups. > > Um, no. ISPs aren't expected to report this themselves. And the idea I've re-read the web pages and it certainly looks as though the people running the list do want ISP's to directly give them the IP blocks. As well as the whole thing being very Windows centric and in places mixing up opinion with fact. > came about because they noticed more and more spam coming from dial-up > IPs. Anyway it would probably make more sense to be holding such lists of *Dynamic* IP pools, regardless of the physical level of the connection. > And at least on my system, it blocks far more spam than anything else > I use, AND blocks far fewer legitemate connections than RBL or ORBS > have. (Wow; just looked at the most recent stats, and for this > period I'm wrong; RSS blocked 75, DUL blocked 53, and RBL blocked 8. > I check them in that order.) Probably becuase it isn't going to take spammers that long to realise that sending spam directly is most expensive for them. Since they are then forced to send the body of the message just about every time. (That's most expensive in terms of their time, bandwidth and chances of being caught "in the act".) As well as meaning that algorithms to deter such things as the sending of multiple RCPT commands hit the abuser directly. If they are silly enough to ignore MX records and only look at A records then they should also except automated finger and port scans, as outlined in the tcp wrappers manual.) What spammers are always going to prefer is a relay, especially one which will accept a huge number of RCPT commands. -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
Re: Mail abuse in syslog
On Sat, 13 Nov 1999, Andy Bradford wrote: > Date: Sat, 13 Nov 1999 04:18:50 -0700 > From: Andy Bradford <[EMAIL PROTECTED]> > To: Markus Stumpf <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: Mail abuse in syslog > > Thus said Markus Stumpf on Fri, 12 Nov 1999 13:58:47 +0100: > [deleted] > Just out of curiousity... where are options like this documented? I have > looked through a number of documents and never seen specifically addressed > configurations such as what you mention here. Thanks - especially if I'm > just blind. :) > Andy for anything in /var/qmail/control/ , 'man qmail-control' is my favorite starting point. for anything else, I can start from 'man qmail', or reading the FAQ, INTERNALS, etc. reading the source code is still the last resort. -w-
Re: Mail abuse in syslog
Thus said Markus Stumpf on Fri, 12 Nov 1999 13:58:47 +0100: > On Fri, Nov 12, 1999 at 07:56:14AM -0500, Subba Rao wrote: > > How can my Qmail server relay to my ISP's mail server to avoid this > > problem? I tried to set the environment variable like MAILHOST and MAILUSER > > to point to my ISP account. It still doesn't work. > > create a file control/smtproutes containing > > :mail.your.isp > > > This will route eMail for all hosts/domains not listed in > control/locals > control/virtualdomains > to host > mail.your.isp Just out of curiousity... where are options like this documented? I have looked through a number of documents and never seen specifically addressed configurations such as what you mention here. Thanks - especially if I'm just blind. :) Andy -- +== Andy == TiK: garbaglio ==+ |Linux is about freedom of choice| +== http://www.xmission.com/~bradipo/ ===+
RTFM (was: Re: Mail abuse in syslog)
On Nov 13 1999, Andy Bradford wrote: > Just out of curiousity... where are options like this documented? I > have looked through a number of documents and never seen > specifically addressed configurations such as what you mention here. Well, the manpages document them all. > Thanks - especially if I'm just blind. :) I guess that you'll have to use your speech program for this e-mail. :-) []s, Roger... -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rogerio Brito - [EMAIL PROTECTED] - http://www.ime.usp.br/~rbrito/ Nectar homepage: http://www.linux.ime.usp.br/~rbrito/opeth/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Re: Mail abuse in syslog
Mark Evans <[EMAIL PROTECTED]> writes on 12 November 1999 at 16:22:40 + > Someone at mail-abuse.org came up with the idea of creating a list to enable > ISP's to "blacklist" their pools of dialups. Um, no. ISPs aren't expected to report this themselves. And the idea came about because they noticed more and more spam coming from dial-up IPs. And at least on my system, it blocks far more spam than anything else I use, AND blocks far fewer legitemate connections than RBL or ORBS have. (Wow; just looked at the most recent stats, and for this period I'm wrong; RSS blocked 75, DUL blocked 53, and RBL blocked 8. I check them in that order.) -- David Dyer-Bennet / Join the 20th century before it's too late! / [EMAIL PROTECTED] http://dd-b.lighthunters.net/ (photos) Minicon: http://www.mnstf.org/minicon http://www.dd-b.net/dd-b (sf) http://ouroboros.demesne.com/ Ouroboros Bookworms
Re: Mail abuse in syslog
Mark Evans writes: > > Nov 11 22:43:51 starsys qmail: 942378231.489619 delivery 34: deferral: >Connected_to_189.9.90.12_but_greeting_failed./Remote_host_said:_553-See_http://mail-abuse.org/dul/>/553-If_you_feel_we_mistreat_you,_do_contact_us./553_Ask_HELP_for_our_contact_information./ > IIRC somewhere in the docs there are instructions on how to hack qmail > to send through a specific relay machine. Yes, he should have ibm.net's SMTP server listed in control/smtproutes as the default entry. > Alternativly complain to your > ISP or change ISP's. It's not his ISP. His ISP (ibm.net) has no control over this. It's dialups are going to be listed in the DUL whether or not ibm.net cooperates. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | Government schools are so 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Re: Mail abuse in syslog
> > > Hello, > > I saw this in my syslog file. > > Nov 11 22:43:51 starsys qmail: 942378231.489619 delivery 34: deferral: >Connected_to_189.9.90.12_but_greeting_failed./Remote_host_said:_553-See_http://mail-abuse.org/dul/>/553-If_you_feel_we_mistreat_you,_do_contact_us./553_Ask_HELP_for_our_contact_information./ Someone at mail-abuse.org came up with the idea of creating a list to enable ISP's to "blacklist" their pools of dialups. Apparently they assumed that the "stuff it all to a smarthost" is the correct way to do SMTP email. Possibly because it's the only thing the likes of Netscape and IE can handle. Even though this approach isn't, AFAIK, even mentioned, let alone advised in any RFC. The actual RFC complient way is to do an MX DNS lookup and attempt to connect in the order of the preference field. Which the DUL will quite happily break. IIRC somewhere in the docs there are instructions on how to hack qmail to send through a specific relay machine. Alternativly complain to your ISP or change ISP's. -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
Re: Mail abuse in syslog
On 0, Markus Stumpf <[EMAIL PROTECTED]> wrote: > On Fri, Nov 12, 1999 at 07:56:14AM -0500, Subba Rao wrote: > > How can my Qmail server relay to my ISP's mail server to avoid this > > problem? I tried to set the environment variable like MAILHOST and MAILUSER > > to point to my ISP account. It still doesn't work. > > create a file control/smtproutes containing > > :mail.your.isp > > > This will route eMail for all hosts/domains not listed in > control/locals > control/virtualdomains > to host > mail.your.isp > > \Maex > Thank you for replying. I did this what you suggested. Deos the mail that is in the qmail use the smtproutes, to get delivered? The initial mail, I sent out is still in the mailq. How do I flush it out? Subba Rao [EMAIL PROTECTED] http://pws.prserv.net/truemax/
Re: Mail abuse in syslog
On Fri, Nov 12, 1999 at 07:56:14AM -0500, Subba Rao wrote: > How can my Qmail server relay to my ISP's mail server to avoid this > problem? I tried to set the environment variable like MAILHOST and MAILUSER > to point to my ISP account. It still doesn't work. create a file control/smtproutes containing :mail.your.isp This will route eMail for all hosts/domains not listed in control/locals control/virtualdomains to host mail.your.isp \Maex -- SpaceNet GmbH | http://www.Space.Net/ | Yeah, yo mama dresses Research & Development| mailto:[EMAIL PROTECTED] | you funny and you need Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| a mouse to delete files D-80807 Muenchen | Fax: +49 (89) 32356-299 |
Re: Mail abuse in syslog
On 0, Markus Stumpf <[EMAIL PROTECTED]> wrote: > On Thu, Nov 11, 1999 at 10:53:45PM -0500, Subba Rao wrote: > > Nov 11 22:43:51 starsys qmail: 942378231.489619 delivery 34: deferral: >Connected_to_189.9.90.12_but_greeting_failed./Remote_host_said:_553-See_http://mail-abuse.org/dul/>/553-If_you_feel_we_mistreat_you,_do_contact_us./553_Ask_HELP_for_our_contact_information./ > > > > Why am I getting this message? All the outbound/inbound mail is transfering fine. > > DUL (as you can read if you follow the above URL) is Dial-Up User List. It's > an RBL type service that hold lists of dial-in IP adresses. > Mailers participating in this initiative do not accept eMails from these > IP addresses as they are typically used by SPAMmers. > The IP address your mailer used/uses is in this list. > This only affects outbound messages and only to mail servers using the > DUL list. > > \Maex How can my Qmail server relay to my ISP's mail server to avoid this problem? I tried to set the environment variable like MAILHOST and MAILUSER to point to my ISP account. It still doesn't work. Subba Rao [EMAIL PROTECTED] http://pws.prserv.net/truemax/
Re: Mail abuse in syslog
On Thu, Nov 11, 1999 at 10:53:45PM -0500, Subba Rao wrote: > Nov 11 22:43:51 starsys qmail: 942378231.489619 delivery 34: deferral: >Connected_to_189.9.90.12_but_greeting_failed./Remote_host_said:_553-See_http://mail-abuse.org/dul/>/553-If_you_feel_we_mistreat_you,_do_contact_us./553_Ask_HELP_for_our_contact_information./ > > Why am I getting this message? All the outbound/inbound mail is transfering fine. DUL (as you can read if you follow the above URL) is Dial-Up User List. It's an RBL type service that hold lists of dial-in IP adresses. Mailers participating in this initiative do not accept eMails from these IP addresses as they are typically used by SPAMmers. The IP address your mailer used/uses is in this list. This only affects outbound messages and only to mail servers using the DUL list. \Maex -- SpaceNet GmbH | http://www.Space.Net/ | Yeah, yo mama dresses Research & Development| mailto:[EMAIL PROTECTED] | you funny and you need Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| a mouse to delete files D-80807 Muenchen | Fax: +49 (89) 32356-299 |
