subject:"\[swinog\] e\-mail blacklists \/ RBL etc.."

Re: [swinog] e-mail blacklists / RBL etc..

2003-09-28 Thread julien mabillard

ooops, forgot the link :
relaydbp, sorry for typo. relaydb is part of openbsd.

http://smagin.com/relaydbp

-- 
Key fingerprint = C549 46E1 1B75 116E 3321  BC0A E502 9457 319E B340
RFC822: [EMAIL PROTECTED] || [EMAIL PROTECTED] << www.NetBSD.org
--
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

Re: [swinog] e-mail blacklists / RBL etc..

2003-09-28 Thread julien mabillard

hi,
i dislike public blacklists and prefer build
personal one.

there is an easy way to do it by storing mails identified
as spam by a filter. then use relaydb[1] to extract suspicious
relay (ip adresses), then simply filter the ip on incoming
tcp:25 connections.

as we are full master of the list, we don't depend on
anyone to update the changes.

we can also do blacklisting as well as whitelisting
for smtp relay.

regards.

On Sun, Sep 28, 2003 at 02:02:28PM +0200, Roger Buchwalder wrote:
> Hello Steven.
> 
> 
> Steven Glogger wrote:
> 
> >hi all
> >
> >as you've seen in the news, there are some guys DDoS'ing some e-mail
> >blackslists. it seems that the spammers are trying to kill all those
> >services.
> >so in the last few days/weeks these services went down:
> >- blackholes.compu.net
> >- monkeys.com
> >- osirusoft
> >etc.
> >
> >i still use these services:
> >http://ordb.org/
> >http://www.spamcop.net/bl/
> >
> >what do you use additionally? good experiences?
> we're using these Servers:
> 
> http://www.into.ch/spam.php
> 
> >i've seen also that abuse.easynet.nl is offering such a service, or
> >dsbl.org. bl.reynolds.net.au?
> You should not use xbl. this server will mark almost every e-mail.
> 
> >
> >greetings
> >
> >steven
> >
> >__
> >
> >Steven Glogger
> >Technical Manager / Software Development
> >
> >Altrax AGPhone   +41 1 256 81 11
> >Zähringerstrasse 24  Fax +41 1 256 81 12
> >Postfach mailto: [EMAIL PROTECTED]
> >8025 Zürich  http://www.altrax.com
> >__
> >
> >--
> >[EMAIL PROTECTED] Maillist-Archive:
> >http://www.mail-archive.com/swinog%40swinog.ch/
> >.
> >
> 
> -- 
> Für weitere Auskünfte stehen wir Ihnen gerne jederzeit zur Verfügung.
> 
> Mit freundlichen Grüssen
> Roger Buchwalder
> 
> Internet Online AG
> Adlikerstr. 290
> 8105 Regensdorf
> Switzerland
> [EMAIL PROTECTED]
> tel +41 1 871 40 70
> fax +41 1 871 40 80
> 
> .
> 
> --
> [EMAIL PROTECTED] Maillist-Archive:
> http://www.mail-archive.com/swinog%40swinog.ch/

-- 
Key fingerprint = C549 46E1 1B75 116E 3321  BC0A E502 9457 319E B340
RFC822: [EMAIL PROTECTED] || [EMAIL PROTECTED] << www.NetBSD.org
--
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

Re: [swinog] e-mail blacklists / RBL etc..

2003-09-28 Thread Roger Buchwalder

Hello Steven.

Steven Glogger wrote:

hi all

as you've seen in the news, there are some guys DDoS'ing some e-mail
blackslists. it seems that the spammers are trying to kill all those
services.
so in the last few days/weeks these services went down:
- blackholes.compu.net
- monkeys.com
- osirusoft
etc.
i still use these services:
http://ordb.org/
http://www.spamcop.net/bl/
what do you use additionally? good experiences?
we're using these Servers:

http://www.into.ch/spam.php

i've seen also that abuse.easynet.nl is offering such a service, or
dsbl.org. bl.reynolds.net.au?
You should not use xbl. this server will mark almost every e-mail.

greetings

steven

__

Steven Glogger
Technical Manager / Software Development
Altrax AG   Phone   +41 1 256 81 11
Zähringerstrasse 24 Fax +41 1 256 81 12
Postfachmailto: [EMAIL PROTECTED]
8025 Zürich http://www.altrax.com
__
--
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/
.
--
Für weitere Auskünfte stehen wir Ihnen gerne jederzeit zur Verfügung.
Mit freundlichen Grüssen
Roger Buchwalder
Internet Online AG
Adlikerstr. 290
8105 Regensdorf
Switzerland
[EMAIL PROTECTED]
tel +41 1 871 40 70
fax +41 1 871 40 80
.

--
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

Re: [swinog] e-mail blacklists / RBL etc..

2003-09-25 Thread Philipp Morger

On Thu, Sep 25, 2003 at 12:36:40 +0200, Lukas Beeler wrote:
> * Steven Glogger <[EMAIL PROTECTED]>:
> > what do you use additionally? good experiences?
> 
> I do not use any DNS-based IP Blacklists, because i think they do
> more harm, then they help. 
IMHO, it depends on what amount of UCE you get... my estimate is that our MTA get's 
about 50-70% of it.

To get a some stats and on how easynet.nl filters it's mail go to: 
http://abuse.easynet.nl/spamstats.html

# easynet.nl spamlists (access.db, only addresses and domains)
# dynablock.easynet.nl dynamic/residential IP DNSBL (dynamic/residential cable/dsl IP 
ranges - these should use their ISP's smtp gateway)
# proxies.blackholes.easynet.nl open proxy DNSBL (IPs of open proxy servers)
# dnsbl.njabl.org Njabl's Open Proxy Database (127.0.0.9) (IPs of open proxy servers)
# opm.blitzed.org Blitzed's Open Proxy Database (IPs of open proxy servers)
# list.dsbl.org DSBL Insecure Server Database (IPs of various types of insecure 
servers)
# dnsbl.njabl.org Njabl's Open Relay Database (127.0.0.2) (IPs of open mail relays)
# relays.ordb.org ORDB Open Relay Database (IPs of open mail relays)
# blackholes.easynet.nl easynet.nl DNSBL (IPs of persistent spammers, open relay 
scanners & abusers, spamvertized websites)
# sbl.spamhaus.org Spamhaus DNSBL (IPs of registered and proven spam operations)
# zombie.dnsbl.sorbs.net SORBS Zombie DNSBL (IPs of hijacked (zombified) netspace)

> Have you ever considered using a Content-Filter like spamassassin
> (rules based, bayesian optional), or bogofilter (bayesian only)?
> They need much more resources than a single DNS Lookup, though. 

Content filter is IMHO quite a waste of cpu cycles... 
To get bypass filtering you can simply encode your text with some magic ISO encoding, 
doing nasty html tricks or simply write the V of thoses funny pills with \/ 

Bayesian filtering is already dead - as spammers send mails to confuse the filter, and 
sadly they are quite successful with it.

As a sidenote, AOL is blocking _ALL_ dial-up and dynamic IP-ranges... - I guess 
somebody noted there
that most of the UCE originates from such connections.

> However, they tend to cause much less problems, because mail
> never bounces, and just goes to spam folder. (Iam aware that you
> can do the same with DNS Blacklists, however thats not an usual
> configuration).
RBLs are a tool, how you use it is up to you, you can reject or tag mail based on the 
information of an RBL, but don't blame RBLs on the way the get used.

IMHO, is somebody is listed in a serious RBL than he most definitly deserved it.

if you take a close look at you mail.log's you'll see that spammers are _very well_ 
organized, and thoses recent (and successfull) 
attacks on these RBLs show, that they have a large amount of hosts (zombies) at hand, 
from where they can flood a single point in the network
or sending their UCE - ignoring that is IMHO quite foolish.

regards
Philipp


-- 
 _;\_Philipp Morger / PHM2-RIPE System & Network Administrator 
/_.  \   Dolphins Network Systems AGPhone +41-1-847'45'45
   |/ -\ .)  Email: <[EMAIL PROTECTED]>
 -'^`-   \;  Don't send mail to:[EMAIL PROTECTED]
   
--
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

Re: [swinog] e-mail blacklists / RBL etc..

2003-09-25 Thread Lukas Beeler

* Steven Glogger <[EMAIL PROTECTED]>:
> what do you use additionally? good experiences?

I do not use any DNS-based IP Blacklists, because i think they do
more harm, then they help. 

Have you ever considered using a Content-Filter like spamassassin
(rules based, bayesian optional), or bogofilter (bayesian only)?
They need much more resources than a single DNS Lookup, though. 

However, they tend to cause much less problems, because mail
never bounces, and just goes to spam folder. (Iam aware that you
can do the same with DNS Blacklists, however thats not an usual
configuration).

-- 
Today is the first day of the rest of our lives.
http://www.suug.ch
--
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

[swinog] e-mail blacklists / RBL etc..

2003-09-25 Thread Steven Glogger

hi all

as you've seen in the news, there are some guys DDoS'ing some e-mail
blackslists. it seems that the spammers are trying to kill all those
services.
so in the last few days/weeks these services went down:
- blackholes.compu.net
- monkeys.com
- osirusoft
etc.

i still use these services:
http://ordb.org/
http://www.spamcop.net/bl/

what do you use additionally? good experiences?
i've seen also that abuse.easynet.nl is offering such a service, or
dsbl.org. bl.reynolds.net.au?

greetings

steven

__

Steven Glogger
Technical Manager / Software Development

Altrax AG   Phone   +41 1 256 81 11
Zähringerstrasse 24 Fax +41 1 256 81 12
Postfachmailto: [EMAIL PROTECTED]
8025 Zürich http://www.altrax.com
__

--
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/

Re: [swinog] e-mail blacklists / RBL etc..

Re: [swinog] e-mail blacklists / RBL etc..

Re: [swinog] e-mail blacklists / RBL etc..

Re: [swinog] e-mail blacklists / RBL etc..

Re: [swinog] e-mail blacklists / RBL etc..

[swinog] e-mail blacklists / RBL etc..

6 matches

Site Navigation

Mail list logo

Footer information