Re: [swinog] e-mail blacklists / RBL etc..
ooops, forgot the link : relaydbp, sorry for typo. relaydb is part of openbsd. http://smagin.com/relaydbp -- Key fingerprint = C549 46E1 1B75 116E 3321 BC0A E502 9457 319E B340 RFC822: [EMAIL PROTECTED] || [EMAIL PROTECTED] << www.NetBSD.org -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] e-mail blacklists / RBL etc..
hi, i dislike public blacklists and prefer build personal one. there is an easy way to do it by storing mails identified as spam by a filter. then use relaydb[1] to extract suspicious relay (ip adresses), then simply filter the ip on incoming tcp:25 connections. as we are full master of the list, we don't depend on anyone to update the changes. we can also do blacklisting as well as whitelisting for smtp relay. regards. On Sun, Sep 28, 2003 at 02:02:28PM +0200, Roger Buchwalder wrote: > Hello Steven. > > > Steven Glogger wrote: > > >hi all > > > >as you've seen in the news, there are some guys DDoS'ing some e-mail > >blackslists. it seems that the spammers are trying to kill all those > >services. > >so in the last few days/weeks these services went down: > >- blackholes.compu.net > >- monkeys.com > >- osirusoft > >etc. > > > >i still use these services: > >http://ordb.org/ > >http://www.spamcop.net/bl/ > > > >what do you use additionally? good experiences? > we're using these Servers: > > http://www.into.ch/spam.php > > >i've seen also that abuse.easynet.nl is offering such a service, or > >dsbl.org. bl.reynolds.net.au? > You should not use xbl. this server will mark almost every e-mail. > > > > >greetings > > > >steven > > > >__ > > > >Steven Glogger > >Technical Manager / Software Development > > > >Altrax AGPhone +41 1 256 81 11 > >Zähringerstrasse 24 Fax +41 1 256 81 12 > >Postfach mailto: [EMAIL PROTECTED] > >8025 Zürich http://www.altrax.com > >__ > > > >-- > >[EMAIL PROTECTED] Maillist-Archive: > >http://www.mail-archive.com/swinog%40swinog.ch/ > >. > > > > -- > Für weitere Auskünfte stehen wir Ihnen gerne jederzeit zur Verfügung. > > Mit freundlichen Grüssen > Roger Buchwalder > > Internet Online AG > Adlikerstr. 290 > 8105 Regensdorf > Switzerland > [EMAIL PROTECTED] > tel +41 1 871 40 70 > fax +41 1 871 40 80 > > . > > -- > [EMAIL PROTECTED] Maillist-Archive: > http://www.mail-archive.com/swinog%40swinog.ch/ -- Key fingerprint = C549 46E1 1B75 116E 3321 BC0A E502 9457 319E B340 RFC822: [EMAIL PROTECTED] || [EMAIL PROTECTED] << www.NetBSD.org -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] e-mail blacklists / RBL etc..
Hello Steven. Steven Glogger wrote: hi all as you've seen in the news, there are some guys DDoS'ing some e-mail blackslists. it seems that the spammers are trying to kill all those services. so in the last few days/weeks these services went down: - blackholes.compu.net - monkeys.com - osirusoft etc. i still use these services: http://ordb.org/ http://www.spamcop.net/bl/ what do you use additionally? good experiences? we're using these Servers: http://www.into.ch/spam.php i've seen also that abuse.easynet.nl is offering such a service, or dsbl.org. bl.reynolds.net.au? You should not use xbl. this server will mark almost every e-mail. greetings steven __ Steven Glogger Technical Manager / Software Development Altrax AG Phone +41 1 256 81 11 Zähringerstrasse 24 Fax +41 1 256 81 12 Postfachmailto: [EMAIL PROTECTED] 8025 Zürich http://www.altrax.com __ -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/ . -- Für weitere Auskünfte stehen wir Ihnen gerne jederzeit zur Verfügung. Mit freundlichen Grüssen Roger Buchwalder Internet Online AG Adlikerstr. 290 8105 Regensdorf Switzerland [EMAIL PROTECTED] tel +41 1 871 40 70 fax +41 1 871 40 80 . -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] e-mail blacklists / RBL etc..
On Thu, Sep 25, 2003 at 12:36:40 +0200, Lukas Beeler wrote: > * Steven Glogger <[EMAIL PROTECTED]>: > > what do you use additionally? good experiences? > > I do not use any DNS-based IP Blacklists, because i think they do > more harm, then they help. IMHO, it depends on what amount of UCE you get... my estimate is that our MTA get's about 50-70% of it. To get a some stats and on how easynet.nl filters it's mail go to: http://abuse.easynet.nl/spamstats.html # easynet.nl spamlists (access.db, only addresses and domains) # dynablock.easynet.nl dynamic/residential IP DNSBL (dynamic/residential cable/dsl IP ranges - these should use their ISP's smtp gateway) # proxies.blackholes.easynet.nl open proxy DNSBL (IPs of open proxy servers) # dnsbl.njabl.org Njabl's Open Proxy Database (127.0.0.9) (IPs of open proxy servers) # opm.blitzed.org Blitzed's Open Proxy Database (IPs of open proxy servers) # list.dsbl.org DSBL Insecure Server Database (IPs of various types of insecure servers) # dnsbl.njabl.org Njabl's Open Relay Database (127.0.0.2) (IPs of open mail relays) # relays.ordb.org ORDB Open Relay Database (IPs of open mail relays) # blackholes.easynet.nl easynet.nl DNSBL (IPs of persistent spammers, open relay scanners & abusers, spamvertized websites) # sbl.spamhaus.org Spamhaus DNSBL (IPs of registered and proven spam operations) # zombie.dnsbl.sorbs.net SORBS Zombie DNSBL (IPs of hijacked (zombified) netspace) > Have you ever considered using a Content-Filter like spamassassin > (rules based, bayesian optional), or bogofilter (bayesian only)? > They need much more resources than a single DNS Lookup, though. Content filter is IMHO quite a waste of cpu cycles... To get bypass filtering you can simply encode your text with some magic ISO encoding, doing nasty html tricks or simply write the V of thoses funny pills with \/ Bayesian filtering is already dead - as spammers send mails to confuse the filter, and sadly they are quite successful with it. As a sidenote, AOL is blocking _ALL_ dial-up and dynamic IP-ranges... - I guess somebody noted there that most of the UCE originates from such connections. > However, they tend to cause much less problems, because mail > never bounces, and just goes to spam folder. (Iam aware that you > can do the same with DNS Blacklists, however thats not an usual > configuration). RBLs are a tool, how you use it is up to you, you can reject or tag mail based on the information of an RBL, but don't blame RBLs on the way the get used. IMHO, is somebody is listed in a serious RBL than he most definitly deserved it. if you take a close look at you mail.log's you'll see that spammers are _very well_ organized, and thoses recent (and successfull) attacks on these RBLs show, that they have a large amount of hosts (zombies) at hand, from where they can flood a single point in the network or sending their UCE - ignoring that is IMHO quite foolish. regards Philipp -- _;\_Philipp Morger / PHM2-RIPE System & Network Administrator /_. \ Dolphins Network Systems AGPhone +41-1-847'45'45 |/ -\ .) Email: <[EMAIL PROTECTED]> -'^`- \; Don't send mail to:[EMAIL PROTECTED] -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
Re: [swinog] e-mail blacklists / RBL etc..
* Steven Glogger <[EMAIL PROTECTED]>: > what do you use additionally? good experiences? I do not use any DNS-based IP Blacklists, because i think they do more harm, then they help. Have you ever considered using a Content-Filter like spamassassin (rules based, bayesian optional), or bogofilter (bayesian only)? They need much more resources than a single DNS Lookup, though. However, they tend to cause much less problems, because mail never bounces, and just goes to spam folder. (Iam aware that you can do the same with DNS Blacklists, however thats not an usual configuration). -- Today is the first day of the rest of our lives. http://www.suug.ch -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
[swinog] e-mail blacklists / RBL etc..
hi all as you've seen in the news, there are some guys DDoS'ing some e-mail blackslists. it seems that the spammers are trying to kill all those services. so in the last few days/weeks these services went down: - blackholes.compu.net - monkeys.com - osirusoft etc. i still use these services: http://ordb.org/ http://www.spamcop.net/bl/ what do you use additionally? good experiences? i've seen also that abuse.easynet.nl is offering such a service, or dsbl.org. bl.reynolds.net.au? greetings steven __ Steven Glogger Technical Manager / Software Development Altrax AG Phone +41 1 256 81 11 Zähringerstrasse 24 Fax +41 1 256 81 12 Postfachmailto: [EMAIL PROTECTED] 8025 Zürich http://www.altrax.com __ -- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/