Re: Hostkarma White list Updated and Improved
Jon Trulson wrote: On Mon, 5 Oct 2009, Marc Perkel wrote: John Hardin wrote: On Mon, 5 Oct 2009, Marc Perkel wrote: Our white list is supposed to be a source of pure good email. So if spam comes for any of the white listed IPs then it's an error. Whose? Yours or theirs? Meaning: is a single spam reason for an IP to be dropped from the hostkarma whitelist? It depends on what kind of spam it is. If it is a virus generated spam - then yes. If it's a spam determined by message content - no. Sorry if I missed this in the thread, but how do you determine whether a spam originates from a bot-net vs. a 'lone wolf'? A combination of several factors including hitting my tarbaby server AND not using QUIT to close the connection AND some HELO sins. I'm catching near 100% of botnet spam.
Hostkarma White list Updated and Improved
In the last week I've put a lot of effort into improving the accuracy of my white lists. Especially for those of you who are critical of the accuracy of hostkarma white list I'd like you all to test it now and tell me how it works now. I have to admit that I have been less motivated in the past about getting the white list right than the black list because people complain a lot more about good email getting blocked than bad email getting through. Also looking for suggestions about how to make my white list bigger and better. One thing that is different about my white lists is that it is supposed to be only sites that send good email. Most other white lists are just for keeping IPs off of black lists. Our white list is supposed to be a source of pure good email. So if spam comes for any of the white listed IPs then it's an error. Sites like yahoo, gmail, hotmail, etc. would be on our yellow list because they send mixed spam/ham email.
Re: Hostkarma White list Updated and Improved
On Mon, 5 Oct 2009, Marc Perkel wrote: Our white list is supposed to be a source of pure good email. So if spam comes for any of the white listed IPs then it's an error. Whose? Yours or theirs? Meaning: is a single spam reason for an IP to be dropped from the hostkarma whitelist? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Vista is at best mildly annoying and at worst makes you want to rush to Redmond, Wash. and rip somebody's liver out. -- Forbes --- Approximately 9185280 firearms legally purchased in the U.S. this year
Re: Hostkarma White list Updated and Improved
John Hardin wrote: On Mon, 5 Oct 2009, Marc Perkel wrote: Our white list is supposed to be a source of pure good email. So if spam comes for any of the white listed IPs then it's an error. Whose? Yours or theirs? Meaning: is a single spam reason for an IP to be dropped from the hostkarma whitelist? It depends on what kind of spam it is. If it is a virus generated spam - then yes. If it's a spam determined by message content - no.
Re: Hostkarma White list Updated and Improved
On Mon, 5 Oct 2009, Marc Perkel wrote: John Hardin wrote: On Mon, 5 Oct 2009, Marc Perkel wrote: Our white list is supposed to be a source of pure good email. So if spam comes for any of the white listed IPs then it's an error. Whose? Yours or theirs? Meaning: is a single spam reason for an IP to be dropped from the hostkarma whitelist? It depends on what kind of spam it is. If it is a virus generated spam - then yes. If it's a spam determined by message content - no. Sorry if I missed this in the thread, but how do you determine whether a spam originates from a bot-net vs. a 'lone wolf'? -- I drank what? | Jon Trulson -Socrates | mailto:j...@radscan.com | A828 C19D A087 F20B DFED | 67C9 6F32 31AB E647 B345
Hostkarma white list
For those of you getting spam from IPs/Hostnames on my hostkarma white list, if you could email me a list of false hits (IP or host name) I could probable clean out the bad entries in the white list pretty quick.
Re: Hostkarma white list
Hi, For those of you getting spam from IPs/Hostnames on my hostkarma white list, if you could email me a list of false hits (IP or host name) I could probable clean out the bad entries in the white list pretty quick. I'm not sure this is the best approach. I have a procmail recipe that filters specifically the JMF_W and I go through it every day before training the folder as ham. I'd say around a quarter of the messages are spam. How many entries on the whitelist? How were they added? I'd almost rather start from scratch (or from a more proven list) with a percentage known to be valid and build from there. At the least, wouldn't it be best to move the default score closer to zero on your wiki page for the time being? Maybe another method for submitting FPs rather than emailing them to you could be created? Wouldn't the veracity of the list be better assured if you built the list from a pile of known ham? Mail originating from priorityoneemail.com [69.10.237.52] would be one prime suspect for removal consideration. On a somewhat related topic, how do people classify topica.com? That is one for sure sends junk, but looks like people may actually request it, heh. Thanks, Alex
Re: Hostkarma white list
Oops! Sorry, I didn't intend to send my previous message to the list. Nedry On 9/29/09 at 12:51 PM -0500 Larry Nedry wrote: On 9/29/09 at 7:41 AM -0700 Marc Perkel wrote: For those of you getting spam from IPs/Hostnames on my hostkarma white list, if you could email me a list of false hits (IP or host name) I could probable clean out the bad entries in the white list pretty quick. Here are my hostkarma white FPs for the month of September. I can go back further if you like. Nedry --- snipped --
Re: Hostkarma white list
On Tue, 29 Sep 2009, Larry Nedry wrote: On 9/29/09 at 7:41 AM -0700 Marc Perkel wrote: For those of you getting spam from IPs/Hostnames on my hostkarma white list, if you could email me a list of false hits (IP or host name) I could probable clean out the bad entries in the white list pretty quick. Here are my hostkarma white FPs for the month of September. I can go back further if you like. Nedry 12.51.239.149 {circa 80k snipped} Please don't send stuff like that to the list. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control laws cannot reduce violent crime, because gun control laws assume a violent criminal will obey the law. --- Approximately 8994840 firearms legally purchased in the U.S. this year
Re: Hostkarma white list
On ons 30 sep 2009 00:10:05 CEST, John Hardin wrote Please don't send stuff like that to the list. the list is still usefull in email, it can now be tested with uri rules, but yes never send big samples in public, this is what pastebins are for but we are all humans, and humans make error, only computers would make there time calc pi :) -- xpoint
Re: Hostkarma white list
On Tue, Sep 29, 2009 at 03:10:05PM -0700, John Hardin wrote: On Tue, 29 Sep 2009, Larry Nedry wrote: On 9/29/09 at 7:41 AM -0700 Marc Perkel wrote: For those of you getting spam from IPs/Hostnames on my hostkarma white list, if you could email me a list of false hits (IP or host name) I could probable clean out the bad entries in the white list pretty quick. Here are my hostkarma white FPs for the month of September. I can go back further if you like. Nedry 12.51.239.149 {circa 80k snipped} Please don't send stuff like that to the list. It's not like he intented to.. anyways, for some reason I though it was pretty funny, maybe for the wrong reasons. ;-)