Re: dynamic IP range and good RBL?
[EMAIL PROTECTED] wrote: >>"Ryan" == Ryan L Sun <[EMAIL PROTECTED]> writes: > > > Ryan> Does "dul.dnsbl.sorbs.net" list all the dynamic IPs? > Ryan> Or just the dynamic IPs which fall in spamtrap? > > It includes IP addresses that are not dynamic as well. It seems to > make unintelligent guesses as well Well, ALL RBLs list some IPs that don't fit their criteria. Mislistings are a fact of life for every RBL operator. In general I find the SORBS DUL quite accurate, unless your SA trust path is broken and SA winds up checking source IPs instead of only checking the delivering relay. (By default you WILL suffer from this problem if you have a NATed mailserver.) However, rather than theorizing about how SORBs DUL works, why not just read their FAQ: http://www.us.sorbs.net/faq/dul.shtml In theory, all dynamic IPs will be listed, and all static will be excluded. Reality is significantly less perfect than theory. However, the FAQ will also point you in the right direction for fixing errors. Large ISPs can get an ID to directly register information, end users can submit information via a web mail form for consideration by the SORBs operators.
Re: dynamic IP range and good RBL?
> "Ryan" == Ryan L Sun <[EMAIL PROTECTED]> writes: Ryan> Does "dul.dnsbl.sorbs.net" list all the dynamic IPs? Ryan> Or just the dynamic IPs which fall in spamtrap? It includes IP addresses that are not dynamic as well. It seems to make unintelligent guesses as well ==John ffitch
Re: dynamic IP range and good RBL?
list most of dynamic IPs not just the dynamic IPs sending spam. Ing. Alejandro Rodriguez Gerente Tecnico Cybercom Ryan L. Sun wrote: Does "dul.dnsbl.sorbs.net" list all the dynamic IPs? Or just the dynamic IPs which fall in spamtrap? Thanks. On 5/25/05, Ing. Alejandro Rodriguez <[EMAIL PROTECTED]> wrote: I have the same problem that you, with dsbl, record are keep over years, and the delist process is complex. So most of unskilled Net Admin never take care of this list. IMHO the dynamic IPs list is dul.dnsbl.sorbs.net In fact I'm rejecting mails at SMTP conection time using, sbl-xbl.spamhaus.org bl.spamcop.net dul.dnsbl.sorbs.net with this I'm rejecting 90% of the spam without a single complain. Ing. Alejandro Rodriguez Gerente Tecnico Cybercom Ryan L. Sun wrote: Hi, all I am using spamhaus sbl+xbl RBL and dsbl RBL. It seems they got too much false positive, especially dynamic IPs. Do you guys know how can I get all the dynamic IP range on internet, or is that possible? Any other RBL suggestion? False positive is critical to me. I can accept 40% catch ratio using a RBL with as low as possible false positive. Thanks. -Ryan
Re: dynamic IP range and good RBL?
Does "dul.dnsbl.sorbs.net" list all the dynamic IPs? Or just the dynamic IPs which fall in spamtrap? Thanks. On 5/25/05, Ing. Alejandro Rodriguez <[EMAIL PROTECTED]> wrote: > I have the same problem that you, with dsbl, record are keep over years, > and the delist process is complex. So most > of unskilled Net Admin never take care of this list. > IMHO the dynamic IPs list is dul.dnsbl.sorbs.net > In fact I'm rejecting mails at SMTP conection time using, > sbl-xbl.spamhaus.org > bl.spamcop.net > dul.dnsbl.sorbs.net > with this I'm rejecting 90% of the spam without a single complain. > > Ing. Alejandro Rodriguez > Gerente Tecnico > Cybercom > > > > Ryan L. Sun wrote: > > >Hi, all > > > >I am using spamhaus sbl+xbl RBL and dsbl RBL. It seems they got too > >much false positive, especially dynamic IPs. > >Do you guys know how can I get all the dynamic IP range on internet, > >or is that possible? > >Any other RBL suggestion? False positive is critical to me. I can > >accept 40% catch ratio using a RBL with as low as possible false > >positive. > > > >Thanks. > >-Ryan > > > > > > >
Re: dynamic IP range and good RBL?
Quoting "Ing. Alejandro Rodriguez" <[EMAIL PROTECTED]>: I have the same problem that you, with dsbl, record are keep over years, and the delist process is complex. So most of unskilled Net Admin never take care of this list. IMHO the dynamic IPs list is dul.dnsbl.sorbs.net In fact I'm rejecting mails at SMTP conection time using, sbl-xbl.spamhaus.org bl.spamcop.net dul.dnsbl.sorbs.net with this I'm rejecting 90% of the spam without a single complain. Well, you didn't recieve any complaints by email! LOL - the only people that would complain can't get to you. I've found that watching the body of the email for links or image URLs to RBL listed IPs is much more effective. Even someone listed in the RBL can send you can email, provided they don't have a link back to their website. This was critical as one of the companies we were dealing with had a user that worked from home behind a custom BSD firewall and mailserver. While his system was indeed secure and wasn't sending out spam (we both tested this), he was on a dynamic IP that managed to get listed on the spamhaus site - evidently some neighbor with a cable modem and Windows was sending out loads of SPAM. We turned off the header checks and eased up on sender-IP checks and focused on the message content, asking the question "What does a spammer need to send you to make a sale?" This means LINKS TO listed IPs, not mail FROM the IP. Add in not accepting viruses, html forms, or javascript. Don't block someone from sending you mail until they actually do something bad. Not all mail from an RBL listed site is spam. All mail with a LINK to an RBL listed site has been spam - 100%, no false positives. Everything else focused on spam-traps, honey-pot addresses, honey-pot email addresses, tar-pits, "multiple failed RCPT-TO" and other SMTP commands, and stuff like that for IPs that sent spam or sent mail to a specially listed honey-pot email addresses or honey-pot domain MX servers, or failed the other checks. Basically, you have to do something really bad like send an actual spam or try a long list of addresses to send to and have them all not exist, in order to get blacklisted, and then the blacklist doesn't do anything but tarpit (Linux netfilter rule can do this) your connections and eventually reject your mail until the blacklist times out. Automatic whitelisting rules helped keep out FPs too. Regular HELO/EHLO checks were considerably lax so that even poorly configured sales guys could get in from their WinXP laptops on some dial-up or dynamic DSL IP.
Re: dynamic IP range and good RBL?
"Ryan L. Sun" <[EMAIL PROTECTED]> wrote on 05/25/2005 01:33:19 PM: > Hi, all > > I am using spamhaus sbl+xbl RBL and dsbl RBL. It seems they got too > much false positive, especially dynamic IPs. > Do you guys know how can I get all the dynamic IP range on internet, > or is that possible? > Any other RBL suggestion? False positive is critical to me. I can > accept 40% catch ratio using a RBL with as low as possible false > positive. > > Thanks. > -Ryan Yeah, I tried the spamhaus sbl+xbl list a while back, it lasted one day, way too many FP's for me. Their sbl list is much, much better. Spamcop used to have a lot of FP's for me as well, not sure if it has gotten better or not. As for dynamic IP's, I use dul.dnsbl.sorbs.net, seems to be doing a very good job for me here. Overall I think I use about 6 different RBL lists. Andy
Re: dynamic IP range and good RBL?
I have the same problem that you, with dsbl, record are keep over years, and the delist process is complex. So most of unskilled Net Admin never take care of this list. IMHO the dynamic IPs list is dul.dnsbl.sorbs.net In fact I'm rejecting mails at SMTP conection time using, sbl-xbl.spamhaus.org bl.spamcop.net dul.dnsbl.sorbs.net with this I'm rejecting 90% of the spam without a single complain. Ing. Alejandro Rodriguez Gerente Tecnico Cybercom Ryan L. Sun wrote: Hi, all I am using spamhaus sbl+xbl RBL and dsbl RBL. It seems they got too much false positive, especially dynamic IPs. Do you guys know how can I get all the dynamic IP range on internet, or is that possible? Any other RBL suggestion? False positive is critical to me. I can accept 40% catch ratio using a RBL with as low as possible false positive. Thanks. -Ryan
