RE: zen.spamhaus.org
-Original Message- From: Martin Hepworth [mailto:max...@gmail.com] Sent: dinsdag 31 maart 2009 20:56 To: hlug090...@buzzhost.co.uk Cc: Rejaine Monteiro; Spamassassin list Subject: Re: zen.spamhaus.org When someone tells me 'their' list is much more aggressive than spamhaus, my first reaction is not: Oh, coolie, more to block! More like: Another one of those overly aggressive blocklists that in its rampant 'Off with their heads' policy just renders itself pretty much useless. So, indeed, thanks, but not no thanks. Just my experience, but the barracuda list performs pretty well here (we have just enough volume to be a paying subscriber to zen). I wouldn't call it more aggressive than zen necessarily. They both have an occasional FP, maybe slightly more from barracuda, but if your scoring is good that almost never presents an issue. Some of our clients outright block using both. I haven't had to deal with any complaints due to either one in a very long time. I've been reading up a bit on Barracuda et al, like: http://www.email-ethics.com/2009/01/emailregorg-project.html http://zacharyozer.blogspot.com/2008/10/worst-engineers-ever.html http://www.debian-administration.org/users/simonw/weblog/295 And now I'm even more convinced that I will not be using Barracuda. Sorry. - Mark
Re: zen.spamhaus.org
Mark wrote: I've been reading up a bit on Barracuda et al, like: http://www.email-ethics.com/2009/01/emailregorg-project.html http://zacharyozer.blogspot.com/2008/10/worst-engineers-ever.html http://www.debian-administration.org/users/simonw/weblog/295 And now I'm even more convinced that I will not be using Barracuda. Sorry. Mark, Regarding that earlier point about DNSBLs which claim to be more aggressive than SpamHaus... there are many IPs well deserving of being on a blacklist which are either missed by SpamHaus, or not caught very quickly by SpamHaus. Additionally, different DNSBLs use different techniques and, therefore, no one DNSBL can do even close to everything. However, it is true that *most* DNSBLs which claim to be low-FP lists (and which block much spam missed by SpamHaus) have more FPs than Zen--to varying degrees. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: zen.spamhaus.org
On 7-Apr-2009, at 13:30, Steve Bertrand wrote: ...apparently, not enough trouble: Yep, they were found out via DNS. It is Their whois data that is obfuscated Domain Name:EMAILREG.ORG Created On:12-Apr-2008 21:40:49 UTC Last Updated On:02-Apr-2009 18:45:33 UTC Expiration Date:12-Apr-2010 21:40:49 UTC Sponsoring Registrar:eNom, Inc. (R39-LROR) Status:CLIENT TRANSFER PROHIBITED Registrant ID:94adaac5a507a44d Registrant Name:Whois Agent Registrant Organization:Whois Privacy Protection Service, Inc. and there is nothing on the websites that gives any information on them being related. Either way, they've showed themselves to me to be little different than the spammer scum. I'd be seriously tempted to blacklist anyone stupid enough to use the barracuda RBL. -- Can I tell you the truth? I mean this isn't like TV news, is it?
Re: zen.spamhaus.org
LuKreme wrote: How about the 3rd post that exposes barracuda as a money-grubbing racketeering operation? Barracuda own and operate emailreg.org, although there is no mention of this on the emailreg.org site, and the whois data is obscured. Indeed the owners of emailreg.org have gone to a lot of trouble to hide who they are, which would be illegal for a UK operated website of this type. Stay away. Stay far away. I had no idea that emailreg.org was owned and operated by Barracuda. I thought they were two separate entities. (though I did have my suspicions about that relationship) But, as the post you mentioned said, emailreg.org resolves to 64.235.146.64 and arin.net shows that 64.235.146.64 is clearly in Barracuda's assigned address space. I'll tell you right now... this is BIG and EASY money. Very BIG and very EASY money. I suspect they are pulling in hundreds... maybe even thousands... of those $20 payments per day. If there is just 150 of these per business day, they've already cleared a million $$ per year. Maybe there aren't that many?...but I suspect that this number might be closer to a thousand per day, which would be into the tens of millions of dollars per year. (if I seem upset about this... read between the lines... and you might understand why) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: zen.spamhaus.org
On 7-Apr-2009, at 08:39, Rob McEwen wrote: Mark wrote: I've been reading up a bit on Barracuda et al, like: http://www.email-ethics.com/2009/01/emailregorg-project.html http://zacharyozer.blogspot.com/2008/10/worst-engineers-ever.html http://www.debian-administration.org/users/simonw/weblog/295 And now I'm even more convinced that I will not be using Barracuda. Sorry. Regarding that earlier point about DNSBLs which claim to be more How about the 3rd post that exposes barracuda as a money-grubbing racketeering operation? Barracuda own and operate emailreg.org, although there is no mention of this on the emailreg.org site, and the whois data is obscured. Indeed the owners of emailreg.org have gone to a lot of trouble to hide who they are, which would be illegal for a UK operated website of this type. Stay away. Stay far away. -- There is a tragic flaw in our precious Constitution, and I don t know what can be done to fix it. This is it: Only nut cases want to be president.
Re: zen.spamhaus.org
Maybe you went over their acceptable use limit? 2009/3/31 Rejaine Monteiro reja...@bhz.jamef.com.br: Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem? -- Martin Hepworth Oxford, UK
Re: zen.spamhaus.org
On Tue, Mar 31, 2009 at 8:43 AM, Rejaine Monteiro reja...@bhz.jamef.com.br wrote: Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem? list.dsbl.org has been dead for about a year. You shouldn't be using it. Please see http://www.dsbl.org spamhaus will disable access if you exceed their volume limitations. Please see http://www.spamhaus.org/organization/dnsblusage.html Spamhaus lists are effective enough that it's probably worth buying a data feed. -- Noel Jones
Re: zen.spamhaus.org
Hi, thanks all for tips.. I wanted to say zen.spamhaus.org, only. I don't use list.dsbl.org a long time ago.. (wrong copy/paste) I'll see use limit thing.. Thanks ... On Tue, Mar 31, 2009 at 8:43 AM, Rejaine Monteiro reja...@bhz.jamef.com.br wrote: Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem? list.dsbl.org has been dead for about a year. You shouldn't be using it. Please see http://www.dsbl.org spamhaus will disable access if you exceed their volume limitations. Please see http://www.spamhaus.org/organization/dnsblusage.html Spamhaus lists are effective enough that it's probably worth buying a data feed. -- Noel Jones
Re: zen.spamhaus.org
Is there an easy way to tell how many times I'm querying their servers from Spamassassin? I doubt I'm any where near those numbers but it would be nice to know. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Tue, Mar 31, 2009 at 9:33 AM, Martin Hepworth max...@gmail.com wrote: Maybe you went over their acceptable use limit? 2009/3/31 Rejaine Monteiro reja...@bhz.jamef.com.br: Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem? -- Martin Hepworth Oxford, UK
Re: zen.spamhaus.org
Curtis LaMasters wrote: Is there an easy way to tell how many times I'm querying their servers from Spamassassin? I doubt I'm any where near those numbers but it would be nice to know. look for 'dnstop'. run it for a while -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2009 Hot Company Award, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
Re: zen.spamhaus.org
On Tue, 2009-03-31 at 15:33 +0100, Martin Hepworth wrote: Maybe you went over their acceptable use limit? 2009/3/31 Rejaine Monteiro reja...@bhz.jamef.com.br: Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem? That is possible - $pamhaus are all about the money and not much about the spam. IMHO they happily take back handers to overlook dodgy activity with 'favoured' hosts. Use the Barracuda list - it's pretty aggressive and makes $pamhaus look very lame indeed. In fact it laughs in their face. It came about when $pamhaus tried to blackmail owners of a well known appliance into paying for a feed. USE: b.barracudacentral.org. It's known as $pamhaus... Those court cases and trips around the world don't come for free and I have very little respect for them.
Re: zen.spamhaus.org
On Tue, March 31, 2009 20:17, Rik wrote: It's known as $pamhaus... Those court cases and trips around the world don't come for free and I have very little respect for them. #!/bin/sh USE=-war emerge bind change resolv.conf to nameserver 127.0.0.1 do you hate me ? :))) -- http://localhost/ 100% uptime and 100% mirrored :)
Re: zen.spamhaus.org
On Tue, Mar 31, 2009 at 11:17, Rik hlug090...@buzzhost.co.uk wrote: [drivel about Spamhaus snipped] Use the Barracuda list - it's pretty aggressive [...] USE: b.barracudacentral.org. What rate of false positives does it get? What is the basis of being listed? Does it have sub-lists to cover different listing criteria? What is the method for getting removed? Is there a mechanism for keeping local copies of the zone(s)?
Re: zen.spamhaus.org
On 31-Mar-2009, at 12:17, Rik wrote: On Tue, 2009-03-31 at 15:33 +0100, Martin Hepworth wrote: Maybe you went over their acceptable use limit? 2009/3/31 Rejaine Monteiro reja...@bhz.jamef.com.br: Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem? That is possible - $pamhaus are all about the money and not much about the spam. IMHO they happily take back handers to overlook dodgy activity with 'favoured' hosts. Erm, wtf are you talking about? Is this you just libeling spamhaus or do you have any evidence whatsoever of this? Use the Barracuda list - it's pretty aggressive and makes $pamhaus look very lame indeed. In fact it laughs in their face. It came about when $pamhaus tried to blackmail owners of a well known appliance into paying for a feed. USE: b.barracudacentral.org. Um.. spamhaus charges for feeds for certain connection levels or for commercial use. There is no blackmail. Provide evidence or STFU. -- ...gentlemen in England now a-bed Shall think themselves accursed the were not here,
Re: zen.spamhaus.org
2009/3/31 Rik hlug090...@buzzhost.co.uk: On Tue, 2009-03-31 at 15:33 +0100, Martin Hepworth wrote: Maybe you went over their acceptable use limit? 2009/3/31 Rejaine Monteiro reja...@bhz.jamef.com.br: Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem? That is possible - $pamhaus are all about the money and not much about the spam. IMHO they happily take back handers to overlook dodgy activity with 'favoured' hosts. Use the Barracuda list - it's pretty aggressive and makes $pamhaus look very lame indeed. In fact it laughs in their face. It came about when $pamhaus tried to blackmail owners of a well known appliance into paying for a feed. USE: b.barracudacentral.org. It's known as $pamhaus... Those court cases and trips around the world don't come for free and I have very little respect for them. Err no. spamhaus is great for low use. For high use they expect you to pay - see the TC's for use. Heck they gotta eat ya know. As for the barracuda rbl...well didn't add any value for me when I ran it for a couple of months. Scored spam with other tools and actually caught a few FP's which is kinda what i see in their pay for product at newplace of work. Basically not worth the bother IMHO -- Martin Hepworth Oxford, UK
Re: zen.spamhaus.org
Owww.. I'm out of discussion about spamhaus vs barracuda, because IMHO, spamhaus do a great free service.. And here, my problem had nothing to do with spamhaus or volume limitations, but just a internal problem in mailserver *Michael Scheidell, thank you for dnstop tip.. (tis very cool) (sorry my poor english) Martin Hepworth escreveu: 2009/3/31 Rik hlug090...@buzzhost.co.uk: On Tue, 2009-03-31 at 15:33 +0100, Martin Hepworth wrote: Maybe you went over their acceptable use limit? 2009/3/31 Rejaine Monteiro reja...@bhz.jamef.com.br: Hi The zen.spamhaus.org list.dsbl.org stops working here. Somebody noticed some problem? That is possible - $pamhaus are all about the money and not much about the spam. IMHO they happily take back handers to overlook dodgy activity with 'favoured' hosts. Use the Barracuda list - it's pretty aggressive and makes $pamhaus look very lame indeed. In fact it laughs in their face. It came about when $pamhaus tried to blackmail owners of a well known appliance into paying for a feed. USE: b.barracudacentral.org. It's known as $pamhaus... Those court cases and trips around the world don't come for free and I have very little respect for them. Err no. spamhaus is great for low use. For high use they expect you to pay - see the TC's for use. Heck they gotta eat ya know. As for the barracuda rbl...well didn't add any value for me when I ran it for a couple of months. Scored spam with other tools and actually caught a few FP's which is kinda what i see in their pay for product at newplace of work. Basically not worth the bother IMHO
RE: zen.spamhaus.org
-Original Message- From: Martin Hepworth [mailto:max...@gmail.com] Sent: dinsdag 31 maart 2009 20:56 To: hlug090...@buzzhost.co.uk Cc: Rejaine Monteiro; Spamassassin list Subject: Re: zen.spamhaus.org Err no. spamhaus is great for low use. For high use they expect you to pay - see the TC's for use. Heck they gotta eat ya know. Yeah, how very unreasonable of them. :) Like with anything, if you want to make commercial use of (and off) it, just pay a fee. As for the barracuda rbl...well didn't add any value for me when I ran it for a couple of months. Scored spam with other tools and actually caught a few FP's which is kinda what i see in their pay for product at newplace of work. Basically not worth the bother IMHO When someone tells me 'their' list is much more aggressive than spamhaus, my first reaction is not: Oh, coolie, more to block! More like: Another one of those overly aggressive blocklists that in its rampant 'Off with their heads' policy just renders itself pretty much useless. So, indeed, thanks, but not no thanks. - Mark
Re: zen.spamhaus.org
On Tue, Mar 31, 2009 at 3:25 PM, Mark ad...@asarian-host.net wrote: -Original Message- From: Martin Hepworth [mailto:max...@gmail.com] Sent: dinsdag 31 maart 2009 20:56 To: hlug090...@buzzhost.co.uk Cc: Rejaine Monteiro; Spamassassin list Subject: Re: zen.spamhaus.org Err no. spamhaus is great for low use. For high use they expect you to pay - see the TC's for use. Heck they gotta eat ya know. Yeah, how very unreasonable of them. :) Like with anything, if you want to make commercial use of (and off) it, just pay a fee. As for the barracuda rbl...well didn't add any value for me when I ran it for a couple of months. Scored spam with other tools and actually caught a few FP's which is kinda what i see in their pay for product at newplace of work. Basically not worth the bother IMHO When someone tells me 'their' list is much more aggressive than spamhaus, my first reaction is not: Oh, coolie, more to block! More like: Another one of those overly aggressive blocklists that in its rampant 'Off with their heads' policy just renders itself pretty much useless. So, indeed, thanks, but not no thanks. Just my experience, but the barracuda list performs pretty well here (we have just enough volume to be a paying subscriber to zen). I wouldn't call it more aggressive than zen necessarily. They both have an occasional FP, maybe slightly more from barracuda, but if your scoring is good that almost never presents an issue. Some of our clients outright block using both. I haven't had to deal with any complaints due to either one in a very long time.
Re: zen.spamhaus.org
When someone tells me 'their' list is much more aggressive than spamhaus, my first reaction is not: Oh, coolie, more to block! More like: Another one of those overly aggressive blocklists that in its rampant 'Off with their heads' policy just renders itself pretty much useless. So, indeed, thanks, but not no thanks. My list beats them all, and its way more aggressive then barracuda. Google for 'blocked.secnap.net' before being stupid enough to use it without knowing exactly the criteria for entry into that list. (but, if you use it, it will block 100% of all your spam.. And email) - Mark -- Michael Scheidell, CTO |SECNAP Network Security Finalist 2009 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
Re: zen.spamhaus.org
Search through the archives, there was a patch to add it to SA. Luix 2007/6/1, Martin Jürgens [EMAIL PROTECTED]: Hi, I am running Debian Etch, Exim4 and Spamassassin 3.1.7. Now I am trying to find out how to make Spamassassin use Spamhaus Zen. I am stuck. Could anyone please tell me what I have to add to my local.cf in order to use it? Thanks! Martin -- - GNU-GPL: May The Source Be With You... Linux Registered User #448382. When I grow up, I wanna be like Theo... -
Re: zen.spamhaus.org
Thanks, I will search for it. Am Freitag, den 01.06.2007, 10:50 -0300 schrieb Luis Hernán Otegui: Or, if you could, upgrade to SA 3.2, which includes it. Luix 2007/6/1, Martin Jürgens [EMAIL PROTECTED]: Hi, I am running Debian Etch, Exim4 and Spamassassin 3.1.7. Now I am trying to find out how to make Spamassassin use Spamhaus Zen. I am stuck. Could anyone please tell me what I have to add to my local.cf in order to use it? Thanks! Martin
Re: zen.spamhaus.org
On Jun 1, 2007, at 6:48 AM, Luis Hernán Otegui wrote: Search through the archives, there was a patch to add it to SA. Also note, do NOT use Zen to evaluate headers or anything in the body. Zen is ONLY for approving the server that contacted your server. See the notes on the Spamhaus.org web page.
Re: zen.spamhaus.org
Jerry Durand wrote: On Jun 1, 2007, at 6:48 AM, Luis Hernán Otegui wrote: Search through the archives, there was a patch to add it to SA. Also note, do NOT use Zen to evaluate headers or anything in the body. Unless of course you need to. ;-) http://wiki.apache.org/spamassassin/TrustedRelays Ken Zen is ONLY for approving the server that contacted your server. See the notes on the Spamhaus.org web page. -- Ken Anderson Pacific.Net
Re: zen.spamhaus.org
At 08:47 AM 6/1/2007, Ken A wrote: Jerry Durand wrote: On Jun 1, 2007, at 6:48 AM, Luis Hernán Otegui wrote: Search through the archives, there was a patch to add it to SA. Also note, do NOT use Zen to evaluate headers or anything in the body. Unless of course you need to. ;-) http://wiki.apache.org/spamassassin/TrustedRelays Ken Not sure how you'd use Zen for this, since it lists all dynamic addresses as bad. Internic tried this and was rejecting mailing lists based on submissions from people on dynamic addresses (like me) even though it was relayed through a trusted sender with AUTH. Now, if you want to use SBL-XBL, that's fine (I do). Normal users on dynamic addresses don't show up on those lists. -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: zen.spamhaus.org
Now, if you want to use SBL-XBL, that's fine (I do). Normal users on dynamic addresses don't show up on those lists. I disagree. True for SBL, but not for XBL. Consider that there are MANY situations where a small-to-large office will all share an IP to the outside world. Maybe we are talking about 10 computers... maybe 100... maybe 1000+. All it takes is a single computer getting a zombie (and this wouldn't be all that rare... even if the I.T. guy was really good as his/her job!). Once one such computer gets a zombie... then that IP can easily get listed on XBL. Another common scenario is that the end user's computer's IP often gets placed somewhere in the header by the SMTP server that they use for sending their legit e-mail. I think that this happens more often than not. So here you have a fairly common situation where MANY outgoing non spam legit e-mails have an XBL-listed IP somewhere in the header, but with the actual sending mail server is NOT listed on any spam blacklists because it simply doesn't send spam. Suppose also that this expoited computer is not yet spotted and persists for weeks. In such a scenario, if ALL spam filters ONLY checked the actual sending server's IP, then ALL of the spam sent from this exploited computer would easily be caught... and ALL of the legit messages sent by that legit e-mail server from users in this office would NOT be mistakenly blocked... ...a perfect world... ...but checking against OTHER IP addresses in the header messes this all up. Rob McEwen PowerView Systems [EMAIL PROTECTED]
Re: zen.spamhaus.org
On Jun 1, 2007, at 9:48 AM, Ken A wrote: see http://www.spamhaus.org/zen/ Quote from that page: Do not use ZEN in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers.
Re: zen.spamhaus.org
On Jun 1, 2007, at 10:03 AM, Rob McEwen wrote: Now, if you want to use SBL-XBL, that's fine (I do). Normal users on dynamic addresses don't show up on those lists. I disagree. True for SBL, but not for XBL. Consider that there are MANY situations where a small-to-large office will all share an IP to the outside world. Maybe we are talking about 10 computers... maybe 100... maybe 1000+. All it takes is a single computer getting a zombie (and this wouldn't be all that rare... even if the I.T. guy was really good as his/her job!). Once one such computer gets a zombie... then that IP can easily get listed on XBL. But, that would be an address like the server I'm sitting at now, 192.168.0.13, are you going to blacklist EVERY person using 192.168.0.13 on an internal network? Look at the headers from another of my messages, it went through several hops before apache.org ever saw it, and I send it directly from the server. Apache.org SHOULD be using zen or something like it to verify the server talking to it, but how would Zen identify my computer on a subnet talking to my server which then goes through a NAT and then to verizon.net with SMTP AUTH and THEN to apache.org? Even if you go one server back from verizon.net, you'll find smpt.interstellar.com is on a dynamic address and is in the Zen list as such. Why is that a problem? Received: from [206.46.252.48] (HELO vms048pub.verizon.net) (206.46.252.48) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jun 2007 11:42:28 -0700 Received: from smtp.interstellar.com ([71.116.65.245]) by vms048.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id [EMAIL PROTECTED] for users@spamassassin.apache.org; Fri, 01 Jun 2007 13:41:48 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by smtp.interstellar.com (Postfix) with ESMTP id 4F70B3F06DF; Fri, 01 Jun 2007 11:41:47 -0700 (PDT) Received: from smtp.interstellar.com ([127.0.0.1]) by localhost (interstellar.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29L9yyuekAz6; Fri, 01 Jun 2007 11:41:46 -0700 (PDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by smtp.interstellar.com (Postfix) with ESMTP id 93A373F06D5; Fri, 01 Jun 2007 11:41:45 -0700 (PDT) Another common scenario is that the end user's computer's IP often gets placed somewhere in the header by the SMTP server that they use for sending their legit e-mail. I think that this happens more often than not. So here you have a fairly common situation where MANY outgoing non spam legit e-mails have an XBL-listed IP somewhere in the header, but with the actual sending mail server is NOT listed on any spam blacklists because it simply doesn't send spam. Exactly, so if you use Zen to scan the headers, you'll get false positives all over the place. Suppose also that this expoited computer is not yet spotted and persists for weeks. In such a scenario, if ALL spam filters ONLY checked the actual sending server's IP, then ALL of the spam sent from this exploited computer would easily be caught... and ALL of the legit messages sent by that legit e-mail server from users in this office would NOT be mistakenly blocked... Seems that before weeks went by, the top server (in our case verizon.net) would get blacklisted and they'd be talking to us pretty quickly. ...a perfect world... ...but checking against OTHER IP addresses in the header messes this all up. Right, so per the warning on the Zen web page, do NOT use Zen for scanning the headers or body of the mail. SBL-XBL is fine for that.
Re: zen.spamhaus.org
Jerry Durand wrote: On Jun 1, 2007, at 9:48 AM, Ken A wrote: see http://www.spamhaus.org/zen/ Quote from that page: Do not use ZEN in filters that do any ‘deep parsing’ of Received headers, or for other than checking IP addresses that hand off to your mailservers. That's assuming you aren't using it intelligently. SA checks all received headers via Zen to see if they are in the SBL. PBL and XBL are only checked against last external header, via Zen.
Re: zen.spamhaus.org
On Jun 1, 2007, at 11:54 AM, Richard Frovarp wrote: That's assuming you aren't using it intelligently. SA checks all received headers via Zen to see if they are in the SBL. PBL and XBL are only checked against last external header, via Zen. Ah, nobody mentioned that SA was only using a subset of Zen, I was talking about the people using Zen to scan ALL the headers and the body of the message. So, really, SA is just using the SBL subset of Zen to scan the headers. How about the body of the message?
Re: zen.spamhaus.org
Jerry, I think I'm in totally agreement with you, except when you said: SBL-XBL is fine for that. SBL is fine for checking all the headers... but, per my original message, I think that, like PBL, XBL will trigger too many FPs when checked against all IPs in the headers, not just the sending server IP. Sure, the percent of XBL FPs generated wouldn't be nearly as high as PBL, but still too high! Did you mean to say, SBL is fine for that. ?? Rob McEwen PowerView Systems [EMAIL PROTECTED]
Re: zen.spamhaus.org
At 12:05 PM 6/1/2007, Rob McEwen wrote: Did you mean to say, SBL is fine for that. ?? I was going by old info, my server's had a separate rule to use SBL-XBL for years, but since SA now uses pieces of Zen, I killed that rule. -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: zen.spamhaus.org
Jerry Durand wrote: On Jun 1, 2007, at 11:54 AM, Richard Frovarp wrote: That's assuming you aren't using it intelligently. SA checks all received headers via Zen to see if they are in the SBL. PBL and XBL are only checked against last external header, via Zen. Ah, nobody mentioned that SA was only using a subset of Zen, I was talking about the people using Zen to scan ALL the headers and the body of the message. So, really, SA is just using the SBL subset of Zen to scan the headers. How about the body of the message? Everything I know that uses zen, uses a subset of it. It's a composite list, so that is pretty much a given. That's why I send the link to zen and the link to the page on SA TrustedRelays, to show you a scenario where one could use ALL of zen on a received header, rather than just the connecting relay (in a case where the connecting relay is Trusted). The body of a message is looked at by uri parsers and uses things like surbl,uribl,uri country, etc to score based on uris found in message bodies. I wouldn't use any of zen for that, but it's possible to do. Problem is you lump any host on an IP with other hosts sharing that same ip. In virtual hosting environment, there can be hundreds of sites on a single IP, so FPs are common doing this - except perhaps with SBL. -- Ken Anderson Pacific.Net