GrayHat wrote:
> Heh maybe your particular setup is different from mine; in my case
> I had no f/p from barracudacentral at all;
That's not a really valid argument imho. The bottleneck here would be
the mail-servers which *do* encounter false positives through it, and
then be checking those
Thanks GrayHat, useful info!
On 11/9/2009 5:20 PM, GrayHat wrote:
>> checked right now (just curious) and can confirm it;
>> while in many cases the cbl hits will also match hits
>> from zen (which means that the IP in in both) usually
>> IPs appears FIRST in cbl and, after a while in zen
>> so it
> checked right now (just curious) and can confirm it;
> while in many cases the cbl hits will also match hits
> from zen (which means that the IP in in both) usually
> IPs appears FIRST in cbl and, after a while in zen
> so it STILL makes sense using both lists :)
just in case, I grepped the logs
> I can only find rfcs that say the helo must
> contain a name that has an dns A record.
yes, A record MUST be resolved, missing
that the HELO may be considered invalid
--
Let Crystal Reports handle the reporting - Fr
> I got a "LOT" of false positives from barracudacentral (let it run for
> 2 days). I looked up the website and it looks like you may have to
> subscribe to it (kind of like Karmasphere was).
Heh maybe your particular setup is different from mine; in my case
I had no f/p from barracudacentral
On 9 Nov 2009 at 2:53, Scott Haneda wrote:
> On Nov 9, 2009, at 2:45 AM, Hisham Al Saad wrote:
> >
> > If I remove \.local$ from my invalidhelo.txt file, will this allow
> > them to
> > pass through ?
>
> Yes, and I also believe that .local is valid rfc for ehlo/helo.
I can only find rfcs tha
Grayhat wrote:
> also, my current DNSBL setup is the following
>
> zen.spamhaus.org=>1
> bb.barracudacentral.org=>1
I got a "LOT" of false positives from barracudacentral (let it run for 2
days). I looked up the website and it looks like you may have to
subscribe to it (kind of like Karmasphere
On 9 Nov 2009 at 13:45, Hisham Al Saad wrote:
> > I don't know why they are using a local address in a helo, but I
> > would either put the IP in 'noHelo' or put the helo into
> > 'heloBlacklistIgnore'.
> >
> > The helos you want blocked will stay blocked.
> >
>
> In this case we will have to
> Yes, and I also believe that .local is valid rfc for ehlo/helo. I
> would not run that one. That is too high risk, as you are seeing,
> unless you can weight it, in which case, by all means, run it with
> a low weight.
Heh... maybe it's valid for RFC but the ".local" TLD isn't
a valid one
>> not exactly; the abuseat contains some more
>> IPs which aren't into the spamhaus since the
>> latter (spamhaus) is more "conservative", so
>> I use the abuseat too but being "aggressive"
>> I use it at level 4
>
> Do you find entries on cbl that aren't on zen?
Didn't check lately, but in a no
On Nov 9, 2009, at 2:45 AM, Hisham Al Saad wrote:
>>
>> I don't know why they are using a local address in a helo, but I
>> would either put the IP in 'noHelo' or put the helo into
>> 'heloBlacklistIgnore'.
>>
>> The helos you want blocked will stay blocked.
>
> In this case we will have to wait u
> I don't know why they are using a local address in a helo, but I
> would either put the IP in 'noHelo' or put the helo into
> 'heloBlacklistIgnore'.
>
> The helos you want blocked will stay blocked.
>
In this case we will have to wait until they complain about it before we
know which address
> Grayhat,
> Where do you have the other settings in the DNSBL
> section like max replies, max hits, max time, socket
> timeout, etc.
Lemme "dump" the values...
validaterbl block
forcerblcache checked
addrblheaderchecked
rblmaxreplies 8
rblmaxhits 2
rblmaxweight50
rblmaxt
On 9 Nov 2009 at 11:22, GrayHat wrote:
> > duplication here?
>
> not exactly; the abuseat contains some more
> IPs which aren't into the spamhaus since the
> latter (spamhaus) is more "conservative", so
> I use the abuseat too but being "aggressive"
> I use it at level 4
Do you find entries on
On 9 Nov 2009 at 8:31, Hisham Al Saad wrote:
> Under my (Regular Expression to Invalidate Format of HELO*) file I have
> these settings.
>
> ^\d+\.\d+\.\d+\.\d+$
> ^[^\.]+\.?$
> \d{1,3}(\.|-|x)\d{1,3}(\.|-|x)\d{1,3}
> \.intra$
> \.local$
> \.lan$
> \.priv$
> \.private$
> \.localdomain$
> \.onli
> >> bb.barracudacentral.org=>1
>>
>> Do you have to pay for this? I heard that at some point they were
>> going to, or were charging for the data based on the analytics they
>> gather.
>
> I understand that bb.barracudacentral.org is freely available to all
> IP addresses, but the published b.bar
>> my current DNSBL setup is the following
>>
>> zen.spamhaus.org=>1
>> cbl.abuseat.org=>4
>
> duplication here?
not exactly; the abuseat contains some more
IPs which aren't into the spamhaus since the
latter (spamhaus) is more "conservative", so
I use the abuseat too but being "aggressive"
I
On 8 Nov 2009 at 19:55, Scott Haneda wrote:
> On Nov 8, 2009, at 9:53 AM, Grayhat wrote:
>
> > bb.barracudacentral.org=>1
>
> Do you have to pay for this? I heard that at some point they were
> going to, or were charging for the data based on the analytics they
> gather.
I understand that
18 matches
Mail list logo
