Hi Adam,
>> Some time ago you posted that you were investigating the stats and
>> effectiveness of a few rules in your masschecks sandbox, and thought
>> I would see if you had made any progress, and found anything
>> helpful?
>
> Yeah, analysis (and writing it up) is time-consuming and I was putt
Hi,
> 29,148 messages : Host sending mail was in our local blocklist
> note below *
How many entries? Does it just keep growing? We have a local one too,
and every so often correlate it with the public RBLs so as to not
duplicate the check and overhead.
> 42,132
Hello R-Elists,
Am 2010-04-20 10:57:54, hacktest Du folgendes herunter:
> Netblock: 217.36.54.0/23 (217.36.54.0-217.36.55.255)
> Record Created: Sun Jul 30 06:12:48 2006 GMT
> Record Updated: Sun Jul 30 06:12:48 2006 GMT
> Additional Information: Dynamic/Generic IP/rDNS address, use your ISPs m
Only BT can request that delisting, sorry, but you are wasting your
time.
On Tue, 2010-04-20 at 14:40 +0100, Nigel Frankcom wrote:
> On 20 April 2010 14:13, corpus.defero wrote:
> > On Tue, 2010-04-20 at 14:04 +0100, Nigel Frankcom wrote:
> >> Hi All,
> >>
> >> Am I the only one incabale of figu
On Wed, April 21, 2010 12:05 am, Bret Miller wrote:
> On 4/20/2010 3:09 PM, Jack Knowlton wrote:
>> Hi all.
>> I noticed Spamhaus made available a new URIBL. I updated my SA package
>> (debian testing) to the latest version and I wanted to implement check
>> on
>> the DBL list too.
>> How do I conf
On 4/20/2010 3:09 PM, Jack Knowlton wrote:
Hi all.
I noticed Spamhaus made available a new URIBL. I updated my SA package
(debian testing) to the latest version and I wanted to implement check on
the DBL list too.
How do I configure spamassassin to do that?
Thanks,
-JK
Get SA 3.3.1. Run sa
Hi all.
I noticed Spamhaus made available a new URIBL. I updated my SA package
(debian testing) to the latest version and I wanted to implement check on
the DBL list too.
How do I configure spamassassin to do that?
Thanks,
-JK
From: "RW"
Sent: Tuesday, 2010/April/20 10:29
On Tue, 20 Apr 2010 18:17:10 +0100
Nigel Frankcom wrote:
My IP has full rDNS supplied by my ISP - please feel free to ping -a
217.36.54.209 and tell me what exactly is wrong wit that?
$ dig +short -x 217.36.54.20
host217-36-54-20.in-addr.btope
>
> At 10:18 20-04-10, LuKreme wrote:
> >I got a mail from Paypal, but it is not FROM paypal, but it
> appears to
> >have passed DKIM
>
> If it passed DKIM and it is signed by info.paypal.com, it's
> from Paypal.
>
> Regards,
> -sm
>
>
the biggest problem i ever saw was when paypal ema
On Tue, 20 Apr 2010 11:26:27 -0700, John Rudd wrote:
>Having full rDNS isn't the issue.
>
>What probably happened was something like this:
>
>1) your ISP reported their dynamic addresses to SORBS, or SORBS
>inferred them via various means.
>
>2) SORBS listed those addresses in DUL
>
>3) Your ISP
At 10:18 20-04-10, LuKreme wrote:
I got a mail from Paypal, but it is not FROM paypal, but it appears
to have passed DKIM
If it passed DKIM and it is signed by info.paypal.com, it's from Paypal.
Regards,
-sm
On Tue, 2010-04-20 at 11:34 -0700, R-Elists wrote:
>
> >
> > Having full rDNS isn't the issue.
> >
> > What probably happened was something like this:
> >
> > 1) your ISP reported their dynamic addresses to SORBS, or
> > SORBS inferred them via various means.
> >
> > 2) SORBS listed those add
>
> Having full rDNS isn't the issue.
>
> What probably happened was something like this:
>
> 1) your ISP reported their dynamic addresses to SORBS, or
> SORBS inferred them via various means.
>
> 2) SORBS listed those addresses in DUL
>
> 3) Your ISP ran low on static addresses, and alloc
On 20-Apr-2010, at 11:33, Kris Deugau wrote:
>
> Is it addressed to you personally, or "Dear user"?
I was addressed to me.
> Is it related to a transaction, or does it seem to be basically advertising,
> contentwise?
No, it was advertising copy about something or other (MOther's Day?)
--
''H
Having full rDNS isn't the issue.
What probably happened was something like this:
1) your ISP reported their dynamic addresses to SORBS, or SORBS
inferred them via various means.
2) SORBS listed those addresses in DUL
3) Your ISP ran low on static addresses, and allocated to you one of
the addr
>
> My IP has full rDNS supplied by my ISP - please feel free to ping -a
> 217.36.54.209 and tell me what exactly is wrong wit that?
>
yes, very nice... FCrDNS
point for you.
bottom line is you are preaching to the choir...
checking that ip at sorbs shows several blocks that are ok, and w
On tir 20 apr 2010 19:45:35 CEST, Nigel Frankcom wrote
Which of us is wrong?
reverse dns != ripe listning, its 2 diffrent things
sorbs dont care about static / dynamic / dhcp and friends in reverse
dns, its just still static pool on ripe, isp get there ip from ripe
net, thats it
confuse
Kris Deugau wrote:
I'd say it's *probably* legit.
Very probably.
Responsys IPs, with their customer clearly indicated in the PTRs
12.130.139.51 om-paypal-apac.rsys4.com.
12.130.139.52 om-paypal-eu1.rsys4.com.
12.130.139.53 om-paypal-na.rsys4.com.
12.130.139.54 om-paypal-eu2.rsys4.com.
I
On 20 April 2010 18:29, Benny Pedersen wrote:
> On tir 20 apr 2010 19:17:10 CEST, Nigel Frankcom wrote
>
>> My IP has full rDNS supplied by my ISP - please feel free to ping -a
>> 217.36.54.209 and tell me what exactly is wrong wit that?
>
> http://www.db.ripe.net/whois?form_type=simple&full_query
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/20/10 12:29 PM, RW wrote:
> On Tue, 20 Apr 2010 18:17:10 +0100
> Nigel Frankcom wrote:
>
>> My IP has full rDNS supplied by my ISP - please feel free to ping -a
>> 217.36.54.209 and tell me what exactly is wrong wit that?
>>
> $ dig +short -x 21
On tir 20 apr 2010 19:29:47 CEST, RW wrote
To get out of DUL lists you ideally want something like
mail.example.com or at very least the word static in the rdns.
blame isp assigning dul users in static pools
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
LuKreme wrote:
The email body is suspicious (to me) because the URLS are all encoded
(obfuscated is my word for that):
https://a248=2Ee=2Eakamai=2Enet/f/24=
8/47562/14d/ig=2Ersys4=2Enet/responsysimages/pplna/201004_US_MME/pp_mme_edi=
t/20100408_US_mme_spacer=2Egif=22 width=3D=2215=22 height=
On Tue, 20 Apr 2010 18:17:10 +0100
Nigel Frankcom wrote:
> My IP has full rDNS supplied by my ISP - please feel free to ping -a
> 217.36.54.209 and tell me what exactly is wrong wit that?
>
$ dig +short -x 217.36.54.20
host217-36-54-20.in-addr.btopenworld.com.
This is the kind of reverse dns th
On tir 20 apr 2010 19:17:10 CEST, Nigel Frankcom wrote
My IP has full rDNS supplied by my ISP - please feel free to ping -a
217.36.54.209 and tell me what exactly is wrong wit that?
http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=217.36.54.209&do_search=Search
seem
On 20 April 2010 18:07, Benny Pedersen wrote:
> On tir 20 apr 2010 18:56:37 CEST, John Hardin wrote
>>>
>>> not correct, hotmail gmail yahoo works without isp dependice, why care ?
>>
>> You're kidding, right, Benny?
>
> does it looks so ?
>
>> Why care that the ISP providing my IP addresses can't
My IP has full rDNS supplied by my ISP - please feel free to ping -a
217.36.54.209 and tell me what exactly is wrong wit that?
On 20 April 2010 16:08, Benny Pedersen wrote:
> On tir 20 apr 2010 15:04:53 CEST, Nigel Frankcom wrote
>
>> If anyone has any ideas - please let me know?
>
> if your isp
On tir 20 apr 2010 18:56:37 CEST, John Hardin wrote
not correct, hotmail gmail yahoo works without isp dependice, why care ?
You're kidding, right, Benny?
does it looks so ?
Why care that the ISP providing my IP addresses can't be bothered to
properly manage it?
manage what ?, dynamic ip
On Tue, 20 Apr 2010, Benny Pedersen wrote:
On tir 20 apr 2010 18:00:23 CEST, Bret Miller wrote
them as an organization. You need your email to be delivered reliably to
everyone on the internet and that's the only way it's going to happen.
not correct, hotmail gmail yahoo works without isp dep
On 4/20/2010 9:05 AM, Benny Pedersen wrote:
On tir 20 apr 2010 18:00:23 CEST, Bret Miller wrote
them as an organization. You need your email to be delivered reliably
to everyone on the internet and that's the only way it's going to
happen.
not correct, hotmail gmail yahoo works without isp de
On tir 20 apr 2010 18:00:23 CEST, Bret Miller wrote
them as an organization. You need your email to be delivered
reliably to everyone on the internet and that's the only way it's
going to happen.
not correct, hotmail gmail yahoo works without isp dependice, why care ?
--
xpoint http://www.u
On 4/20/2010 8:10 AM, John Rudd wrote:
Are you the ISP for the IP address, or the client/user?
According to SORBS, requests for removal from the DUHL should come
from the ISP that owns the IP space, not the end user that rents it.
See: http://www.au.sorbs.net/faq/dul.shtml
"End users (non ISP
Jari Fredriksson wrote:
> "90_2tld.cf has been replaced by the official rule file 20_aux_tlds.cf."
>
> I have this in my channels.txt that I use with sa-update.
>
> Is it enough to remove the channel, and the rule file disappears on next
> sa-update, or does the old remnant keep on ghosting on the
> if your isp give you dul ip, then you must use isp smtp servers as relay
This ins't necessarily true. I've had to deal with this ever time I've changed
hosts (to include Level 3 static IP assignments). Some ISP's just don't
publish their ranges as all static.
> not a fault of sorbs some isp
Are you the ISP for the IP address, or the client/user?
According to SORBS, requests for removal from the DUHL should come
from the ISP that owns the IP space, not the end user that rents it.
See: http://www.au.sorbs.net/faq/dul.shtml
"End users (non ISP staff): SORBS support staff may ask you
"90_2tld.cf has been replaced by the official rule file 20_aux_tlds.cf."
I have this in my channels.txt that I use with sa-update.
Is it enough to remove the channel, and the rule file disappears on next
sa-update, or does the old remnant keep on ghosting on the system forever?
--
http://www.i
On tir 20 apr 2010 15:04:53 CEST, Nigel Frankcom wrote
If anyone has any ideas - please let me know?
if your isp give you dul ip, then you must use isp smtp servers as relay
not a fault of sorbs some isp is badly informing users on howto
if you really want to use you ip as server make sure i
> Generally speaking, anything deemed worthwhile is added to SA proper
> (unless there's a licensing question). The exceptions come from
> automated rules (like Sought, MBL, SARE 2tld, and Khop-sc-neighbors),
90_2tld.cf has been replaced by the official rule file 20_aux_tlds.cf. From
the commen
We run some rules in Sendmail and Mimedefang that cause rejection
before Mimedefang would run the SpamAssassin library against the
messages.
In the order the rules get hit, rejection counts from yesterday:
29,148 messages : Host sending mail was in our local blocklist
On 20 April 2010 14:13, corpus.defero wrote:
> On Tue, 2010-04-20 at 14:04 +0100, Nigel Frankcom wrote:
>> Hi All,
>>
>> Am I the only one incabale of figuring out the SORBS interface?
>>
>> I'm told by various mailserver that sorbs is blocking me (including
>> this list hence mailing from my gmai
On Tue, 2010-04-20 at 14:04 +0100, Nigel Frankcom wrote:
> Hi All,
>
> Am I the only one incabale of figuring out the SORBS interface?
>
> I'm told by various mailserver that sorbs is blocking me (including
> this list hence mailing from my gmail account).
>
> When I log on to sorbs, give my det
Hi All,
Am I the only one incabale of figuring out the SORBS interface?
I'm told by various mailserver that sorbs is blocking me (including
this list hence mailing from my gmail account).
When I log on to sorbs, give my details I get a nice email back saying:
$Id: Act.pm,v 1.16 2006/11/27 03:36
On 2010-04-17 23:51, Alex wrote:
Somebody on this list wrote a parser to actually parse shorteners to
their obscured URLs.
That would sure be great. I hadn't seen that, but would like to know
more about it. Sounds like a better solution...
That'd be me. It's a plugin called URLRedirect and
On 2010-04-17 21:04, Alex wrote:
Maybe someone knows of a list of all the URL shorteners to be used in
a combo uri/meta rule?
I very much doubt that you'll find a list of *all* the URL shorteners.
New ones crops up all the time, and old ones disappears.
Marc Perkel posted about a DNS based
43 matches
Mail list logo