> >>>> We removed sorbs. I don't think it's even open for debate at the
> >>>> current
> >>>> point.
> >>>> If places like hotmail mx's end up on the blacklist you *will*
> >>>> have
> >>>> upset
> >>>> customers.
> >>>
> >>> Yeah. It would be nice if there were a blacklist out there that took
> >>> the
> >>> best of all the others but refused to list things like hotmail for
> >>> those of
> >>> us who are in the situation of having users who expect connectivity
> >>> to
> >>> Hotmail and their ilk. Yes, it sucks, but this is what it is to have
> >>> paying
> >>> customers with friends who use MSN, etc, etc.
> >>>
> >>
> >> So, then, where should they draw that line? Let in hotmail, yahoo,
> >> aol, verizon, and earthlink
> >
> > yes. i don't think any administrator with paying customers to please
> > would
> > be happy if any of these were blacklisted.
>
> I think you're wrong. I think it depends upon the customer base.
Of course, that's why I've said over and over that for situations like ours
where a large customer base expects to be able to correspond with Hotmail
users, this situation is not tenable. If you are lucky enough to have a
group of users who are all that savvy and none of them care about hotmail,
then you're lucky, and I suspect, you are also rare.
> >> ... but who not to whitelist?
> >
> > the small guys. unfortunately, large ISPs like that have power in the
> > number
> > of users they have. in no way do I advocate defending that as a good
> > thing,
> > but the fact that this gives them an immense amount of power to do
> > whatever
> > they want regarding rfcs and whatnot remains a reality. smaller
> > services are
> > the only organizations who are going to actually be potentially moved
> > to
> > action by landing on one of these RBLs. when was the last time SORBS
> > managed
> > to change Hotmail's policies?
>
> Has SORBS ever really changed anyones policies? That's certainly not
> what I use RBL's for. I couldn't give a rats posterior about whether
> or not some spammer changes careers, or some mail server changes
> configurations, or some ISP changes their appropriate use policies.
It's too bad you have such a self-centered attitude about it. I like the
idea that people care enough to want to see the Internet change for the
better. If SORBS is making life hard for spammers and those who host them, I
want to support them as best I can. Until now, that meant taking the time to
explain to our users what the SORBS bounces meant and to have them go bug the
offending admins.
> >> And, what if
> >> half of your user/customer base does NOT want you to white list aol
> >> but
> >
> > c'mon, when was the last time someone's user base was emailing their
> > support
> > staff begging for aol to be blacklisted? beside, this is what per-user
> > settings for something like SA are for.
>
> If you're in a situation where users can have per-user settings. For
> example, that doesn't work here.
>
> Or, if that's how you're using your RBLs. People DO use rbls as block
> lists, and people do use SORBS as a block list. It's hard to have
> per-user settings for that.
That is rough. You might look into SQL-based SA per user settings. It's
very handy.
> >> does want you to whitelist hotmail ... while the other half of your
> >> base is exactly the opposite? It isn't a solvable problem, IMO.
> >> Everyone will want to draw the line differently, so there wont be an
> >> easy solution of that nature.
> >
> > But BLOCKING all mails from somewhere like Hotmail *IS* a decision that
> > someone has made which is not acceptable to we who support large user
> > bases.
>
> But it's not their job to cater to YOUR user base decisions. That's
> _your_ job.
>
>
> > So we have to make the opposite decision to only use those RBLs in SA
> > scoring. The baseline here is that you cannot outright ban whole large
> > services --
>
> Actually, yes, I can. And I have, for some periods of time (only, in
> my case, it was yahoo).
Sure, but who here in their right mind thinks that's a good idea? At least
those of us with a userbase that actually corresponds with users on yahoo,
aol, hotmail... since you apparently live in the world the rest of us
fantasize about.
> And SORBS can.
>
> And, really, you can too, you just choose not to. But even if you
> remove that from the argument, the point is, it's not the RBL's job to
> cater to your policies. And if they were to try to cater to everyones
> policies, they would be so conflicting that it would be pointless.
> Which was my point for the above quoted sections.
>
>
> >> And, it's not just that I don't think the RBL can do it, I don't think
> >> that kind of thing is the job of the RBL. I think that kind of thing
> >> is your job (or, in my case, it's my job).
> >
> > What's our job? Banning all of Hotmail?
>
> No. Your job is to tailor the tools you use so that they fit your
> organization.
>
> SORBS job is to provide a list of sites that fit a particular behavior.
>
> If you want there to be exceptions to that list, then it is YOUR job to
> make those exceptions, not theirs.
Of course. Didn't you read the part of my post that started all this? I
mused about a new RBL that did all the wonderful things that SORBS did
without banning services like Hotmail. That's a specific need that an RBL
could cater to if they thought there was a need. I was putting the need out
there. I was NOT expecting/asking SORBS to change, as nice as that would be
from my perspective. Why are you so pissed off at ME for putting that out
there?
> > Our job is to avoid that - it's
> > obviously not workable at least for those in a position like the one
> > I've
> > described. So we have to stop using SORBS at the outset. And I'm
> > pretty sad
> > to do it, because so far it has been one of the best front-line
> > defenses
> > we've had. In general I think they are great, but this hotmail thing
> > is NOT
> > workable in our situation, and probably in many others
> >
> > Or are you saying I should sit around all day and monitor
> > ever-changing lists
> > of potential spammer IPs and manually adjust our MTA white/black lists?
> > That's not exactly realistic, so I'm not sure what you are suggesting
> > (I
> > think I am about to find out...)
>
> Do you not know what a cron job is? Here, re-read this next section
There is no need to be so insulting. Save it for the spammers.
> that you quoted ... it is performed by a script. I do no such manual
> thing. I get an email every few hours that tells me what happened, I
> scan it for references to networks that I am responsible for, and it
> tells me "yes, I removed all of those networks from our copy of the RBL
> zone". Then I put the zone into production on my own name servers, so
> that I never see those sites showing up as RBL'ed.
My point was that generally pulling apart RBL functionality and placing part
of the onus of managing it back on the admin's plate is not going to be
something that goes over well, even if you have a nifty script that works
with one RBL. Sorry you missed it.
> >> Here at UCSC, we use spamhaus (both SBL and XBL). In order to make
> >> sure my own users/customers don't get blacklisted, I have a cron job
> >> that:
> >>
> >> a) use rsync to get a local copy of the zones.
> >> b) grep the files to notify me if any of my own addresses are listed,
> >> so that I can follow up on why.
> >> c) grep -v the files to remove any of those addresses from the zone.
> >> d) takes the end result and puts it into a place where my name servers
> >> will pick it up.
>
> See. Automation at work. Computers are useful that way.
Yah let us know when you've scripted a way to brush your teeth too. I just
don't get this cron thing.
> >> (I'm also trying to get this for SURBL and RFC-Ignorant, but SURBL is
> >> taking some time, and RFC-I is unresponsive to my requests)
> >
> > Don't get me wrong, I am fully supportive of the people taking their
> > time to
> > run those services (where would we be without them), but their general
> > lack
> > of responsiveness seems strange -- no matter which service it is, I
> > always
> > hear people say things about how non-responsive they are. Is it that
> > they
> > can't manage to parse through the number of insulting inquiries they
> > get from
> > the legit ones? Are these people that overworked? Seems like being
> > more
> > responsive, even if to just tell spam-friendly ISPs to take a hike,
> > would
> > give them more credibility. SPEWS seems to be the most common target
> > of this
> > criticism, but I've heard it for SORBS, etc too
>
> Eh. It's the price you pay for using a free service. I don't mind
> slow responses ... I do get a little annoyed by _no_ response, but
> still ... I'm getting what I paid for.
Agreed. I can only wish them the best and hope that some day I can make some
spare time maybe to help them out in that dept. ;)
> >> Alternately, you could create a set of rules that counter-weights the
> >> spam assassin results for those RBL checks, if they happen to be IP
> >> addresses you need to hear from.
> >
> > I actually don't think it's much of a problem if such mails get tagged
> > as
> > spam. The user can then adjust their SA settings. The problem is
> > when the
> > mail can't get to the mailbox at all.
>
> Ah, you see, in my environment, there's no difference there. We do
> deliver all spam, but it seems that "users checking their spam folders"
> is almost unheard of around here.
Woa. This thread, from the start, has been about using SORBS as a RBL in the
MTA to *block mails*, NOT using it for SA scoring, which is where we will
continue to use it.
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
