Subject: Re: OT: - help needed
To: None <>
From: Shannon <>
List: netbsd-users
Date: 01/29/2002 15:47:12
On Mon, Jan 28, 2002 at 06:39:00PM -0500, Greg A. Woods wrote:

> [ On Monday, January 28, 2002 at 01:01:44 (-0500), Shannon wrote: ]
> > Subject: Re: OT: - help needed
> >
> > I understand the process and how it shouldn't be possible for errors
> > to occur.  Please note I was talking about RBL and Orbz both.
> If you mean "RBL", as in "", then you're
> clearly talking about two totally unrelated and separate things as if
> they are somehow related.  They are not.  Please do not confuse them.

The thread was discussing both systems.  I did not say they were the
same at any point nor did anyone else.

> There is no magic algorithm that can relibably identify spam e-mail and
> not at the same time sometimes mistakenly identify the odd legitimate
> message as a spam message (thouh there are some surprisingly simple
[ snip, snip, snip ]

I seek 100% accuracy knowing I cannot get it. Using Orbz in the past
blocked an inordinate amount of email I needed to get. That's the only
reason I said that about accuracy. You've read far too much into this.

In fact, I use them currently with spamcop, and so far they are not
blocking systems that used to be blocked.  

> Sorry if your freinds choose to use known open relays.....  :-)

They don't choose. They use the only ISP available to them in most
cases. Same for me. If mine ran an open relay, about all I could do
would be report them and hope that convinced them to fix things.

> Perhaps though if you choose to block e-mail from any of your friends
> who use open SMTP relays then they can use this action as a lever to try
> to convince their own postmasters to recognise their mailer's
> vulnerabilities and to fix them.  

That's worked for the local ISPs pretty well.

The problem though is that some major sites still run open relays and
refuse to fix them. Many of them even claim that they cannot run without
them being open. A lot of this is due to them using some Windows server
software that is broken by design.

In any case, many end users really cannot do much about it. In such
situations I try to find a way to make their decision painful for them
if possible, or report them to someone who will embarrass them enough to
get something changed.

Public opinion right now is such that I believe public notice of open
relays might do some good. I think that is the approach Spamhaus is
using. Not sure if it's affective or not. They list AOL, Bell Atlantic,
and other major providers as still running open relays and refusing to
fix them.

> I also use lists of known spam sources, such as, to block
> SMTP connections, since as I mentioned I don't like spam e-mail very
> much, and my mail servers host domains that seem to be very highly
> targetted by spammers despite the relatively few mailboxes they host.

I sometimes get more SPAM to my little server now, than the ISP I worked
for got when I was there in 1996.

> However I white-list several networks and hosts, not only to prevent
> them from being accidentally blocked, but also to avoid having to look
> up their addresses in the DNS black lists I use.

I've got a combination of white lists, header analysis filters, and all
mailing lists are filtered out to subfolders after the spam checks.
The problem is the spammers are getting around it:

* rapidly changing accounts and header strings so filters out outdated
* they are often now sending spam directly from their machine from
  places that don't enforce anti-spam regulations
* the volume is increasing all the time
* mailing list spam is getting worse in some ways
* my system has it's own MX record, and some old list reflector
  and user accounts get spam regularly

Number 2 is the worst new one, because they can change where they
are coming from constantly, and since the spam goes directly to you,
some header filters and blacklists are inneffective.  

I'm really, really surprised that more spammers aren't going the direct
route. You can get by a lot of filters like that.

I got a spamcop account to see how well it works. Mail from my upstream
hosts is forwarded there, and I fetch mail from there instead to my
local LAN.

--  _________________________________________________
______________________/ armchairrocketscientistgraffitiexenstentialist
 "And in billows of might swell the Saxons before her,-- Unite, oh
 unite!  Or the billows burst o'er her!" -- Downfall of the Gael