Frankly I am in agreement with Billy Y. I myself have gotten black holed because someone on the same netblock sent a bunch of spam. Getting off the list was impossible because I did not control the netblock. It took over three months, and I have a fixed IP! Rather than disruptive RBLs, if we did deep packet inspection to find the forged HELO and other headers and dumped them we would be far ahead. While I don't run my own mail server, a friend who does says that a sendmail script finds all the forged headers and reports them as probable spam. He swears it is a default install so he doesn't know exactly what part of sendmail does the trick. Maybe someone with sendmail skills could see what is up with it and incorporate it into the rest of SpamBayes as an enhancement. If SpamBayes does it, then SpamAssassin will copy it fairly soon. Since some hosting services are starting to use SpamAssasssin on their servers this would be good for all. BTW, my hosting service uses SpamAssassin instead of SpamBayes because of speed and server load. He says that he ran tests and couldn't get the performance out of Python that he needs to make it work well. Perhaps making a fast, light CPU usage, runtime server version might be in order to investigate. Thanks, Allen sethg@GoodmanAssociates.com wrote: > On Wednesday, February 22, 2006 5:57 PM -0600, Bill Y wrote: > > > > From: "Seth Goodman" > > > > > > For the oddball dynamic IP from which you need to receive > > > messages, add them to a whitelist. > > > > Therein lies the problem; a dynamic IP can't be whitelisted by > > IP address, only by name. > > If they are operating a mailer on a dynamic IP, they will hopefully have > a domain name. It's an extra step, but you can configure your mailer to > do rDNS on the domain name to get the whitelist IP. Another possibility > is whitelisting by HELO name. > > > > > Some people hate DNSBL's because they or someone they know has at > > > one time or another been falsely listed (i.e. one of their own > > > users mistakenly reports them). Or perhaps they were listed for > > > cause and removed the spammer, but then had trouble getting > > > delisted fast enough to suit them or had to pay a fine. Despite > > > what some detractors would have you believe, a well-run MTA rarely > > > winds up on a DNSBL. > > > > BTDT. > > > > I *personally* have been blacklisted. I know exactly what was on the > > wire that month... NOTHING. I was across the country in Los Angeles > > doing a TV show for a month and a half and the hardware was powered > > down. Nothing was whistling into the DSLAM at all. > > > > The reason (when I finally got in touch with the RBL admin) - "you > > are in a netblock that's assigned to home/SOHO DSL". > > That's a policy decision for each DNSBL. Some DNSBL's only list dynamic > IP's and some other DNSBL's include those lists. Some DNSBL's list only > IP's that have recently sent spam while others list only open relays. > If using a DNSBL is part of your acceptance policy, it is very important > that you understand their listing and delisting criteria and be aware of > any other lists that they include. > > A lot of people don't want mail from dynamic IP's, which is why some > DNSBL's list them. Except for hobby systems, there are very few > legitimate mailers with dynamic IP's. With today's epidemic of trojaned > Windows machines, rejecting connections from dynamic IP's is probably > the single best anti-spam measure you can take. If you don't want to > reject mail from dynamic IP's, don't use a DNSBL that includes them. > > > > And this was a relatively *reputable* RBL, mind you, not one of those > > that once you are blacklisted (because someone didn't like you) you > > must contact them to be removed - except you must contact them from > > the blacklisted IP address -which- guess what- is blocked from > > delivering mail. > > > > Sorry, I hate dictatorships, and my personal experience has run to > > indicate that RBLs are self-appointed tinhats of the first water. > > Very few people like dictatorships, except for the dictators :) I > highly recommend that anyone who doesn't like DNSBL's for whatever > reason not use them. Your mailer, your rules. This is something that > reasonable people can disagree on. > > I will point out that a lot of systems use them with good results, which > is why they continue to exist. Some of them were run by people with an > axe to grind, and some probably still are. Others did a good job but > were sued or DDoS'd out of existence by bad guys. I think it is very > advisable for anyone who is considering to use a particular DNSBL to > look at their policies and see if you agree with them. > > > <...> > > > True. But a three-phase commit would separate the pipeliners from > > the more legitimate types. > > This would be a real improvement to SMTP, but it has a lot of inertia at > this point. > > -- > Seth Goodman > > _______________________________________________ > SpamBayes@python.org > http://mail.python.org/mailman/listinfo/spambayes > Check the FAQ before asking: http://spambayes.sf.net/faq.html > >