[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Spamassasin over RBL, was Re: rblsmtpd -t?

On Fri, May 03, 2002 at 03:11:39AM +1000, Jason Lim wrote:
> Okay, i think it comes down to personal preference. I saw the
> Spamassassin's "rule" list... someone typing in the word "AMAZING"
> gets 0.125 or something points, "FREE" gets how many points, etc. All
> it takes is for spammers to simply change their wording a bit (as they
> have in the past... like A.M.A.Z.I.N.G), and it defeats Spamassassin,
> whereas the RBLs are immune to such tampering.

you'd be surprised.  spammers are stupid.  and predictable. patterns i
came up with over 5 years ago STILL work to block a lot of spam.  e.g.
they still use "To: friend@public.com" even though anti-spammers have
been laughing at them (and blocking them) over that for years.

in any case, it doesn't *defeat* spamassassin, it just bypasses that
particular rule.  in all likelihood, any given spam will match several
rules...a trivial rule like "AMAZING" isn't even worth much - 0.125 out
of the default 5.0 required to flag as spam.

> > spamcop's automation sucks.  all it takes for a postmaster to get
> Yes, but here is the thing you did not mention. Spamcop does not
> automatically block an IP just because a few people complained. It
> takes into consideration the ENTIRE mail volume. So, using your
> example, if the mailing list sends out 50,000 emails per day, and some
> cretin is, as you said, too stupid to unsubscribe and submits to
> spamcop, then it would be 1-2 emails out of 50,000 tagged as spam.

don't believe everything you read on a company's web site.

how is spamcop going to know the volume when they don't have access to
the logs?  all they see are the complaints.

> > these aren't even the stupidest examples of spamcop's lameness.
> >
> > that's all it takes to get listed in their RBL too.
> I might also mention that it is not hard to get out of spamcop's
> lists, even if you are listed. Unless a site continually gets spam
> complaints, I think spamcop checks the RBL database ever 24... or was
> it every week...  and removes stale/old entries. Try to get off some
> of the OTHER RBLs...  they make you beg and plead for your innocence,
> and then most times they say "screw you spammer" and thats it.... you
> are left being blocked until kingdom come.

all of the RBLs i use have very simple methods for getting off.  close
the open relay and submit your server for retesting.  done.  no problem.
if it's no longer an open relay then it will be de-listed.

> > i've seen these and many other stupid complaints from spamcop over
> > the years.  i am so sick of getting bullshit reports from spamcop
> Well, I should *also* mention that you can have the complaints BLOCKED
> at the spamcop level. Thats right... you can have all that email to
> you redirected somewhere else. Spamcop uses "abuse.net" for their
> emailing, so if you put in the correct entries in abuse.net, then you
> can have the mail delivered to the relevent person. 

in most cases, i *am* the correct contact person for the domains/servers
concerned.  i am postmaster/abuse/hostmaster/root/etc @ those domains.
if there are any legitimate abuse complaints then they should come to

that's not the problem.

the problem is that spamcop will forward you complaints from
users based on nothing more than obviously forged Received or
From/To/Reply-To/Message-ID/etc lines mentioning your IP addresses or
domains - or your downstream customer's IP addresses or domains.

spamcop will forward you crap that has no discernible relevance to you
because their script saw something that it interpreted as referring to
your IP addresses or domains.  parsing received headers, for example, is
notoriously difficult because there is no standard for them and often
pointless because they're forged, but spamcop does it....the trouble is
that they do it badly.  spamassassin does a pretty good job of
recognising forged Received lines...so why can't spamcop?

like i said, their automation sucks...and since their entire service is
based around their automation, they suck.

> You could also chose to ignore the complaints, 

that's basically what i do.  it's not something i'd recommend as policy,
though....it smells far too much like "if you don't like spam then just
hit delete and ignore it".

> if you truely don't have spamming customers, and it will go away.

i don't have spamming customers.  i have had, over the years, a handful
of customers who cluelessly did stupid things like running open relays
or open proxy servers.  they were made to fix them.  as far as a i know,
i've *never* had a deliberate spammer as a customer...if i ever do then
they wont be a customer for long.

it doesn't go away.  i still get a handful of spamcop complaints every
month, all of them for things like users being too stupid to unsub from
a list they voluntarily subscribed to.

> No RBL is perfect, I'm only looking for "the better" RBL, and after
> looking around carefully, reading all the RBL's policies, and now from

if you want to find better RBL services then the only way to do it is to
actually compare each one against the others.

i wrote a script to do that last year.  it parses the mail logs and
checks every smtp client IP address against a configurable number of RBL
services.  then it prints a table displaying the results.

the script is specific to postfix's log file format, but it wouldn't be
too hard to convert it to read other log formats.

> So maybe the lack of complaints against Spamcop also verifies my view
> that Spamcop is better?

i suspect it's because system admins don't take spamcop seriously.  most
that i've spoken to have no respect or liking for spamcop.

spamcop is a service for idiot users who have no clue.


craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: