Re: failure notice (about relays.osirusoft.com)

["Jason Lim" <maillist@jasonlim.com>]

>       I'm a sysadmin in a small ISP here in Argentina, and I'm not using
> osirusoft rbl, why? fibertel. What's that? A big cable-ISP (in .ar,
obviously)
> who gives BOTH dinamic and static IP address for their customers, the
> mails coming from the static one are (mostly) legit mails from real and
> well configured mail servers, OTOH the mails coming from dinamic
> addresses are (mostly) spam. The IPs are all (aparently) mixed so you
> can't blacklist the entire block, if I do (as osirusoft does) the
> tsunami of complaints goes directly to my boss, and guess who is the bad
> guy?
> Is the mixed IP addresses issue osirusoft blame? I don't think so.


You mean it is completely mixed (dynamic and static)? As in (for example
only) 222.111.222.111 could be dynamic, and 222.111.222.112 could be
static? That would actually be poor network planning... how on earth could
they administrate that? Oh well.. suppose they've found some way to do it.

>From what I've seen, most ISPs have their "personal" (dynamic)
dialups/adsl/broadband/whatever in a certain range (eg. 222.111.*.*), and
then their "business" (static IP) clients in a different range.

So IF an RBL cared about receiving legit email, they would take a quick
moment and only block the dynamic IP pool, rather than the whole ISP,
because as you said it is far less often that a static IP is used to send
spam (because it is much easier to track down the spammer and block
his/her IP).


> Another example: infomail.infovia.com.ar, it is listed as an open relay
> in ORDB.org (well done), but I had to manually whitelist in my access
> file because they are one of the "big guys" and don't bother to
> configure the mail servers right...


Well... hey... they should be listed then. It is also easy to get out of
ORDB (unlike Osirusoft)... just secure the mail server, and click on
"retest" on ordb.org's website. Then I think a test is automatically
performed in 24 or 48 hours... or something around that... and if the
server is now found to be secure, it is automatically removed from the
ordb.org RBL! No need to deal with abusive people or anything. We had a
client that was listed there, because right when he was
installing/upgrading his server, some US spammer found his server and used
it to send spam (the damn server was only up for like 6 hours, and already
a US spammer found it!). So we got an email... and by then the client had
already secured the server. So we went to the ORDB website, clicked
"retest", and about 3 days later all was good.

Thats the good thing about using lists that are clear and transparent...
usually have a way to get off the list directly from their webpage,
without needing to go into chatrooms, newsgroups, etc. and arguing with
abusive people.



> If, for example, AOL starts using osirusoft/orbl, they surely start
> worrying about that. Until that moment arrives I have to indirectly
> support them.

As far as I know, AOL and many of the big ISPs actually do run their own
mini internal RBL. They certainly aren't as far reaching as those of ordb,
osirusoft, spews, and others, but they do run mini-rbls. I think they run
them mainly to prevent against DoS attacks or rogue mail servers that
repeatedly bang against their servers. I've seen a Yahoo Mail server
reject mail because it was sending mails too fast.