Re: blacklists

To: debian-isp@lists.debian.org
Cc: daniele becchi <520053087607-0001@t-online.de>
Subject: Re: blacklists
From: Russell Coker <russell@coker.com.au>
Date: Wed, 8 Dec 2004 23:56:39 +1100
Message-id: <[🔎] 200412082356.42755.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 41B6CA15.5010406@timenet.it>
References: <[🔎] 415112373.20041205105403@onee.sk> <[🔎] 5CD04D4E3AEB909C992DF581@d216-220-25-60.dynip.modwest.com> <[🔎] 41B6CA15.5010406@timenet.it>

On Wednesday 08 December 2004 20:32, daniele becchi 
<520053087607-0001@t-online.de> wrote:
> > Odd, since we don't see this.  And when it does happen to 'big' mail
> > senders it's never AOL for one (they're on the whitelist).  And it's
> > totally automatic so if they do end up on it's usually for less than a
> > day.
>
> And how to deal with legitimate email sent via webmail (eg. yahoo) where
> the IP of the sender is inside a RBL, typicall for dsl or dialup
> ip-classes? This is part of the headers from a mail i received:

Yahoo server IP address space should not be in a dialup class.  If that 
happens then notify the person maintaining the dialup-list that you use that 
they have an inaccuracy.

>  Mon, 29 Nov 2004 19:12:38 +0100 (CET)
> Received: from web60309.mail.yahoo.com (web60309.mail.yahoo.com
> [216.109.118.120]) by -snip- (Postfix) with SMTP id 474D8249E74
>  for <snip>; Mon, 29 Nov 2004 19:12:38 +0100 (CET)
> Received: (qmail 47653 invoked by uid 60001); 29 Nov 2004 18:12:36 -0000
> Message-ID: <20041129181236.47651.qmail@web60309.mail.yahoo.com>
> Received: from [217.226.195.183] by web60309.mail.yahoo.com via HTTP; Mon,
> 29 Nov 2004 19:12:36 CET Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> X-Spam-Status: No, hits=4.2 tagged_above=0.0 required=4.5 tests=BAYES_50,
>  RCVD_IN_DSBL, RCVD_IN_NJABL, RCVD_IN_SORBS,
>  RCVD_IN_SORBS_HTTP, RCVD_IN_SORBS_SOCKS
>
> if i would have used rbl checks in postfix instead of spamassim i would
> never receive that mail, right?
> the tracked ip is of course 217.226.195.186 and not the yahoo ip
> 216.109.118.120.
> Or i didn't understand? :(

Most people use DNSBLs for the IP address that's the source of the port 25 
connection and don't use them on the addresses in the Received headers.  Such 
use won't have a problem with this.

Yahoo don't seem to police their TOS well so they tend to get on black-lists 
(among other things they don't even have a functional abuse address).  So if 
you want email from yahoo you probably have to white-list them anyway.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: blacklists
  - From: Philipp Kern <phil@philkern.de>

References:
- blacklists
  - From: Marek Podmaka <marki@onee.sk>
- Re: blacklists
  - From: Michael Loftis <mloftis@modwest.com>
- Re: blacklists
  - From: 520053087607-0001@t-online.de (daniele becchi)

Prev by Date: Re: a couple of postfix questions
Next by Date: Re: blacklists
Previous by thread: Re: blacklists
Next by thread: Re: blacklists
Index(es):
- Date
- Thread