Re: How I killed spam without TMDA

To: debian-user@lists.debian.org
Subject: Re: How I killed spam without TMDA
From: Kirk Strauser <kirk@strauser.com>
Date: Tue, 13 Jul 2004 13:53:44 -0500
Message-id: <[🔎] 200407131353.50177.kirk@strauser.com>
In-reply-to: <[🔎] 40F4272F.1030109@dmiyu.org>
References: <[🔎] 200407131047.01522.kirk@strauser.com> <[🔎] 200407131300.56091.kirk@strauser.com> <[🔎] 40F4272F.1030109@dmiyu.org>

On Tuesday 2004-07-13 01:17 pm, Steve Lamb wrote:

> As well as legitimate mail.  :)

Very little.  Most of the filtering magic is via greylisting which has
proven to be remarkably effective.

> But that's only 1/2 the equation.  False positives are far more
> destructive than false negatives.  How many false positives do you get in
> any given day?

I don't have figures, but I've noticed no decrease in the amount of mail
I'm receiving every day.

> As for my comment about false positives, here's one for you. 
> Literally. Check your logs for this message I'm sending right to you (I
> normally trim out copies to the author) and see what it says.  :D

For the benefit of everyone on the list who isn't me:

    Jul 13 13:17:25 kanga postfix/smtpd[84603]: NOQUEUE: reject: RCPT from olethros.dmiyu.org[64.251.10.196]: 554 Service unavailable; Client host [64.251.10.196] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/SBL/sbl.lasso?query=SBL4091; from=<grey@dmiyu.org> to=<kirk@strauser.com> proto=ESMTP helo=<dmiyu.org>

Visiting that URL gives:

    64.251.0.0/19 is listed on the Register Of Known Spam Operations
    (ROKSO) database as being assigned to, under the control of, or
    providing service to a known professional spam operation run by
    Infolink / Prieur Leary III.

    [...]

    As this is a known professional spam operation, it is important that
    all service to the Infolink / Prieur Leary III spam operation be
    terminated before this listing can be removed from the SBL. There can
    be no functioning web site, mail or DNS server still serving the spam
    operation in 64.251.0.0/19.
 
    To have record SBL4091 (64.251.0.0/19) removed from the SBL, the
    Abuse/Security representative of ARIN (or the Internet Service Provider
    responsible for connectivity to 64.251.0.0/19) needs to contact the SBL
    Team to advise how the spam problem has been terminated.

I feel badly that your ISP has taken on a spammer as a paying customer,
and that it is causing problems for you and their other legitimate
customers, but it seems as though the blacklist is returning accurate
information.  I trust that you're not a spammer, but my mailserver has a
pretty good (and seemingly valid) reason to believe that mail originating
from your netblock is likely to be spam.  Have you screamed at your ISP
yet?
-- 
Kirk Strauser

Attachment: pgpoQhP1n4Kxe.pgp
Description: signature

Reply to:

Follow-Ups:
- Re: How I killed spam without TMDA
  - From: Steve Lamb <grey@dmiyu.org>

References:
- How I killed spam without TMDA
  - From: Kirk Strauser <kirk@strauser.com>
- Re: How I killed spam without TMDA
  - From: Kirk Strauser <kirk@strauser.com>
- Re: How I killed spam without TMDA
  - From: Steve Lamb <grey@dmiyu.org>

Prev by Date: Re: 2.6.7 questions
Next by Date: Re: Where are CUPS Brother drivers?
Previous by thread: Re: How I killed spam without TMDA
Next by thread: Re: How I killed spam without TMDA
Index(es):
- Date
- Thread