OT: Spam blocking (was ctrl-c - Electric Bass and Callouses...]
Bill Campbell
bill at celestial.com
Sat Mar 4 12:46:41 PST 2006
On Sat, Mar 04, 2006, Fairlight wrote:
>Re-posted as permitted/requested. And maybe Bill Campbell can do something
>about this--I note that it never got as far as Mailman, so it's at the MTA
>level, obviously.
If anybody on the list has problems with blocking, and can't figure out
why, any mail to postmaster at celestial.com is accepted by our systems before
*ANY* spam checks are done. I can then see the IP address of the
connecting MTA (Mail Transport Agent) which is very helpful.
Checking the mail logs on the machine that handles mail for
lists.celestial.com and lists.seaslug.org, I don't see any rejected
messages from ddltd.com. This machine uses a fairly conservative set if
DNSRBLs, primarily from spamhaus.org. There is one local DNSRBL we use on
this list, one that lists IP addresses of systems that have been used
either to probe systems here and at our customer sites for security
vulnerabilities, or have been used in attempts to spam the mailing lists we
maintain. I manually enter the IP addresses of the spammers.
Mail sent to filepro-list at celestial.com goes through an MX forwarder on its
way to the lists.celestial.com system, and that machine is far more
draconian in its anti-spam filters, using a DNSRBL that's largely populated
with IP addresses of systems that have sent mail to rather ancient
subdomains of celestial.com that were used only for dialup uucp
connections. When messages are rejected from this DNSRBL, the reject
should include a URL that will show the message(s) that caused the
automatic block. The two direcpc.com mail systems that are currently on
this list are 66.82.4.105 and 66.82.4.90. Correction, I just checked, and
66.82.4.91 was added to this list yesterday.
http://www.celestial.com/WebTools/rblcelestialnet_form?ipaddr=66.82.4.90
http://www.celestial.com/WebTools/rblcelestialnet_form?ipaddr=66.82.4.91
http://www.celestial.com/WebTools/rblcelestialnet_form?ipaddr=66.82.4.105
I *DO NOT* notify the ISPs of blocks, simply because there are far too many
hits to these ancient spamtrap addresses every day, and the vast majority
of the IPs aren't the primary MTAs of responsible ISPs in any case (by
responsible, I mean ones that might actually respond to complaints).
I tried sending notifications for quite a while, but the time required was
simply ridiculous, and the number of responses miniscule.
We expire IP addresses 9 months after the last spam hits a spamtrap
address, and will remove them if an ISP requests it (actually I manually
set the last access time to an old enough date so that it's considered
expired, but the IP will be reactivated on arrival of new spam).
...
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
``Never do your enemy a minor injury.''
- Machiavelli
More information about the Filepro-list
mailing list