SPAM: Trouble Connecting to Server Retry
Folks, My last got labeled SPAM; this removes (I think) the full IP addresses and links. (Side note--many of you are able to send these without getting tagged as spam. How are you doing this? I'm using Eudora and Thunderbird, and both are getting the SPAM labels.) Folks, I'm having trouble connecting to my Samba server, and at this point I think I'm having name resolution problems, rather than Samba problems. The immediate symptoms are that I cannot see my Samba server in my Windows Network Neighborhood. Addresses are 192.168 unless otherwise noted. I'm running SUSE 9.3 on the server, which is running Samba, a dhcp server (which seems to be running correctly--everyone gets an address when they ask for one), and a dns server. NIC .1.2 faces the Internet and gets there through a Linksys router/switch on .1.1. A Win2k PC sits on a .2.0 subnet; this subnet's NIC is set to .2.2 (the PC itself gets IP .2.9). A laptop dual bootable between SUSE 9.3 and WinXP sits on a .3.0 subnet; its NIC is set to .3.1 (the laptop gets .3.9). Both of these subnets must go through the .1.2 NIC to get to the Internet; all devices have easy access to the Internet. Both the XP laptop and the Win2k PC have the same symptoms, so I'll just talk about the PC. .3.0 ----.3.1--samba/dns/dhcp--.2.2---.2.9 | .1.2 | | Linksys .1.1 | Internet My /etc/hosts file on the SUSE has the following entries: .2.2 lserver01_test1_biz lserver01 lserver0 .1.2 sserver_test_biz sserver .3.1 lserver02_test1_biz lserver02 [in all cases, "." instead of "_"] IP Forwarding is turned on on the SUSE box, and ddns is enabled via the dhcp server (and is evidenced by the resolver cache on the PC). The Win2k's resolver cache has both forward lookup and reverse lookup files for sserver, sserver.test.biz, and the lserver0x and .test1.biz names. The PC's WINS is pointed at the .1.2, .2.2, and .3.1 NICs. I can ping all by hostname, as well as by FQDN; although it appeared that I could not ping sserver by hostname only until I added sserver and its FQDN to the PC's host file (which it reads as though it were an lmhosts file). I say "it appeared" because it looked like the forward and reverse look up files for sserver appeared in the PC's resolver cache before I made this addition, but I got too fast with a ping test and contaminated that datum. Just in case the Samba server is involved in this, I have the following entries in its smb.conf: netbios name = lserver0 workgroup = astra_ent [of which both the laptop and PC are members] interfaces = .2.0/24 .3.0/24 lo [I can't use eth1 and eth2 as SUSE 9.3 assigns the ethx to different NICs on different boot ups] name resolve order = wins bcast hosts Any advice would be greatly appreciated. Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
On Mon, 2006-01-02 at 14:03 -0600, Eric Hines wrote:
Folks,
My last got labeled SPAM; this removes (I think) the full IP addresses and links. (Side note--many of you are able to send these without getting tagged as spam. How are you doing this? I'm using Eudora and Thunderbird, and both are getting the SPAM labels.)
Are you trying to send them direct or through your ISP? If direct I can see why you might get labeled as spam. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
At 01/02/06 14:52, you wrote:
On Mon, 2006-01-02 at 14:03 -0600, Eric Hines wrote:
Folks,
My last got labeled SPAM; this removes (I think) the full IP addresses and links. (Side note--many of you are able to send these without getting tagged as spam. How are you doing this? I'm using Eudora and Thunderbird, and both are getting the SPAM labels.)
Are you trying to send them direct or through your ISP? If direct I can see why you might get labeled as spam.
They go through my ISP, ComCast. My computer skills aren't so good that I can bypass my ISP. (I can generally recognize the Shut Down... button from a list, 2 times out of three....) Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
On Monday 02 January 2006 21:32, Eric Hines wrote:
At 01/02/06 14:52, you wrote:
On Mon, 2006-01-02 at 14:03 -0600, Eric Hines wrote:
Folks,
My last got labeled SPAM; this removes (I think) the full IP addresses and links. (Side note--many of you are able to send these without getting tagged as spam. How are you doing this? I'm using Eudora and Thunderbird, and both are getting the SPAM labels.)
Are you trying to send them direct or through your ISP? If direct I can see why you might get labeled as spam.
They go through my ISP, ComCast. My computer skills aren't so good that I can bypass my ISP. (I can generally recognize the Shut Down... button from a list, 2 times out of three....)
Eric Hines
There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
Hi .. Did i not read somewhere that ComCast had developed a bad reputation for spam mails and hence has been rated high up the spam lists (black lists) or whatever .. Pete . -- If Bill Gates had gotten LAID at High School do YOU think there would be a Microsoft ? Of course NOT ! You gotta spend a lot of time at your school Locker stuffing underware up your ass to think , I am going to take on the worlds Computer Industry -------:heard on Cyber Radio.:------- AFFA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-01-02 at 14:03 -0600, Eric Hines wrote:
Folks,
My last got labeled SPAM; this removes (I think) the full IP addresses and links.
I think not...
(Side note--many of you are able to send these without getting tagged as spam. How are you doing this? I'm using Eudora and Thunderbird, and both are getting the SPAM labels.)
Chances! I could tell you more if I could look at the SA headers added by SuSE to the email, but I can't because as I run my SA locally, they get removed and substituted by mine. If you are not running SpamAssassin on your PC, you will be able to see them (search for "X-Spam-Status"), and then find out why this mail was tagged as spam. The only mark my SA gives is BIZ_TLD ("Contains an URL in the BIZ top-level domain"), which is perhaps triggering on your text, which includes the word "sserver.test dot biz". My wild guess is that your ISP is blacklisted. But don't worry too much, I'm not deterred by the "spam" word in the subject, nor will many listers here, I hope. You should be grateful that your emails was simply tagged and not deleted unceremoniously, as it was done not long ago! ;-p As as your "real" problem, I don't know. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDub8vtTMYHG2NR9URAkXeAJ9wi06ADgH8l5DzvPCd1FokLxnlKQCeIeAn C7s4ZeKV50OeimBK0tb3yoA= =1c+v -----END PGP SIGNATURE-----
On Tue, 2006-01-03 at 01:02 +0100, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2006-01-02 at 14:03 -0600, Eric Hines wrote:
Folks,
My last got labeled SPAM; this removes (I think) the full IP addresses and links.
I think not...
(Side note--many of you are able to send these without getting tagged as spam. How are you doing this? I'm using Eudora and Thunderbird, and both are getting the SPAM labels.)
Chances!
I could tell you more if I could look at the SA headers added by SuSE to the email, but I can't because as I run my SA locally, they get removed and substituted by mine. If you are not running SpamAssassin on your PC, you will be able to see them (search for "X-Spam-Status"), and then find out why this mail was tagged as spam.
The only mark my SA gives is BIZ_TLD ("Contains an URL in the BIZ top-level domain"), which is perhaps triggering on your text, which includes the word "sserver.test dot biz".
My wild guess is that your ISP is blacklisted.
Highly unlikely that comcast.com is blacklisted. They one of the biggest ISP's in the USA. It would be equivalent to blacklisting earthlink.net or in your case Carlos, tiscali.es. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
On 1/2/06 7:35 PM, "Ken Schneider"
Highly unlikely that comcast.com is blacklisted. They one of the biggest ISP's in the USA. It would be equivalent to blacklisting earthlink.net or in your case Carlos, tiscali.es.
-- Ken Schneider
I agree - unlikely they are being blocked, but they have admitted they are the US's largest source of spam. (this was about 6 months ago) This was a large discussion in the local mac users group. ...maybe they should be... :| -- Thanks, George "America will never be destroyed from the outside. If we falter and lose our freedoms, it will be because we destroyed ourselves." -Abraham Lincoln
On Monday, January 02, 2006 @ 3:53 PM, George wrote:
On 1/2/06 7:35 PM, "Ken Schneider"
wrote:
Highly unlikely that comcast.com is blacklisted. They one of the biggest ISP's in the USA. It would be equivalent to blacklisting earthlink.net or in your case Carlos, tiscali.es.
-- Ken Schneider
I agree - unlikely they are being blocked, but they have admitted they are the US's largest source of spam. (this was about 6 months ago)
Well, if they're "one of the biggest ISP's in the USA", then being "the US's largest source of spam" wouldn't necessarily be any reason to single them out, would it (unless the latter is on a percentage, not volume, basis)? I mean, certainly you could cut down spam if you blacklisted all of the largest ISP's, but that would be sort of counter productive, wouldn't it?
This was a large discussion in the local mac users group. ...maybe they should be... :|
-- Thanks, George Greg Wallace
On Mon, 2006-01-02 at 19:23 -0900, Greg Wallace wrote:
On Monday, January 02, 2006 @ 3:53 PM, George wrote:
On 1/2/06 7:35 PM, "Ken Schneider"
wrote: Highly unlikely that comcast.com is blacklisted. They one of the biggest ISP's in the USA. It would be equivalent to blacklisting earthlink.net or in your case Carlos, tiscali.es.
-- Ken Schneider
I agree - unlikely they are being blocked, but they have admitted they are the US's largest source of spam. (this was about 6 months ago)
Well, if they're "one of the biggest ISP's in the USA", then being "the US's largest source of spam" wouldn't necessarily be any reason to single them out, would it (unless the latter is on a percentage, not volume, basis)? I mean, certainly you could cut down spam if you blacklisted all of the largest ISP's, but that would be sort of counter productive, wouldn't it?
I can see the dynamic IP's being blacklisted for an ISP but not the static used for the email servers for that ISP. After all the ISP has no control over the users that fail to keep their PC's secure. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
* Ken Schneider
I can see the dynamic IP's being blacklisted for an ISP but not the static used for the email servers for that ISP. After all the ISP has no control over the users that fail to keep their PC's secure.
That's a bad rap. And an ISP certainly has control over errant users. It's called 'Cutting off service'. The ISP's just fail in their responsibility. You (at least in all of my experiences) agree to a usage form to get service and that form designates a loss of service for varying from their (ISP's) rules. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
On Tue, 2006-01-03 at 08:21 -0500, Patrick Shanahan wrote:
* Ken Schneider
[01-02-06 23:31]: I can see the dynamic IP's being blacklisted for an ISP but not the static used for the email servers for that ISP. After all the ISP has no control over the users that fail to keep their PC's secure.
That's a bad rap. And an ISP certainly has control over errant users. It's called 'Cutting off service'. The ISP's just fail in their responsibility. You (at least in all of my experiences) agree to a usage form to get service and that form designates a loss of service for varying from their (ISP's) rules.
If ISP's shut down all of the errant users that did not keep their PC's up to date for virii, worms and bugs they would have to shutdown perhaps over 50% of their customers. Do you really think a company would do that. It is out of control and the best that ISP's can do today is install the hardware/software to protect the users who use their service. Earthlink has done some of this by using a product called "Spamblocker" which blocks -ALL- email unless the person is in my address book. If I want to look for other email I can look in my "suspect" folder using the web interface and add people to my address book as needed. If -all- ISP's used something like this it would cut out perhaps 90% or more of the spam going around today. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
Ken, On Tuesday 03 January 2006 06:05, Ken Schneider wrote:
On Tue, 2006-01-03 at 08:21 -0500, Patrick Shanahan wrote:
...
That's a bad rap. And an ISP certainly has control over errant users. It's called 'Cutting off service'. The ISP's just fail in their responsibility. You (at least in all of my experiences) agree to a usage form to get service and that form designates a loss of service for varying from their (ISP's) rules.
If ISP's shut down all of the errant users that did not keep their PC's up to date for virii, worms and bugs they would have to shutdown perhaps over 50% of their customers. Do you really think a company would do that.
Given the consequences, it should be mandated. We don't let people drive unmaintained cars, and when something goes wrong with one of them, it affects only people in the immediate vicinity at the time of the malfunction.
...
-- Ken Schneider
Randall Schulz
* Ken Schneider
If ISP's shut down all of the errant users that did not keep their PC's up to date for virii, worms and bugs they would have to shutdown perhaps over 50% of their customers.
Their *originally* stated policy/position.
Do you really think a company would do that. It is out of control and the best that ISP's can do today is install the hardware/software to protect the users who use their service.
ONLY because they did not address it at the onset. If you tell your children that they cannot get cookies from the cookie jar and do not inforce the rule, the rule is meaningless and your authority along with it. My thoughts about whether a company should or should not is irrelevant.
Earthlink has done some of this by using a product called "Spamblocker" which blocks -ALL- email unless the person is in my address book.
How are they going to see my 'address book'?
If I want to look for other email I can look in my "suspect" folder using the web interface and add people to my address book as needed. If -all- ISP's used something like this it would cut out perhaps 90% or more of the spam going around today.
Only if you do web mail and thru your provider. I do my own mail and only relay thru my provider because *most* sites would reject my mail as I do not have a static ip, even though it has not changed in five years, 24.208.208.146. A classic case of punishing the whole class because of one (or more) individual's transgressions. IF the ISP's *did* block someone's service because their computer was generating spam or probing large blocks of ip's as the windoz worms and virii do, we would have less problems and the errant windoz users would be *forced* to keep their computers clean. We have here a situation akin to the original assault of news-groups by *mostly* unknowledgable aolers in the '80s. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
On Tue, 2006-01-03 at 15:15 -0500, Patrick Shanahan wrote:
* Ken Schneider
[01-03-06 09:07]: If ISP's shut down all of the errant users that did not keep their PC's up to date for virii, worms and bugs they would have to shutdown perhaps over 50% of their customers.
Their *originally* stated policy/position.
Do you really think a company would do that. It is out of control and the best that ISP's can do today is install the hardware/software to protect the users who use their service.
ONLY because they did not address it at the onset. If you tell your children that they cannot get cookies from the cookie jar and do not inforce the rule, the rule is meaningless and your authority along with it. My thoughts about whether a company should or should not is irrelevant.
Earthlink has done some of this by using a product called "Spamblocker" which blocks -ALL- email unless the person is in my address book.
How are they going to see my 'address book'?
It's the address book on the web mail product they supply. I agree the rules should be enforced but it is too late now. Too many would get pissed off and go elsewhere. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
* Ken Schneider
It's the address book on the web mail product they supply.
I don't use webmail! There is no access to my 'address book'.
I agree the rules should be enforced but it is too late now. Too many would get pissed off and go elsewhere.
Where would they go. Most are not dial-up. Do you have a choice of cable internet providers where you reside? -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
On Tue, 2006-01-03 at 17:00 -0500, Patrick Shanahan wrote:
* Ken Schneider
[01-03-06 16:26]: It's the address book on the web mail product they supply.
I don't use webmail! There is no access to my 'address book'.
I don't either. I pop my email from my ISP. But that does not mean I can't use the spam-blocking feature and check via the web interface once a week for mail that should not be flagged as spam. Sure makes my life easier in the long run. Mail received that matches an entry in the address book in the web app goes to my inbox where I can pop it to my local client. It is the address book in the web app, not the one in the local client.
I agree the rules should be enforced but it is too late now. Too many would get pissed off and go elsewhere.
Where would they go. Most are not dial-up. Do you have a choice of cable internet providers where you reside?
I have access to dialup, cable or DSL, my choice of which one I want to subscribe to. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
On Tuesday 03 January 2006 9:05 am, Ken Schneider wrote:
If ISP's shut down all of the errant users that did not keep their PC's up to date for virii, worms and bugs they would have to shutdown perhaps over 50% of their customers. Do you really think a company would do that. It is out of control and the best that ISP's can do today is install the hardware/software to protect the users who use their service. Earthlink has done some of this by using a product called "Spamblocker" which blocks -ALL- email unless the person is in my address book. If I want to look for other email I can look in my "suspect" folder using the web interface and add people to my address book as needed. If -all- ISP's used something like this it would cut out perhaps 90% or more of the spam going around today.
It's probably a good thing for all ISPs to do, even though many of us would rather have the SPAMMERS located and then the snot beat outta them. Fred -- Paid purchaser of ALL SuSE Linux releases since 6.x
Tue, 03 Jan 2006, by suse-list@bout-tyme.net:
On Tue, 2006-01-03 at 08:21 -0500, Patrick Shanahan wrote:
* Ken Schneider
[01-02-06 23:31]: I can see the dynamic IP's being blacklisted for an ISP but not the static used for the email servers for that ISP. After all the ISP has no control over the users that fail to keep their PC's secure.
That's a bad rap. And an ISP certainly has control over errant users. It's called 'Cutting off service'. The ISP's just fail in their responsibility. You (at least in all of my experiences) agree to a usage form to get service and that form designates a loss of service for varying from their (ISP's) rules.
If ISP's shut down all of the errant users that did not keep their PC's up to date for virii, worms and bugs they would have to shutdown perhaps over 50% of their customers. Do you really think a company would do
My ISP does exactly that: as soon as they find out someone's spewing shite they cut the connection off, leaving only the webmail where an email is waiting with explanation and conditions for re-connect. Most of the time a site is cut-off within hours of abuse.
that. It is out of control and the best that ISP's can do today is install the hardware/software to protect the users who use their service. Earthlink has done some of this by using a product called "Spamblocker" which blocks -ALL- email unless the person is in my address book. If I want to look for other email I can look in my "suspect" folder using the web interface and add people to my address book as needed. If -all- ISP's used something like this it would cut out perhaps 90% or more of the spam going around today.
I'm very pleased my ISP has a better understanding of howto keep the huns from taking over. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
On Fri, 2006-01-06 at 00:07 +0100, Theo v. Werkhoven wrote:
Tue, 03 Jan 2006, by suse-list@bout-tyme.net:
On Tue, 2006-01-03 at 08:21 -0500, Patrick Shanahan wrote:
If ISP's shut down all of the errant users that did not keep their PC's up to date for virii, worms and bugs they would have to shutdown perhaps over 50% of their customers. Do you really think a company would do
My ISP does exactly that: as soon as they find out someone's spewing shite they cut the connection off, leaving only the webmail where an email is waiting with explanation and conditions for re-connect. Most of the time a site is cut-off within hours of abuse.
that. It is out of control and the best that ISP's can do today is install the hardware/software to protect the users who use their service. Earthlink has done some of this by using a product called "Spamblocker" which blocks -ALL- email unless the person is in my address book. If I want to look for other email I can look in my "suspect" folder using the web interface and add people to my address book as needed. If -all- ISP's used something like this it would cut out perhaps 90% or more of the spam going around today.
I'm very pleased my ISP has a better understanding of howto keep the huns from taking over.
I wish they ALL would cut them off at the knees as it would stop perhaps half of the spam. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-01-03 at 08:21 -0500, Patrick Shanahan wrote:
* Ken Schneider
[01-02-06 23:31]: I can see the dynamic IP's being blacklisted for an ISP but not the static used for the email servers for that ISP. After all the ISP has no control over the users that fail to keep their PC's secure.
That's a bad rap. And an ISP certainly has control over errant users. It's called 'Cutting off service'. The ISP's just fail in their responsibility. You (at least in all of my experiences) agree to a usage form to get service and that form designates a loss of service for varying from their (ISP's) rules.
Hold on, you are all getting off-mark :-) Comcast is not being blacklisted because of posters using dynamic IPs, or users doing "Bad Things", or anything of the sort. They are or were listed because the people responsible for the comcast domain are not following some internet rules, some of the RFC documents. They took the liberty to ignore some of the "rules", so they got listed as not following the rules in the www.rfc-ignorant.org site. For example, it seems that the information they give in the WHOIS database is incorrect, or at least was incorrect at the date Eric Hines posted his original email, for the domain contained in the "envelope from" (usually the same as the from address), as seen when the email got to the list server at SuSE. It also seems there is or was some problem with the mandatory postmaster email address (http://www.rfc-ignorant.org/policy-postmaster.php). I say "was" because I was unable to find the complaint report at rfc-ignorant.org. And, of course, another completely different issue is that SA should give such a high spamminess score for an ISP not being fully compliant with such RFC rules. It is certainly a Bad Thing, but perhaps not a good indicator for spamminess. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDuw5ttTMYHG2NR9URAsmRAJ9O2WUhwJPdv8P6Kx/jPu2W8K/9EgCbBAZf 2ovpqy08MI1+5plSNZXM03g= =D8wA -----END PGP SIGNATURE-----
On Wed, 4 Jan 2006 00:53:15 +0100 (CET), you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2006-01-03 at 08:21 -0500, Patrick Shanahan wrote:
* Ken Schneider
[01-02-06 23:31]: I can see the dynamic IP's being blacklisted for an ISP but not the static used for the email servers for that ISP. After all the ISP has no control over the users that fail to keep their PC's secure.
That's a bad rap. And an ISP certainly has control over errant users. It's called 'Cutting off service'. The ISP's just fail in their responsibility. You (at least in all of my experiences) agree to a usage form to get service and that form designates a loss of service for varying from their (ISP's) rules.
Hold on, you are all getting off-mark :-)
Comcast is not being blacklisted because of posters using dynamic IPs, or users doing "Bad Things", or anything of the sort. They are or were listed because the people responsible for the comcast domain are not following some internet rules, some of the RFC documents. They took the liberty to ignore some of the "rules", so they got listed as not following the rules in the www.rfc-ignorant.org site.
For example, it seems that the information they give in the WHOIS database is incorrect, or at least was incorrect at the date Eric Hines posted his original email, for the domain contained in the "envelope from" (usually the same as the from address), as seen when the email got to the list server at SuSE.
It also seems there is or was some problem with the mandatory postmaster email address (http://www.rfc-ignorant.org/policy-postmaster.php).
I say "was" because I was unable to find the complaint report at rfc-ignorant.org.
And, of course, another completely different issue is that SA should give such a high spamminess score for an ISP not being fully compliant with such RFC rules. It is certainly a Bad Thing, but perhaps not a good indicator for spamminess.
One of my clients is stuck with Comcast- they have many MANY problems, starting with a postmaster who defines spam as anything he feels is spam, irrrelevant of what the customer wants. I'm completely unsurprised that they're on the rfc-ignorant list. Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
Ken Schneider wrote:
I can see the dynamic IP's being blacklisted for an ISP but not the static used for the email servers for that ISP. After all the ISP has no control over the users that fail to keep their PC's secure.
And by what method are others supposed to know what addresses are from DHCP & static ranges? Are there even separate ranges?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-01-03 at 19:59 -0500, James Knott wrote:
Ken Schneider wrote:
I can see the dynamic IP's being blacklisted for an ISP but not the static used for the email servers for that ISP. After all the ISP has no control over the users that fail to keep their PC's secure.
And by what method are others supposed to know what addresses are from DHCP & static ranges? Are there even separate ranges?
Not really difficult. You only have to query one of those "internet police sites" that list such things, like sorbs. It is easy enough to activate in postfix or spamassassin. In fact, if you do a reverse dns search on a dynamic IP it is guessable when they are dynamic; sometimes the info is obtainable from the wohis database. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDvCg4tTMYHG2NR9URAndsAJ9w/G775/kXSnQVx6adtzH1aRHTEwCcDqLz dtTfHSJCpSply7O01qc3CUM= =ASS6 -----END PGP SIGNATURE-----
Mon, 02 Jan 2006, by gregwallace@fastmail.fm:
On Monday, January 02, 2006 @ 3:53 PM, George wrote:
On 1/2/06 7:35 PM, "Ken Schneider"
wrote: Highly unlikely that comcast.com is blacklisted. They one of the biggest ISP's in the USA. It would be equivalent to blacklisting earthlink.net or in your case Carlos, tiscali.es.
-- Ken Schneider
I agree - unlikely they are being blocked, but they have admitted they are the US's largest source of spam. (this was about 6 months ago)
Well, if they're "one of the biggest ISP's in the USA", then being "the US's largest source of spam" wouldn't necessarily be any reason to single them out, would it (unless the latter is on a percentage, not volume, basis)? I mean, certainly you could cut down spam if you blacklisted all of the largest ISP's, but that would be sort of counter productive, wouldn't it?
No it wouldn't, not if it would bring these spammer harbourers to their knees and stop the flood of garbage. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-01-02 at 19:35 -0500, Ken Schneider wrote:
My wild guess is that your ISP is blacklisted.
Highly unlikely that comcast.com is blacklisted. They one of the biggest ISP's in the USA. It would be equivalent to blacklisting earthlink.net or in your case Carlos, tiscali.es.
In fact, Tiscali has been blacklisted at least once, and my main provider,
Terra, often is. The biggest an ISP is, the easier.
I found the original SA report:
X-Virus-Scanned: by amavisd-new at Relay2.suse.de
X-Spam-Status: Yes, hits=5.2 tagged_above=-20.0 required=5.0 tests=BAYES_50,
BIZ_TLD, DNS_FROM_RFC_POST, DNS_FROM_RFC_WHOIS
X-Spam-Level: *****
X-Spam-Flag: YES
Yes, it is blacklisted, my guess is correct. The translation of the above
tags is:
BIZ_TLD 2.013 Contains an URL in the BIZ top-level domain
DNS_FROM_RFC_POST 1.708 Envelope sender in postmaster.rfc-ignorant.org
DNS_FROM_RFC_WHOIS 1.447 Envelope sender in whois.rfc-ignorant.org
I can not see the envelope sender that the suse server saw when it wrote
the above, though.
** DNS_FROM_RFC_WHOIS **
Domains are listed in the whois.rfc-ignorant.org zone based on meeting any
of the following criteria:
1. The information provided in the WHOIS record for a given domain is
missing or otherwise "obviously wrong"; examples might include:
* a phone number of "555-1212";
* an address of 1060 W. Addison, Chicago (for any organization
other than the Chicago Cubs);
* an address of 1600 Pennsylvania Ave, Washington DC;
* or an address of No. 10 Downing St., London.
2. If the information provided on a WHOIS record is inaccurate, out of
date, or otherwise "provably wrong". This might include e-mails that
bounce, phone numbers of people who have nothing to do with the
domain, or a street address that doesn't work for the company in
question.
3. If a TLD does not have a working, public, free of charge WHOIS
registry (operating via TCP port 43, and adhering to the protocol
specification in RFC3912) providing some form of contact
information, then by definition no domain in that TLD is
RFC1032-compliant, and that would make the entire TLD a viable
candidate for listing, however "entire TLD"-based domains return a
different result code in the A record (127.0.0.7 versus 127.0.0.5)
so as to allow sites to differentiate between them.
4. If any of the valid MX servers for a domain in the RHS of a contact
address have private, reserved, or otherwise bogus IP addresses,
then the domain would be listed. (E.g., given an address of
Mon, 02 Jan 2006, by suse-list@bout-tyme.net:
On Tue, 2006-01-03 at 01:02 +0100, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2006-01-02 at 14:03 -0600, Eric Hines wrote:
Folks,
My last got labeled SPAM; this removes (I think) the full IP addresses and links.
I think not...
(Side note--many of you are able to send these without getting tagged as spam. How are you doing this? I'm using Eudora and Thunderbird, and both are getting the SPAM labels.)
Chances!
I could tell you more if I could look at the SA headers added by SuSE to the email, but I can't because as I run my SA locally, they get removed and substituted by mine. If you are not running SpamAssassin on your PC, you will be able to see them (search for "X-Spam-Status"), and then find out why this mail was tagged as spam.
The only mark my SA gives is BIZ_TLD ("Contains an URL in the BIZ top-level domain"), which is perhaps triggering on your text, which includes the word "sserver.test dot biz".
My wild guess is that your ISP is blacklisted.
Highly unlikely that comcast.com is blacklisted. They one of the biggest ISP's in the USA. It would be equivalent to blacklisting earthlink.net or in your case Carlos, tiscali.es.
Lots of people have absolutely *no* problem whatsoever blocking comcast or any spammer for that matter. http://www.spews.org/html/S2963.html Read the evidence file and think hard if you really wish to be associated with- and contribute to the worst spammer on Earth. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
On Thursday 05 January 2006 5:59 pm, Theo v. Werkhoven wrote:
Lots of people have absolutely *no* problem whatsoever blocking comcast or any spammer for that matter. http://www.spews.org/html/S2963.html Read the evidence file and think hard if you really wish to be associated with- and contribute to the worst spammer on Earth.
I know comcast is bad, but so are others like sbcglobal.com. Fred -- Paid purchaser of ALL SuSE Linux releases since 6.x
Fri, 06 Jan 2006, by fmiller@lightlink.com:
On Thursday 05 January 2006 5:59 pm, Theo v. Werkhoven wrote:
Lots of people have absolutely *no* problem whatsoever blocking comcast or any spammer for that matter. http://www.spews.org/html/S2963.html Read the evidence file and think hard if you really wish to be associated with- and contribute to the worst spammer on Earth.
I know comcast is bad, but so are others like sbcglobal.com.
Yes, but the discussion was about whether why {some,any}one would want to block comcast. Some people apparently like to believe that comcast really isn't so bad, and it's not really their fault, and everyone is against them and..., and... Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.
At 01/02/06 18:02, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2006-01-02 at 14:03 -0600, Eric Hines wrote:
Folks,
My last got labeled SPAM; this removes (I think) the full IP addresses and links.
I think not...
I was unclear here--I meant that the current retry had my effort to remove the offending.... And apparently I failed at that; the retry got labeled, too.
(Side note--many of you are able to send these without getting tagged as spam. How are you doing this? I'm using Eudora and Thunderbird, and both are getting the SPAM labels.)
Chances!
I could tell you more if I could look at the SA headers added by SuSE to the email, but I can't because as I run my SA locally, they get removed and substituted by mine. If you are not running SpamAssassin on your PC, you will be able to see them (search for "X-Spam-Status"), and then find out why this mail was tagged as spam.
The only mark my SA gives is BIZ_TLD ("Contains an URL in the BIZ top-level domain"), which is perhaps triggering on your text, which includes the word "sserver.test dot biz".
My wild guess is that your ISP is blacklisted.
Expand the headers. What a concept. I should have thought of that.... As to the ISP being blacklisted, I don't think so for two reasons: one is purely hope: my ISP is ComCast, and they're generally better than that. They're not AT&T, either then or now. The other is more concrete: I've sent other emails to the list during this time frame that haven't been tagged.
But don't worry too much, I'm not deterred by the "spam" word in the subject, nor will many listers here, I hope. You should be grateful that your emails was simply tagged and not deleted unceremoniously, as it was done not long ago! ;-p
Good. I was afraid most folks would do what I would have done if I knew enough to be a contributer--look past the spam labels, or actually filter them out.
As as your "real" problem, I don't know.
And you're one of the geniuses here. I don't know if I'm encouraged or discouraged.... Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-01-02 at 18:47 -0600, Eric Hines wrote:
I think not...
I was unclear here--I meant that the current retry had my effort to remove the offending.... And apparently I failed at that; the retry got labeled, too.
I know - next time, use your editor search feature ;-)
My wild guess is that your ISP is blacklisted.
Expand the headers. What a concept. I should have thought of that.... As to the ISP being blacklisted, I don't think so for two reasons: one is purely hope: my ISP is ComCast, and they're generally better than that. They're not AT&T, either then or now. The other is more concrete: I've sent other emails to the list during this time frame that haven't been tagged.
It is blacklisted, in fact: see my other recent email in this thread. Nothing "serious", they are reported because they ignore two types of RFC, and thus are listed in postmaster.rfc-ignorant.org and whois.rfc-ignorant.org. The score is not enough to trigger unless you also hit another thing, as containing a dot biz domain name somewhere in the text. However... although not respecting the RFC is a "Bad Thing", I'm not sure being listed there is a spamminess indicator, nor that it should be given so high score. SA scores are given automatically with a process I don't understand; perhaps I'll try to read about it.
But don't worry too much, I'm not deterred by the "spam" word in the subject, nor will many listers here, I hope. You should be grateful that your emails was simply tagged and not deleted unceremoniously, as it was done not long ago! ;-p
Good. I was afraid most folks would do what I would have done if I knew enough to be a contributer--look past the spam labels, or actually filter them out.
I have been labeled that way before, so I'm sensitive to the problem. If I see that label in the list, my curiosity rises ;-) See how many people are talking about this instead of your problem! Next time, I bet you don't say a thing :-p
As as your "real" problem, I don't know.
And you're one of the geniuses here. I don't know if I'm encouraged or discouraged....
Neither! X-) Each one has its parcel of knowledge. Of course I know about networks, but not formally and I'm not confident enough to guess at your problem, or not today, at least, nothing clicked yet. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDudrqtTMYHG2NR9URAgq+AJsG990OEOszeM50vpH0LX1z6k7vWQCgg3U+ OLcSiIE2hg0k2SHo0Mh6dYQ= =5Nqj -----END PGP SIGNATURE-----
At 01/02/06 20:01, you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2006-01-02 at 18:47 -0600, Eric Hines wrote:
<snip>
But don't worry too much, I'm not deterred by the "spam" word in the subject, nor will many listers here, I hope. You should be grateful that your emails was simply tagged and not deleted unceremoniously, as it was done not long ago! ;-p
Good. I was afraid most folks would do what I would have done if I knew enough to be a contributer--look past the spam labels, or actually filter them out.
I have been labeled that way before, so I'm sensitive to the problem. If I see that label in the list, my curiosity rises ;-)
As I will be, now that I've encountered this....
See how many people are talking about this instead of your problem! Next time, I bet you don't say a thing :-p
That's not all bad--I'm learning from this discussion, too. There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell
participants (12)
-
Carlos E. R.
-
Eric Hines
-
Fred A. Miller
-
Greg Wallace
-
James Knott
-
Ken Schneider
-
Michael W Cocke
-
Patrick Shanahan
-
Peter Nikolic
-
Randall R Schulz
-
suse_gasjr4wd@mac.com
-
Theo v. Werkhoven