Suse mailing list relay listed at SORBS as spam source
Hi Folks, I stopped receiving SuSE list mail on Oct 14 and didn't realize what's going on until this afternoon. lists.suse.de is listed in the sorbs dns-rbl database as a source of spam. As such, list messages will be silently dropped on many ISPs. Check it out at http://www.au.sorbs.net/lookup.shtml. It would seem that the list owner should contact sorbs to get de-listed. Regards, Lew Wolfgang
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-11-04 at 17:18 -0800, Lew Wolfgang wrote:
I stopped receiving SuSE list mail on Oct 14 and didn't realize what's going on until this afternoon. lists.suse.de is listed in the sorbs dns-rbl database as a source of spam. As such, list messages will be silently dropped on many ISPs.
Which demonstrates that it is a bad thing for ISPs to use black lists. I'm lucky and happy that my ISP doesn't.
Check it out at http://www.au.sorbs.net/lookup.shtml.
I checked the two IPs and they are not listed.
It would seem that the list owner should contact sorbs to get de-listed.
Tell him directly. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFTT8atTMYHG2NR9URAixIAJ4pf7TXsaaS42ZKubq87ev54ADtIwCgjgLt KYBNuEvGMZbgfivTy9ltRcg= =l09u -----END PGP SIGNATURE-----
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Saturday 2006-11-04 at 17:18 -0800, Lew Wolfgang wrote:
I stopped receiving SuSE list mail on Oct 14 and didn't realize what's going on until this afternoon. lists.suse.de is listed in the sorbs dns-rbl database as a source of spam. As such, list messages will be silently dropped on many ISPs.
Which demonstrates that it is a bad thing for ISPs to use black lists. I'm lucky and happy that my ISP doesn't.
I can understand why ISPs use black lists. Since October 29 at 4 AM (it is not even 7 days since) my lowly home mail server blocked 3883 spam messages mailed to me or my wife. I am using spamhaus, spamcop and the likes. None of SuSE's emails got blocked though so the ones I use at least seem to do a good job. This is on a system with only two users, can you imagine what is going on at large ISP mail servers? I don't know if they have a choice. Avi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-11-04 at 19:45 -0600, Avi Schwartz wrote:
This is on a system with only two users, can you imagine what is going on at large ISP mail servers? I don't know if they have a choice.
Oh, yes, I can imagine. My ISP has users in the million count, and they don't use any shuch thing as black listing, AFAIK. It is my job to filter spam, or to pay them to do it for me. For one thing, they are often listed themselves! - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFTVH5tTMYHG2NR9URAlHzAKCByfBuCTAfn2ZXK3bppvhsrPaQyACgiWix Sig6hQSbjwoV0jC0rBfq+Tc= =fXRy -----END PGP SIGNATURE-----
On Saturday 04 November 2006 17:52, Carlos E. R. wrote:
It is my job to filter spam, or to pay them to do it for me.
Now there's a scam I would like to see outlawed. It costs an ISP more to handle spam than to deal filter it, so why charge anybody? As long as there is someone making money off of spam there will always be spam. How serious will any ISP be about anti-spam measures if they are making money off of it? -- _____________________________________ John Andersen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-11-04 at 18:08 -0900, John Andersen wrote:
On Saturday 04 November 2006 17:52, Carlos E. R. wrote:
It is my job to filter spam, or to pay them to do it for me.
Now there's a scam I would like to see outlawed. It costs an ISP more to handle spam than to deal filter it, so why charge anybody?
As long as there is someone making money off of spam there will always be spam. How serious will any ISP be about anti-spam measures if they are making money off of it?
Because if they did filter by default their basic charges would be higher. I prefer to pay less and to do it my self, where I have full control. There are other extra services, like virus protection, parental control whatever and other things. It is a business, they charge for things. Of course, there are mail providers out there that provide such things for free, or so it seems: I know they are charging me for that in hidden ways. By the way, I'm not sure it cost them more money to handle spam than filter it. Passing on the spam received is just some resources. Filtering them is, I think, extra resources and man power. Using filters like spamassassin are very cpu intensive; and any way, that spam mail has entered their servers, so they store it in our folders that have limited space, anyway. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFTVnEtTMYHG2NR9URAqc5AJ9tKs/NAQaVXmxWFx1VvcA1druYbACfbQZc HEOjkBjltr3J2VWU32u0gGo= =dAid -----END PGP SIGNATURE-----
On Sunday 05 November 2006 10:25, Carlos E. R. wrote: ...
By the way, I'm not sure it cost them more money to handle spam than filter it. Passing on the spam received is just some resources. Filtering them is, I think, extra resources and man power. Using filters like spamassassin are very cpu intensive; and any way, that spam mail has entered their servers, so they store it in our folders that have limited space, anyway.
Use greylisting - the spam email does not enter the system, with _no_ false positives. No need to use dubious blacklists such as SORBS which justifies their actions with IEEE _drafts_ they submitted themselves... I did run and still do a test where I let the same email be seen by greylisting and by some blacklists, and so far greylisting does catch more, and the blacklist does not add additional value. I'm fully aware though that this will change once the spammers adapt and built more mail server functionality in their spam bomb software.
Carlos E. R. wrote:
The Saturday 2006-11-04 at 17:18 -0800, Lew Wolfgang wrote:
I stopped receiving SuSE list mail on Oct 14 and didn't realize what's going on until this afternoon. lists.suse.de is listed in the sorbs dns-rbl database as a source of spam. As such, list messages will be silently dropped on many ISPs.
Which demonstrates that it is a bad thing for ISPs to use black lists. I'm lucky and happy that my ISP doesn't.
Well, this "bad thing" is dropping about 1,000 spams per day on my server. I'll continue to use rbl's, thank you. It's my choice since I'm my own ISP. The lab where I work also uses rbl's which, along with grey-listing, removes about 90,000 spams per day, which is about 90% of their total mail traffic.
Check it out at http://www.au.sorbs.net/lookup.shtml.
I checked the two IPs and they are not listed.
195.135.221.131 is the IP that's listed. I don't know which two you checked.
It would seem that the list owner should contact sorbs to get de-listed.
Tell him directly.
I presumed that my message would reach him/them, in addition to alerting others of the problem. Regards, Lew Wolfgang
On 2006-11-04 19:52, Lew Wolfgang wrote:
It would seem that the list owner should contact sorbs to get de-listed.
Tell him directly.
I presumed that my message would reach him/them, in addition to alerting others of the problem. The list owner doesn't necessarily read any of the suse lists; contact suse-linux-e-owner@suse.com (as per the header of every list message).
On 05-Nov-06 Lew Wolfgang wrote:
[...] Well, this "bad thing" is dropping about 1,000 spams per day on my server. I'll continue to use rbl's, thank you. It's my choice since I'm my own ISP. [...]
Ahh! Since Lew is his own ISP, the solution to SORBS is easy!
Just stop using them!
Best wishes,
Ted.
--------------------------------------------------------------------
E-Mail: (Ted Harding)
(Ted Harding) wrote:
On 05-Nov-06 Lew Wolfgang wrote:
[...] Well, this "bad thing" is dropping about 1,000 spams per day on my server. I'll continue to use rbl's, thank you. It's my choice since I'm my own ISP. [...]
Ahh! Since Lew is his own ISP, the solution to SORBS is easy! Just stop using them!
Hi Ted, Actually SORBS does a good job for me. In the years that I've been using it this is the first problem I've had. In this case the solution is to white-list the offending IP address. I'll continue to use SORBS, and a few others. Regards, Lew Wolfgang
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2006-11-04 at 17:52 -0800, Lew Wolfgang wrote:
Well, this "bad thing" is dropping about 1,000 spams per day on my server. I'll continue to use rbl's, thank you. It's my choice since I'm my own ISP. The lab where I work also uses rbl's which, along with grey-listing, removes about 90,000 spams per day, which is about 90% of their total mail traffic.
It is your choice. Just one unfair email dropped is enough for me not to use them.
Check it out at http://www.au.sorbs.net/lookup.shtml.
I checked the two IPs and they are not listed.
195.135.221.131 is the IP that's listed. I don't know which two you checked.
mx1.suse.de and mx2.suse.de, the mail servers. You are checking "lists.suse.de" which is not in the address from field. lists.suse.de has been blacklisted, but the sorbs link you gave does not tell the reason why, only that someone listed him. Do you remember those people posting here now an then asking to be unsubscribed? O for us to stop spamming him? I have received direct claims like that. Perhaps one of those clueless people protested to sorbs and they have listed SuSE without further investigation.
It would seem that the list owner should contact sorbs to get de-listed.
Tell him directly.
I presumed that my message would reach him/them, in addition to alerting others of the problem.
Don't presume that. It is in the list FAQ, and I know for certain that they don't always read the list and have to be alerted of problems, like the spam tags in the subject line. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFTVDttTMYHG2NR9URAqMwAJ4h3Sme3kPz0eYuKBnFtB7pvg5i8wCffGfq hfHDQ+dnsLvCGsW5QqtN0j4= =LPYM -----END PGP SIGNATURE-----
* Carlos E. R.
Which demonstrates that it is a bad thing for ISPs to use black lists. I'm lucky and happy that my ISP doesn't.
BUT rbl's are a *good* thing if you exclude sorbs. I drop from 300-800 spams/day via rbl's locally. And afaik, my isp (roadrunner) does not utilize rbl's. I am happy to control the use of rbl's myself :^). -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
On 05-Nov-06 Lew Wolfgang wrote:
Hi Folks,
I stopped receiving SuSE list mail on Oct 14 and didn't realize what's going on until this afternoon. lists.suse.de is listed in the sorbs dns-rbl database as a source of spam. As such, list messages will be silently dropped on many ISPs.
Check it out at http://www.au.sorbs.net/lookup.shtml.
It would seem that the list owner should contact sorbs to get de-listed.
I doubt it. See what SORBS themselves have to say about
getting de-listed from their spam database:
http://www.au.sorbs.net/faq/spamdb.shtml
Third and finally, if you are really not a spammer,
or you are truly reformed, de-listing is relatively
easy. You donate US$50 to a charity or trust approved
by, and not connected with, SORBS for each spam received
related to the listing. This is referred to as the SORBS
'fine'. Please note that we do not expect end users to
take this route if it is the case that the listing is
not related to your own actions, such as is most often
the case with ISP's outgoing mail servers, co-located
servers, free webmails, etc. being listed. In those
cases, the ISP involved needs to contact SORBS directly,
and if the end user contacts us instead, this will be
all we will be able to tell them.
Note: $50 *for each spam received related to the listing.*
And note that this applies even "if you are really not a
spammer". That could be a lot of money, where an IP address
or "originating" email address has been spoofed by a mass
spammer.
This has been discussed in a number of places. SORBS seem
to be unique in this policy.
My suggestion to Lew Wolfgang, in the light of the above,
is not to use an ISP that uses SORBS. Neither SuSE nor your
ISP is unlikely (for the above reasons) to negotiate with
SORBS to get the SuSE list delisted, so if you want to
receive the SuSE list then change your ISP. (Or, perhaps,
lobby them to drop SORBS; but good luck with that!)
(Note that, on my understanding of the above, it is the
SuSE list that is the "end user").
Best wishes,
Ted.
--------------------------------------------------------------------
E-Mail: (Ted Harding)
On Sunday 05 November 2006 08:18, Lew Wolfgang wrote:
Hi Folks,
I stopped receiving SuSE list mail on Oct 14 and didn't realize what's going on until this afternoon. lists.suse.de is listed in the sorbs dns-rbl database as a source of spam. As such, list messages will be silently dropped on many ISPs.
Check it out at http://www.au.sorbs.net/lookup.shtml.
It would seem that the list owner should contact sorbs to get de-listed.
Regards, Lew Wolfgang
SORBS sucks big time. Quote: "SORBS is operated by a vindictive college student named "Matthew Sullivan". SORBS (and most similar DNSBLs) are run on volunteer labor. As a result SORBS is creating a problem it can't control or handle by virtue of the fact that it's using flimsy tests to make authorative designations of fact which may not yet be reasonably ascertainable on today's internet, and certainly, not with the petty trivial testing that is currently taking place. There are a huge amount of false positives, and legitimate emails en masse are blocked by SORBS. No qualified postmaster is using them, as soon as they have taken a closer look at them."
On Sat, 2006-11-04 at 17:18 -0800, Lew Wolfgang wrote:
Hi Folks,
I stopped receiving SuSE list mail on Oct 14 and didn't realize what's going on until this afternoon. lists.suse.de is listed in the sorbs dns-rbl database as a source of spam.
Don't use sorbs. While I think blacklists is an excellent idea, sorbs has proven themselves to be extremely liberal at blacklisting domains. Someone received a mail with a forged From: field (the From: part being our domain). They checked where our mail was hosted and blacklisted that IP. Then they charged us $50 to remove the listing (how can that be legal), and didn't remove it at all. We moved our mail server to a different hosting facility more than a year ago, and got a new IP in the process. The old IP is *still* listed at sorbs... Hans
Hans du Plooy wrote:
On Sat, 2006-11-04 at 17:18 -0800, Lew Wolfgang wrote:
Hi Folks,
I stopped receiving SuSE list mail on Oct 14 and didn't realize what's going on until this afternoon. lists.suse.de is listed in the sorbs dns-rbl database as a source of spam.
Don't use sorbs. While I think blacklists is an excellent idea, sorbs has proven themselves to be extremely liberal at blacklisting domains. Someone received a mail with a forged From: field (the From: part being our domain). They checked where our mail was hosted and blacklisted that IP. Then they charged us $50 to remove the listing (how can that be legal), and didn't remove it at all. We moved our mail server to a different hosting facility more than a year ago, and got a new IP in the process. The old IP is *still* listed at sorbs...
Hans
Wasn' t there a case of an incorrectly blacklisted company suing the likes of sorbs for defamation recently? Don't pay the $50 - sue them for all they've got. J
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-11-06 at 12:05 -0000, John wrote:
Wasn' t there a case of an incorrectly blacklisted company suing the likes of sorbs for defamation recently?
Yes, more or less. It was comented here, I think, search the archive. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFTyvWtTMYHG2NR9URAvkDAJwO6zxcRvMu0txlXzY3IhL2cZ/4wQCePrAC ng0jaieh1mNDi8qoTWJqzMw= =sn7m -----END PGP SIGNATURE-----
On Mon, 2006-11-06 at 12:05 +0000, John wrote:
Hans du Plooy wrote:
Don't use sorbs. While I think blacklists is an excellent idea, sorbs has proven themselves to be extremely liberal at blacklisting domains. Someone received a mail with a forged From: field (the From: part being our domain). They checked where our mail was hosted and blacklisted that IP. Then they charged us $50 to remove the listing (how can that be legal), and didn't remove it at all. We moved our mail server to a different hosting facility more than a year ago, and got a new IP in the process. The old IP is *still* listed at sorbs...
Hans
Wasn' t there a case of an incorrectly blacklisted company suing the likes of sorbs for defamation recently?
I sure hope so - they deserve it. The postfix user list has had a few threads on just why SORBS is so bad. Interesting reading.... Hans
* Hans du Plooy
The postfix user list has had a few threads on just why SORBS is so bad. Interesting reading....
from several years :^) -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-11-06 at 19:17 +0200, Hans du Plooy wrote:
Wasn' t there a case of an incorrectly blacklisted company suing the likes of sorbs for defamation recently?
I sure hope so - they deserve it.
It was spamhouse. http://arstechnica.com/news.ars/post/20061020-8037.html http://yro.slashdot.org/article.pl?sid=06/10/22/0339211 There was an OT thread here, I think. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFFUmGYtTMYHG2NR9URAoJHAJ9sCfiw+VDVVQFxuVIiEaTlhEWoAwCgjHgx +AyR3qMgiqxXJ7+dpJ7f4f0= =7hZN -----END PGP SIGNATURE-----
participants (10)
-
Avi Schwartz
-
Carlos E. R.
-
Darryl Gregorash
-
Hans du Plooy
-
John
-
John Andersen
-
Lew Wolfgang
-
Matt T.
-
Patrick Shanahan
-
Ted.Harding@nessie.mcc.ac.uk