Loading ...
Sorry, an error occurred while loading the content.

Re: Yahoo groups and blacklisting...

Expand Messages
  • Greg Hackney
    ... On a positive spin, be glad it s flat broken, and not a transient error. Broken is fixable. You may want to add Gmail (gmail.com and google.com) to your
    Message 1 of 13 , Aug 31, 2006
    • 0 Attachment
      Evan Platt wrote:
      > I've been having DNS issues
      On a positive spin, be glad it's flat broken, and not a transient error.
      Broken is fixable.

      You may want to add Gmail (gmail.com and google.com) to your
      list, since the Spamcop BL also blocks them.

      --
      Greg
    • mouss
      ... Your approach is broken : - you are using spamcops to reject mail during smtp transaction. spamcops isn t designed for this. use it in a score based
      Message 2 of 13 , Aug 31, 2006
      • 0 Attachment
        Evan Platt wrote:
        > I had this working at one point, not sure what I did....
        >
        > Running postfix on a os/x box..
        >
        > Yahoo groups messages are being rejected:
        >
        >
        >
        > Aug 31 13:12:53 www postfix/smtpd[23969]: NOQUEUE: reject: RCPT from
        > unknown[66.163.187.113]: 554 Service unavailable; Client host
        > [66.163.187.113] blocked using bl.spamcop.net; Blocked - see
        > http://www.spamcop.net/bl.shtml?66.163.187.113;
        > from=<sentto-313434-1066-1157055142-evan=espphotography.com@...>
        > to=<evan@...> proto=SMTP helo=<n18.bullet.sc5.yahoo.com>
        >
        >
        > smtpd_client_restrictions =
        > check_client_access hash:/etc/postfix/rbl_access,
        > permit_mynetworks,
        > reject_rbl_client bl.spamcop.net,
        > reject_rbl_client sbl-xbl.spamhaus.org,
        > reject_rbl_client korea.services.net,
        > reject_rbl_client dynablock.njabl.org,
        > reject_rbl_client cbl.abuseat.org,
        > reject_rbl_client bl.csma.biz,
        > reject_rbl_client relays.ordb.org
        >
        >
        > permit
        >
        > rbl_access has
        > dcn.yahoo.com OK
        > scd.yahoo.com OK
        > mud.yahoo.com OK
        > russian-caravan.cloud9.net OK
        > yahoo.com OK
        >
        >
        > and I do have
        >
        > parent_domain_matches_subdomains =
        > debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps,smtpd_client_restrictions
        >
        >
        > -rwxrwxrwx 1 root wheel 380 Aug 28 13:34 /etc/postfix/rbl_access
        > -rwxrwxrwx 1 root wheel 16384 Aug 31 11:55 /etc/postfix/rbl_access.db
        >
        > Am I missing anything?

        Your approach is "broken":

        - you are using spamcops to reject mail during smtp transaction.
        spamcops isn't designed for this. use it in a score based system. or at
        least, temp fault instead of rejecting (just prepend delay_if_reject, or
        change rbl_reply_maps).

        - you are relying on DNS to whitelist some hosts. DNS is not reliable.

        - you have chosen to manage a whitelist. good luck.
      • Gino Cerullo
        ... What is this delay_if_reject? Can someone point to documentation please. -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6
        Message 3 of 13 , Aug 31, 2006
        • 0 Attachment
          On 31-Aug-06, at 6:45 PM, mouss wrote:

          > - you are using spamcops to reject mail during smtp transaction.
          > spamcops isn't designed for this. use it in a score based system.
          > or at least, temp fault instead of rejecting (just prepend
          > delay_if_reject, or change rbl_reply_maps).

          What is this delay_if_reject? Can someone point to documentation please.

          --
          Gino Cerullo

          Pixel Point Studios
          21 Chesham Drive
          Toronto, ON M3M 1W6

          416-247-7740
        • Noel Jones
          ... He s thinking about defer_if_reject, which will turn *any later* reject into a deferral. defer_if_reject does not work like warn_if_reject which acts only
          Message 4 of 13 , Aug 31, 2006
          • 0 Attachment
            At 06:10 PM 8/31/2006, Gino Cerullo wrote:
            >On 31-Aug-06, at 6:45 PM, mouss wrote:
            >
            >>- you are using spamcops to reject mail during smtp
            >>transaction.
            >>spamcops isn't designed for this. use it in a score based
            >>system.
            >>or at least, temp fault instead of rejecting (just prepend
            >>delay_if_reject, or change rbl_reply_maps).
            >
            >What is this delay_if_reject? Can someone point to
            >documentation please.

            He's thinking about defer_if_reject, which will turn *any
            later* reject into a deferral. defer_if_reject does not
            work like warn_if_reject which acts only on the next
            rule. If you want to 450 defer an RBL hit (a questionable
            idea, IMHO) use rbl_reply_maps and define an entry for
            spamcop (use a copy of defalt_rbl_reply with 450 instead of
            550).
            http://www.postfix.org/postconf.5.html#rbl_reply_maps
            http://www.postfix.org/postconf.5.html#defer_if_reject

            Probably a better solution is to use a scoring system such
            as spamassassin or for something much lighter weight, look
            at policyd-weight. http://www.policyd-weight.org/


            --
            Noel Jones
          • Greg Hackney
            ... Is that an opinion, or a fact ? Because if it s a fact, you probably need to tell Spamcop their design is wrong and that their web pages are all wrong.
            Message 5 of 13 , Aug 31, 2006
            • 0 Attachment
              mouss wrote:
              > Your approach is "broken":
              > - you are using spamcops to reject mail during smtp transaction.
              > spamcops isn't designed for this. use it in a score based system.
              Is that an opinion, or a fact ?

              Because if it's a fact, you probably need to tell Spamcop their design
              is wrong and
              that their web pages are all wrong.

              http://www.spamcop.net/fom-serve/cache/291.html
              --
              Greg
            • Rick Zeman
              ... That doesn t mean anything. They also say somewhere else that they re really aggressive and shouldn t be used to block mail in a production environment.
              Message 6 of 13 , Aug 31, 2006
              • 0 Attachment
                On 8/31/06, Greg Hackney <hackney@...> wrote:
                > mouss wrote:
                > > Your approach is "broken":
                > > - you are using spamcops to reject mail during smtp transaction.
                > > spamcops isn't designed for this. use it in a score based system.
                > Is that an opinion, or a fact ?
                >
                > Because if it's a fact, you probably need to tell Spamcop their design
                > is wrong and
                > that their web pages are all wrong.
                >
                > http://www.spamcop.net/fom-serve/cache/291.html

                That doesn't mean anything. They also say somewhere else that they're
                really aggressive and shouldn't be used to block mail in a production
                environment. Real World Usage(tm) has shown that they have a lot of
                false positives which are anathema to a large segment of the admin
                population.
              • Noel Jones
                ... The page says: We recommend that when using any spam filtering method, users be given access to the filtered mail - don t block the mail as documented
                Message 7 of 13 , Aug 31, 2006
                • 0 Attachment
                  At 10:16 PM 8/31/2006, Greg Hackney wrote:
                  >mouss wrote:
                  >>Your approach is "broken":
                  >>- you are using spamcops to reject mail during smtp
                  >>transaction. spamcops isn't designed for this. use it in
                  >>a score based system.
                  >Is that an opinion, or a fact ?
                  >
                  >Because if it's a fact, you probably need to tell Spamcop
                  >their design is wrong and
                  >that their web pages are all wrong.
                  >
                  >http://www.spamcop.net/fom-serve/cache/291.html
                  >--
                  >Greg
                  >

                  The page says:
                  "We recommend that when using any spam filtering method,
                  users be given access to the filtered mail - don't block
                  the mail as documented here, but store it in a separate
                  mailbox. Or tag it and provide users documentation so that
                  they can filter based on the tags in their own MUA. We
                  provide this information only for administrators who cannot
                  use a more subtle approach for whatever reason. "

                  Sounds as if mouss is correct.
                  Also, their example page for postfix is quite outdated.

                  I use spamcop on selected netblocks, called from an access
                  table.
                  I think it fine for anyone to use spamcop on all mail, just
                  be aware that they routinely list major (and minor) ISPs
                  and list servers. Your server, your rules.

                  --
                  Noel Jones
                • Gino Cerullo
                  ... Ah! No wonder I couldn t find any documentation for it. I already know about defer_if_reject thanks. -- Gino Cerullo Pixel Point Studios 21 Chesham Drive
                  Message 8 of 13 , Aug 31, 2006
                  • 0 Attachment
                    On 31-Aug-06, at 10:54 PM, Noel Jones wrote:

                    > At 06:10 PM 8/31/2006, Gino Cerullo wrote:
                    >> On 31-Aug-06, at 6:45 PM, mouss wrote:
                    >>
                    >>> - you are using spamcops to reject mail during smtp transaction.
                    >>> spamcops isn't designed for this. use it in a score based system.
                    >>> or at least, temp fault instead of rejecting (just prepend
                    >>> delay_if_reject, or change rbl_reply_maps).
                    >>
                    >> What is this delay_if_reject? Can someone point to documentation
                    >> please.
                    >
                    > He's thinking about defer_if_reject, which will turn *any later*
                    > reject into a deferral. defer_if_reject does not work like
                    > warn_if_reject which acts only on the next rule. If you want to
                    > 450 defer an RBL hit (a questionable idea, IMHO) use rbl_reply_maps
                    > and define an entry for spamcop (use a copy of defalt_rbl_reply
                    > with 450 instead of 550).
                    > http://www.postfix.org/postconf.5.html#rbl_reply_maps
                    > http://www.postfix.org/postconf.5.html#defer_if_reject
                    >
                    > Probably a better solution is to use a scoring system such as
                    > spamassassin or for something much lighter weight, look at policyd-
                    > weight. http://www.policyd-weight.org/

                    Ah! No wonder I couldn't find any documentation for it. I already
                    know about defer_if_reject thanks.

                    --
                    Gino Cerullo

                    Pixel Point Studios
                    21 Chesham Drive
                    Toronto, ON M3M 1W6

                    416-247-7740
                  • mouss
                    ... may be an interpretation:) ... You can t blame them for their web site (unless you volunteer to improve it:). But let s try anyway: 1- we visit the home
                    Message 9 of 13 , Aug 31, 2006
                    • 0 Attachment
                      Greg Hackney wrote:
                      > mouss wrote:
                      >> Your approach is "broken":
                      >> - you are using spamcops to reject mail during smtp transaction.
                      >> spamcops isn't designed for this. use it in a score based system.
                      > Is that an opinion, or a fact ?
                      >
                      may be an interpretation:)
                      > Because if it's a fact, you probably need to tell Spamcop their design
                      > is wrong and
                      > that their web pages are all wrong.

                      You can't blame them for their web site (unless you volunteer to improve
                      it:). But let's try anyway:

                      1- we visit the "home" page: http://www.spamcop.net/
                      2- we see "use free blocking list" and click on the link "Learn How".
                      3- This drives us to http://www.spamcop.net/bl.shtml
                      4- we keep reading. In particular section "Implement the SCBL to Filter
                      Spam"
                      and there we see:

                      <excerpt>
                      SpamCop encourages SCBL users to tag and divert email, rather than block
                      it outright. ...

                      The SCBL is aggressive and often errs on the side of blocking mail. ...
                      </excerpt>
                    Your message has been successfully submitted and would be delivered to recipients shortly.