spamcop abusing mail systems worldwide

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

spamcop abusing mail systems worldwide

Dan-356


Today I had an unhappy unix student try to submit an assignment to me and
could not. Spamcop has decided to go off blacklisting all yahoo/shaw etc
servers worldwide.

Solution:
remove: reject_rbl_client bl.spamcop.net
from your smtpd_recipient_restrictions line until they fix their abuse
issues.


Dan.


--
Dan The Man
CTO/ Senior System Administrator
Websites, Domains and Everything else
http://www.SunSaturn.com
Email: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Tõnu Samuel
On Thu, 2011-11-17 at 07:35 -0600, Dan The Man wrote:
>
> Today I had an unhappy unix student try to submit an assignment to me and
> could not. Spamcop has decided to go off blacklisting all yahoo/shaw etc
> servers worldwide.
>
> Solution:
> remove: reject_rbl_client bl.spamcop.net
> from your smtpd_recipient_restrictions line until they fix their abuse
> issues.

Spammers ARE blacklisted, even they are called "yahoo". Just have good
ISP with good reputation. My servers have never been blacklisted because
I just keep spammers away from them in early stage.

  Tonu

Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Dan-356


I agree completely, but I don't think a student failing a course because
he only has a yahoo/shaw etc address and got a legitimate email bounced
would agree very much :)

I think my solution should stand, we got all the other rbl's,
and spamassassin etc, there really no need to have anything legitimate
dropped till they fix their issues.



Dan.


--
Dan The Man
CTO/ Senior System Administrator
Websites, Domains and Everything else
http://www.SunSaturn.com
Email: [hidden email]

On Thu, 17 Nov 2011, Tõnu Samuel wrote:

> On Thu, 2011-11-17 at 07:35 -0600, Dan The Man wrote:
>>
>> Today I had an unhappy unix student try to submit an assignment to me and
>> could not. Spamcop has decided to go off blacklisting all yahoo/shaw etc
>> servers worldwide.
>>
>> Solution:
>> remove: reject_rbl_client bl.spamcop.net
>> from your smtpd_recipient_restrictions line until they fix their abuse
>> issues.
>
> Spammers ARE blacklisted, even they are called "yahoo". Just have good
> ISP with good reputation. My servers have never been blacklisted because
> I just keep spammers away from them in early stage.
>
>  Tonu
>
>
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

John Peach-2
On Thu, 17 Nov 2011 08:08:13 -0600 (CST)
Dan The Man <[hidden email]> wrote:

>
>
> I agree completely, but I don't think a student failing a course
> because he only has a yahoo/shaw etc address and got a legitimate
> email bounced would agree very much :)
>
> I think my solution should stand, we got all the other rbl's,
> and spamassassin etc, there really no need to have anything
> legitimate dropped till they fix their issues.

Spamcop recommend you use it for scoring, not blocking....

[snip]
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Stan Hoeppner
On 11/17/2011 8:12 AM, John Peach wrote:

> On Thu, 17 Nov 2011 08:08:13 -0600 (CST)
> Dan The Man <[hidden email]> wrote:
>
>>
>>
>> I agree completely, but I don't think a student failing a course
>> because he only has a yahoo/shaw etc address and got a legitimate
>> email bounced would agree very much :)
>>
>> I think my solution should stand, we got all the other rbl's,
>> and spamassassin etc, there really no need to have anything
>> legitimate dropped till they fix their issues.
>
> Spamcop recommend you use it for scoring, not blocking....

And a default Spamassassin config includes Spamcop for scoring:

http://wiki.apache.org/spamassassin/DnsBlocklists:

Having "reject_rbl_client bl.spamcop.net" on top of scoring with it in
SA caused this problem.  It's not Spamcop's fault the student's email
was rejected.  I dare say it was the mail OP's fault for not having his
server configured properly.

--
Stan
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

lst_hoe02
In reply to this post by Dan-356
Zitat von Dan The Man <[hidden email]>:

>
>
> Today I had an unhappy unix student try to submit an assignment to  
> me and could not. Spamcop has decided to go off blacklisting all  
> yahoo/shaw etc servers worldwide.

The subject is wrong. Spamcop simply list mailservers sending a lot of  
spam and Yahoo for example does exactly that. It is the duty of the  
mailserver operator to decide if such a list should be used for  
blocking senders.

> Solution:
> remove: reject_rbl_client bl.spamcop.net
> from your smtpd_recipient_restrictions line until they fix their  
> abuse issues.

The abuse issue is that some mailserver operators does not choose  
carefully which RBLs to use. Spamcop does exactly what they claim and  
no, we don't use it because of this.

Regards

Andreas



smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Reindl Harald-2
In reply to this post by Tõnu Samuel


Am 17.11.2011 14:56, schrieb Tõnu Samuel:

> On Thu, 2011-11-17 at 07:35 -0600, Dan The Man wrote:
>>
>> Today I had an unhappy unix student try to submit an assignment to me and
>> could not. Spamcop has decided to go off blacklisting all yahoo/shaw etc
>> servers worldwide.
>>
>> Solution:
>> remove: reject_rbl_client bl.spamcop.net
>> from your smtpd_recipient_restrictions line until they fix their abuse
>> issues.
>
> Spammers ARE blacklisted, even they are called "yahoo". Just have good
> ISP with good reputation. My servers have never been blacklisted because
> I just keep spammers away from them in early stage.
this is a lets say polite: "not real smart argumentation"

if you are blocking major-providers like yahoo, google.... you can go ahead
and turn your mailserver off and close your company because NO CLIENT will
accept this with no argument and to say it clear: if someone thinks it is
cool to block major-isp's for whatever reason maybe he is doing the wrong job

why?

because a mailserver is primary there do get and send e-mails and not to
block them!


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Dennis Clarke-2
In reply to this post by Dan-356

>
>
> Today I had an unhappy unix student try to submit an assignment ..

tell your students to use the email address provided by the school on the
school domain. Also, as a policy, I blacklist all yahoo, gmail, hotmail
junk and life is much better at the office.

If someone does not have a valid email address at a reasonable domain then
we don't want to hear from them anyways.

Dennis


Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Reindl Harald-2


Am 17.11.2011 15:39, schrieb Dennis Clarke:
>> Today I had an unhappy unix student try to submit an assignment ..
>
> tell your students to use the email address provided by the school on the
> school domain. Also, as a policy, I blacklist all yahoo, gmail, hotmail
> junk and life is much better at the office.
>
> If someone does not have a valid email address at a reasonable domain then
> we don't want to hear from them anyways.

never heard a more arrogant statement with so few knowledge!

did you ever realize that you can host your domain at google?
so you are possibly blocking valid addresses from reasonable
domains to - but that is only an additional point

where do you live that you think you are in the position what
other people are using and that they have to register a domain
before they allowed to speak with you?


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Simon Brereton-2
In reply to this post by lst_hoe02
On 17 November 2011 09:28,  <[hidden email]> wrote:

> Zitat von Dan The Man <[hidden email]>:
>
>>
>>
>> Today I had an unhappy unix student try to submit an assignment to me and
>> could not. Spamcop has decided to go off blacklisting all yahoo/shaw etc
>> servers worldwide.
>
> The subject is wrong. Spamcop simply list mailservers sending a lot of spam
> and Yahoo for example does exactly that. It is the duty of the mailserver
> operator to decide if such a list should be used for blocking senders.

I agree.  In all likelyhood, Spamcop listed the SHAW IP which is where
the email originates from and not the Yahoo IP.  Perhaps the student
will take this as a lesson to choose a better ISP.

>> Solution:
>> remove: reject_rbl_client bl.spamcop.net
>> from your smtpd_recipient_restrictions line until they fix their abuse
>> issues.

It's not *their* issue.  They list servers/IPs that send a significant
amount of spam.  I would suggest the people with the issue are the IP
owners.  Not spamcop.

But as others have said, you're not obliged to use it.  So please don't.

Simon
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Mark Goodge
In reply to this post by Dennis Clarke-2
On 17/11/2011 14:39, Dennis Clarke wrote:

>
>>
>>
>> Today I had an unhappy unix student try to submit an assignment ..
>
> tell your students to use the email address provided by the school on the
> school domain. Also, as a policy, I blacklist all yahoo, gmail, hotmail
> junk and life is much better at the office.
>
> If someone does not have a valid email address at a reasonable domain then
> we don't want to hear from them anyways.

Yes, but you're not selling anything or providing any kind of public
service. So it doesn't matter if people can't email you. Those of us who
work for commercial organisations or government bodies don't have that
choice.

Mark
--
  Sent from my Babbage Difference Engine
  http://mark.goodge.co.uk
  http://www.ratemysupermarket.com
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Tõnu Samuel
In reply to this post by Reindl Harald-2
On Thu, 2011-11-17 at 15:48 +0100, Reindl Harald wrote:

> never heard a more arrogant statement with so few knowledge!
>

I somewhat understand his position. What is ham and what is spam often
depends also some cultural background. For example I have anything with
"From: aol.com" blocked because in my 15 years of internet usage I
cannot remind anything useful coming from that domain. Maybe it
situation is different in USA but in EU I just block it for years
without single false positive yet.

I host hundreds of client domains and most of then really do not want to
receive stuff from India, Tunisia, Russia, Indonesia, Vietnam, China and
some other very common spam sources. I seriously consider source IP
blocks by country for some mail servers.

BTW, I do have friends and coworkers who are Chinese, Vietnamese etc. so
I do care about making stuff right.

  Tõnu

Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Tõnu Samuel
In reply to this post by Dan-356
On Thu, 2011-11-17 at 08:08 -0600, Dan The Man wrote:
>
> I agree completely, but I don't think a student failing a course because
> he only has a yahoo/shaw etc address and got a legitimate email bounced
> would agree very much :)
>
> I think my solution should stand, we got all the other rbl's,
> and spamassassin etc, there really no need to have anything legitimate
> dropped till they fix their issues.

Spam filters work in big part because they cause trouble for spammers.
This also includes spammers who do not think they are spammers or just
stupid enough to accommodate all kind of bots, viruses etc. For example
somehow Gmail managed to include me in some arabic religios mailing
list. There is no way I can find someone in Google to look on my weird
problem. I just report every single mail from this list to SpamCop. I do
this for months and like in every big company nobody cares. Just at some
point when Gmail gets blocked we get similar discussion here in list and
only then maybe someone in Google starts to read abuse@ mailbox. Big
companies ARE ignorant unless they get real trouble where also
executives feel that.

   Tõnu

Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Jose Ildefonso Camargo Tolosa
In reply to this post by Mark Goodge
Greetings,

On Thu, Nov 17, 2011 at 10:30 AM, Mark Goodge <[hidden email]> wrote:
> On 17/11/2011 14:39, Dennis Clarke wrote:
>>
>>>
>>>
>>> Today I had an unhappy unix student try to submit an assignment ..
>>
>> tell your students to use the email address provided by the school on the
>> school domain. Also, as a policy, I blacklist all yahoo, gmail, hotmail
>> junk and life is much better at the office.

Not all schools provides email addresses to their students, and some
students will just decide not to use them... why?, well, because,
after all, these are temporary address, for as long as you are at the
school, you can't keep those for the rest of your life, and thus some
students decide not to use them.

>>
>> If someone does not have a valid email address at a reasonable domain then
>> we don't want to hear from them anyways.
>
> Yes, but you're not selling anything or providing any kind of public
> service. So it doesn't matter if people can't email you. Those of us who
> work for commercial organisations or government bodies don't have that
> choice.

Same here, that's exactly why I don't use a "hard" block policy, I use
scoring (with ASSP) and even use Bayes filters (yeah, those that
requires "training" and stuff), thanks to this combination I get rid
of ~95% of the spam, while keeping over 99% of good mail (I almost
never lose a legit mail because of the mail filter).

yahoo, hotmail, gmail are domains used by all kind of persons (I have
even seen customers that just uses [hidden email] as their
corporate mail!!), so: just blocking them because a few send spam is
non-sense.... you need to check message content, that's why I use
Bayes as part of the scoring.

Now, spam fight is everyday harder, because spammers are looking
everyday more like legitimate senders... as a matter of fact,
sometimes what I consider spam is not considered spam by other person,
so... this is actually a complex topic.

Ildefonso.
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Tõnu Samuel
In reply to this post by Reindl Harald-2
On Thu, 2011-11-17 at 15:39 +0100, Reindl Harald wrote:

> > Spammers ARE blacklisted, even they are called "yahoo". Just have good
> > ISP with good reputation. My servers have never been blacklisted because
> > I just keep spammers away from them in early stage.
>
> this is a lets say polite: "not real smart argumentation"
>
> if you are blocking major-providers like yahoo, google.... you can go ahead
> and turn your mailserver off and close your company because NO CLIENT will
> accept this with no argument and to say it clear: if someone thinks it is
> cool to block major-isp's for whatever reason maybe he is doing the wrong job

I report about 500 mails daily to spamcop and this takes important part
of my time. Sorry for being unpolite towards spammers but I believe that
noone should be whitelisted because they are big and fat. They consume
resources of ours. They are parasites.

I know lot about inside stuff. One example I can talk: You might heard
about case in Estonia where Russian criminals made botnet to distribute
spam. Company behind it got first place as IT company in Estonia based
on turnover. They were also important customer of our telecom and other
ISP-s. Yes ISPs got lot of compaints for spamming and virus distribution
from their hosts. But because company paid lot of money they kept these
criminals hosted longer time. This ended only after big blocklists put
permanent ban on /16 size range. As much I know now when years are
passed those block are still in list. This is only thing what works.
Unsure what exactly happened this time but next time Yahoo takes more
care about looking what is sent via their system. Maybe next time they
implement system which limits sending 10 mails in second via webmail or
something else. Anyway complaints are what make them move.

   Tõnu

Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Reindl Harald-2


Am 17.11.2011 16:20, schrieb Tõnu Samuel:

> On Thu, 2011-11-17 at 15:39 +0100, Reindl Harald wrote:
>>> Spammers ARE blacklisted, even they are called "yahoo". Just have good
>>> ISP with good reputation. My servers have never been blacklisted because
>>> I just keep spammers away from them in early stage.
>>
>> this is a lets say polite: "not real smart argumentation"
>>
>> if you are blocking major-providers like yahoo, google.... you can go ahead
>> and turn your mailserver off and close your company because NO CLIENT will
>> accept this with no argument and to say it clear: if someone thinks it is
>> cool to block major-isp's for whatever reason maybe he is doing the wrong job
>
> I report about 500 mails daily to spamcop and this takes important part
> of my time. Sorry for being unpolite towards spammers but I believe that
> noone should be whitelisted because they are big and fat. They consume
> resources of ours. They are parasites.
if you really report 500 mails each day you should give over your
job to someone with more qualifications because we are hosting some
thousand mail-addresses and i could never report 500 spam-mails per
day because they are not received without blocking major providers

http://www.barracudanetworks.com/

a) intention-filtering, hourly updated rules
b) blacklist
c) block by PTR to get rid of 99% of all spambots

your primary job as admin is to make sure that legal mails are  received and
not to play around the whole day to maximize false-positives, long after
that comes the fight against spam

10 spam mails are less damage than a single false-positive



signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Tõnu Samuel
On Thu, 2011-11-17 at 16:30 +0100, Reindl Harald wrote:

> if you really report 500 mails each day you should give over your
> job to someone with more qualifications because we are hosting some
> thousand mail-addresses and i could never report 500 spam-mails per
> day because they are not received without blocking major providers
>
> http://www.barracudanetworks.com/
>
> a) intention-filtering, hourly updated rules
> b) blacklist
> c) block by PTR to get rid of 99% of all spambots

About qualifications - you may put your CV next to
http://www.linkedin.com/in/tonusamuel or shut up.

About 500 reports - I run spamtraps mainly in .ee domains to keep my eye
on local spammers and to keep blog http://no.spam.ee which is pretty
good measure I would say.

About barracuda - they remotely disabled it for my customer. I would
never recommend products with such backdoors. More info
http://seclists.org/fulldisclosure/2011/Apr/460

   Tõnu

Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Reindl Harald-2


Am 17.11.2011 16:36, schrieb Tõnu Samuel:

> On Thu, 2011-11-17 at 16:30 +0100, Reindl Harald wrote:
>
>> if you really report 500 mails each day you should give over your
>> job to someone with more qualifications because we are hosting some
>> thousand mail-addresses and i could never report 500 spam-mails per
>> day because they are not received without blocking major providers
>>
>> http://www.barracudanetworks.com/
>>
>> a) intention-filtering, hourly updated rules
>> b) blacklist
>> c) block by PTR to get rid of 99% of all spambots
>
> About qualifications - you may put your CV next to
> http://www.linkedin.com/in/tonusamuel or shut up.
you are not in the position to tell somebody to shut up after
making recommendations which are unacceptable if you are
working in business and some nice lines on a social network
like "CEO here and there" are really not saying anything
about qualifications

> About 500 reports - I run spamtraps mainly in .ee domains to keep my eye
> on local spammers and to keep blog http://no.spam.ee which is pretty
> good measure I would say.

nice, but does nothing change in the fact that if you are really
the whole day watching for spam-attemnts you are doing something
badly wrong

> About barracuda - they remotely disabled it for my customer. I would
> never recommend products with such backdoors. More info
> http://seclists.org/fulldisclosure/2011/Apr/460

well, something went wrong, shit happens

the spamfirewall is useless without subscription because you would end
in that what you are doing now, using the spam-firewall since 6 years
and had not a single problem and if you are renewing in time such
things simply does not happen


signature.asc (270 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Dick Visser-4
In reply to this post by Tõnu Samuel
On 2011-11-17 16:05, Tõnu Samuel wrote:

> What is ham and what is spam often depends also some cultural background.

It does indeed. Having "Dick" as first name in a mostly English-oriented
environment doesn't work in my favor ;-)


--
Dick Visser
System & Network Engineer
TERENA Secretariat
Singel 468D, 1017 AW Amsterdam
The Netherlands
T +31 20 530 44 88 F +31 20 530 44 99
[hidden email] | www.terena.org



smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: spamcop abusing mail systems worldwide

Jose Ildefonso Camargo Tolosa
In reply to this post by Reindl Harald-2
Posting to list, sorry!

On Thu, Nov 17, 2011 at 11:00 AM, Reindl Harald <[hidden email]> wrote:

>
>
> Am 17.11.2011 16:20, schrieb Tõnu Samuel:
>> On Thu, 2011-11-17 at 15:39 +0100, Reindl Harald wrote:
>>>> Spammers ARE blacklisted, even they are called "yahoo". Just have good
>>>> ISP with good reputation. My servers have never been blacklisted because
>>>> I just keep spammers away from them in early stage.
>>>
>>> this is a lets say polite: "not real smart argumentation"
>>>
>>> if you are blocking major-providers like yahoo, google.... you can go ahead
>>> and turn your mailserver off and close your company because NO CLIENT will
>>> accept this with no argument and to say it clear: if someone thinks it is
>>> cool to block major-isp's for whatever reason maybe he is doing the wrong job
>>
>> I report about 500 mails daily to spamcop and this takes important part
>> of my time. Sorry for being unpolite towards spammers but I believe that
>> noone should be whitelisted because they are big and fat. They consume
>> resources of ours. They are parasites.
>
> if you really report 500 mails each day you should give over your
> job to someone with more qualifications because we are hosting some
> thousand mail-addresses and i could never report 500 spam-mails per
> day because they are not received without blocking major providers
>
> http://www.barracudanetworks.com/
>
> a) intention-filtering, hourly updated rules
> b) blacklist
> c) block by PTR to get rid of 99% of all spambots

Neat, but expensive, and in my experience with Barracuda it has a high
false-positive rate (ie, tends to block legit mail).... that's one of
the reasons I tolerate ASSP (it has some quirks, but it rocks as an
spam filter).
12