Hi, the IP of ns1.clamav.net, 69.61.68.204 is blacklisted by Spamhaus: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27556 causing interruptions in mail from/to clamav.net Dirk _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
On Wed, 01 Jun 2005 at 15:44:28 +0200, Dirk Mueller wrote: > > the IP of ns1.clamav.net, 69.61.68.204 is blacklisted by Spamhaus: > > http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27556 > > causing interruptions in mail from/to clamav.net I was under the impression that Spamhaus listing is used only for checking SMTP clients' IP addresses (I use it myself), not for blocking DNS requests/replies also. Am I wrong? And I don't observe that my server doesn't accept any mail from ClamAV MLs due to using Spamhaus. I'm not saying that the situation isn't worth cleaning, just asking for clarification. -- -- Tomasz Papszun SysAdm <at> TP S.A. Lodz, Poland | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
Tomasz Papszun wanted us to know: >> the IP of ns1.clamav.net, 69.61.68.204 is blacklisted by Spamhaus: >> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27556 >> causing interruptions in mail from/to clamav.net >I was under the impression that Spamhaus listing is used only for >checking SMTP clients' IP addresses (I use it myself), not for >blocking DNS requests/replies also. Am I wrong? It's collateral damage. A spammer owns an IP or an IP block in the same /23 as you. Spamhaus attempts to hurt the ISP by having other innocent customers complain to them so much (and potentially switch away from them, aka voting with their wallet) that the ISP boots the spammer. Apparently, linuxlabs has been hosting a known spammer, namely Jeffery Peters. It is not clear if this was intentional or not. You have a couple of options: 1) Get that ISP to boot Jeffery Peters and all sites created by him. 2) Get a different ISP. 3) Temporarily move your mail to a different machine (Spamhaus listings don't affect dns operation, so dns will continue to work properly). >I'm not saying that the situation isn't worth cleaning, just asking for >clarification. HTH. -- -- Regards... Todd There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. --Ed Howdershelt Linux kernel 2.6.11-6mdksmp 3 users, load average: 0.15, 0.10, 0.25(Continue reading)
On Wed, 01 Jun 2005 at 8:21:52 -0700, Todd Lyons wrote: > Tomasz Papszun wanted us to know: > > >> the IP of ns1.clamav.net, 69.61.68.204 is blacklisted by Spamhaus: > >> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL27556 > >> causing interruptions in mail from/to clamav.net > >I was under the impression that Spamhaus listing is used only for > >checking SMTP clients' IP addresses (I use it myself), not for > >blocking DNS requests/replies also. Am I wrong? > > It's collateral damage. A spammer owns an IP or an IP block in the same > /23 as you. Spamhaus attempts to hurt the ISP by having other innocent > customers complain to them so much (and potentially switch away from > them, aka voting with their wallet) that the ISP boots the spammer. > Apparently, linuxlabs has been hosting a known spammer, namely Jeffery > Peters. It is not clear if this was intentional or not. You have a > couple of options: > 1) Get that ISP to boot Jeffery Peters and all sites created by him. > 2) Get a different ISP. I haven't asked for that. I know what Spamhaus listing is for, but thanks for the explanation anyway(Continue reading). > 3) Temporarily move your mail to a different machine Seems I wasn't clear enough. No clamav-related mail traverses that machine, AFAIK. It's just a DNS server. That's why I asked whether any party uses Spamhaus listing to blocking DNS-related packets or ignoring DNS replies coming from a listed IP address.
On Wed, 01 Jun 2005 at 17:49:04 +0200, Tomasz Papszun wrote:
> On Wed, 01 Jun 2005 at 8:21:52 -0700, Todd Lyons wrote:
[...]
> > couple of options:
> > 1) Get that ISP to boot Jeffery Peters and all sites created by him.
> > 2) Get a different ISP.
>
> I haven't asked for that. I know what Spamhaus listing is for, but
^^^
I meant "asked _about_" (inquiried), not "asked for". Sorry.
--
--
Tomasz Papszun SysAdm <at> TP S.A. Lodz, Poland | And it's only
tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros.
tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
>It's collateral damage. A spammer owns an IP or an IP block in the same
>/23 as you. Spamhaus attempts to hurt the ISP by having other innocent
>customers complain to them so much (and potentially switch away from
>them, aka voting with their wallet) that the ISP boots the spammer.
Only weenies pay attention to Spamhaus's list. Or to any DNS-RBL, really.
And I don't much care whether weenies can receive my mail or not.
---
Jef
Jef Poskanzer jef <at> mail.acme.com http://www.acme.com/jef/
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
On Wednesday 01 June 2005 16:53, Tomasz Papszun wrote: > > causing interruptions in mail from/to clamav.net > I was under the impression that Spamhaus listing is used only for > checking SMTP clients' IP addresses (I use it myself), not for > blocking DNS requests/replies also. Am I wrong? No, you're right. What I'm seeing here seems to be a bug in spamassassin, because it does list mail from clamav.net now: $ spamassassin -D -t < mail_from_clamav .. debug: URIDNSBL: query for clamav.net took 2 seconds to look up (sbl.spamhaus.org.:204.68.61.69) debug: URIDNSBL: domain "clamav.net" listed (URIBL_SBL): "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL27556" .. Not sure why that is happening, yet. I might investigate further and file a bugreport. Dirk _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
On Wed, 1 Jun 2005, Dirk Mueller wrote: > On Wednesday 01 June 2005 16:53, Tomasz Papszun wrote: > >>> causing interruptions in mail from/to clamav.net >> I was under the impression that Spamhaus listing is used only for >> checking SMTP clients' IP addresses (I use it myself), not for >> blocking DNS requests/replies also. Am I wrong? > > No, you're right. What I'm seeing here seems to be a bug in spamassassin, > because it does list mail from clamav.net now: > > $ spamassassin -D -t < mail_from_clamav > .. > debug: URIDNSBL: query for clamav.net took 2 seconds to look up > (sbl.spamhaus.org.:204.68.61.69) > debug: URIDNSBL: domain "clamav.net" listed (URIBL_SBL): > "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL27556" > .. > > Not sure why that is happening, yet. I might investigate further and file a > bugreport. I think it's happening because of the footer v v v v v v v v v v v v v v > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Adds a point to every message's score.(Continue reading)
Hi, >> debug: URIDNSBL: query for clamav.net took 2 seconds to look up >> (sbl.spamhaus.org.:204.68.61.69) >> debug: URIDNSBL: domain "clamav.net" listed (URIBL_SBL): What about using oru whitelist ? Get http://antispam.imp.ch/rules/uribl-skips and add it to your spamassassin config. Then you'll be on the safe side ... Martin _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
On Wed, 01 Jun 2005 at 11:27:28 -0500, Damian Menscher wrote: > > >Not sure why that is happening, yet. I might investigate further and file a > >bugreport. > > I think it's happening because of the footer > v v v v v v v v v v v v v v > >_______________________________________________ > >http://lurker........net/list/clamav-devel.html > > ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ > Adds a point to every message's score. > I wonder if each such repeated footer causes adding another point. As a collateral gainit might block messages from people who repeatedly top-post and don't remove unneeded footers
RSS Feed14 | |
|---|---|
2 | |
25 | |
6 | |
5 | |
2 | |
2 | |
1 | |
3 | |
9 | |
2 | |
1 | |
3 | |
27 | |
4 | |
24 | |
7 | |
15 | |
12 | |
7 | |
6 | |
22 | |
11 | |
5 | |
5 | |
6 | |
7 | |
12 | |
7 | |
17 | |
15 | |
16 | |
5 | |
16 | |
23 | |
95 | |
54 | |
13 | |
27 | |
8 | |
1 | |
7 | |
5 | |
6 | |
6 | |
14 | |
9 | |
46 | |
8 | |
15 | |
42 | |
17 | |
5 | |
5 | |
31 | |
10 | |
10 | |
13 | |
15 | |
15 | |
9 | |
9 | |
30 | |
22 | |
18 | |
12 | |
4 | |
3 | |
24 | |
26 | |
18 | |
75 | |
52 | |
20 | |
15 | |
36 | |
43 | |
61 | |
9 | |
20 | |
33 | |
39 | |
42 | |
40 | |
12 | |
75 | |
26 | |
39 | |
22 | |
18 | |
26 | |
52 | |
58 | |
89 | |
67 | |
122 | |
124 | |
102 | |
82 | |
83 | |
103 | |
54 | |
56 | |
64 | |
79 | |
58 | |
106 | |
145 | |
80 | |
39 | |
53 | |
82 | |
39 | |
137 | |
70 | |
2 | |
1 |
