Slightly OT: Greylisting success or failure stories?

Thomas Cameron thomas.cameron at camerontech.com
Mon Feb 7 00:30:38 UTC 2005 

----- Original Message ----- 
From: "Aleksandar Milivojevic" <amilivojevic at pbl.ca>
To: "For users of Fedora Core releases" <fedora-list at redhat.com>
Sent: Sunday, February 06, 2005 2:22 PM
Subject: Re: Slightly OT: Greylisting success or failure stories?


> Quoting Les Mikesell <les at futuresource.com>
> Date: Fri, 04 Feb 2005 17:38:19
>
>> How do you know what IP's are dynamic or when someone else
>> reallocates them?
>
> You assume that somebody else has more or less correct database.  Usually
> various DNSBL databases that have lists of open relays and known spammers, 
> have
> these list too.  They don't have *all* dynamic ranges (only detected, 
> reported
> by someone else, or reported by ISP itself).  From time to time you'd get 
> false
> positive.  Usually some poor guy who bought (rented would be more 
> appropriate
> term) single static IP address cheap for his ADSL line, and couldn't 
> afford any
> better.  Or from time to time an range that was used for dynamic addresses 
> in
> the past, but is now used for static (sometimes it takes long time for 
> those
> lists to be updated for this kind of changes, unless range was reported by 
> ISP
> itself).
>
> Personally, I don't like using those lists for direct blocking (but I do 
> like
> using them with scoring tools, such as SpamAssassin, where existance of 
> such
> record only affects the score, but is not enough on its own to block the
> message).  The reason being that while there is less false negatives than 
> with
> SpamAssassin, there is also more false positives.  That is only my 
> experience,
> somebody else might have different experience.
>
> -- 
> Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
> Systems Administrator                           1499 Buffalo Place
> Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

I'll secodn what Aleksander has said about blocking based on those lists. 
I'm currently going round and round with some idiots and an ISP who block 
*everything* from RoadRunner.  I have a RoadRunner Business account, and RR 
is *very* good about policing their network.  They already block outgoing 
port 25 on their dynamic addresses because of all the Windows boxes which 
have been 0wn3d by spambots.  RoadRunner is alse really quick to shut down 
any of the business class users who spam.  So the decision to block my 
address by this ISP is just stupid.  Adding a weight to a message score, 
maybe.  Just shutting it off?  Stupid.

Thomas

More information about the fedora-list mailing list