Re: Changes to the mailinglist setup

On 10816 March 1977, MJ Ray wrote:

>> [...], reject with some rbl lists[3] [...]
>> [3] [bogusmx|dsn].rfc-ignorant.org, blackhole.securityusage.com,
>> sbl-xbl.spamhaus.org, relays.ordb.org, opm.blitzed.org,
>> list.dsbl.org, ie. the more sane ones
> More sane perhaps, but still insane. Listing major European ISP
> outgoing mail relays still seems a frequent event on at least one of the
> "Real-time" Blackhole Lists. At least spamcop isn't being used. :-/

Im currently using (and this time using copy&paste from config, not
typing from memory)
reject_rhsbl_sender bogusmx.rfc-ignorant.org
reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rhsbl_sender blackhole.securitysage.com
reject_rhsbl_client blackhole.securitysage.com
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org

and cant remember them having added whole major ISPs. Spamcop yes, thats
bullshit, but noone sane uses that.

> RBLs should never trigger a reject, but can be good input to a scoring
> system. If one rejects on a RBL, you almost may as well reject on a
> RNG. Please can SPI's RBL use be demoted to a score, not a reject?

Well, lets look at the mail statistic for yesterday. (Keep in mind that
we are MX for spi-inc.org, lists.spi, members.spi, fresco.org,
lists.fresco and also emdebian.org, so its not all SPI only)

We have 483 valid mails received.
In the same timeframe we rejected 3892 mails at smtp stage.
That makes 2598k bytes from 119 senders. Our smtpd had 3414 connections
from 811 hosts. The reject summary is (some are 4XX, some are 5XX):

Helo command rejected: Invalid name (total: 31)
Helo command rejected: You are obviously using a bogus helo/ehlo (total: 5)
(Where bogus ehlo means they pretend to be chic.spi-inc.org...)
Helo command rejected: need fully-qualified hostname (total: 498)
Recipient address rejected: Greylisted for [...] seconds (total: 333)
Recipient address rejected: Multi-recipient bounce (total: 2)
Recipient address rejected: User unknown in virtual alias table (total: 44)
Relay access denied (total: 22)
Sender address rejected: Domain not found (total: 99)
Sender address rejected: need fully-qualified address (total: 1)
Sender address rejected: undeliverable address (total: 280)
Sender address rejected: unverified address (total: 1935)
blocked using bogusmx.rfc-ignorant.org (total: 21)
blocked using dsn.rfc-ignorant.org (total: 37)
blocked using list.dsbl.org (total: 14)
blocked using relays.ordb.org (total: 1)
blocked using sbl-xbl.spamhaus.org (total: 565)
body regexp checks blocked 2
header regexp checks blocked 2

So the rbl lists got us rid of 638 mails. Now, lets look at who got
rejected. If one looks at the from/to/helo triple in the log I cant see
anything valid blocked currently. There are some froms where you could
think its ok, but then either the to or helo contains such random
strings that it makes itself invalid.

So no, right now Im not changing it. Im only using a limited set of RBLs
anyway that seem to be sane enough, not bullshit like spamcop. If you
can show evidence that one of those is broken then I will drop it. (Or
move it to a spamassassin check.)

--
bye Joerg
[2.6.15.4 direkt nach 2.6.15.3]
<HE> Linus muss Gentooler hassen.
<formorer> wieso?
<HE> Naja, die dürften ihre optimierten Kernel gerade fertig gebaut
haben und müssen jetzt aus prompter Versionitis auf das
Ausprobieren verzichten und den neuen kompilieren...