[RBL] Current status? - VMS

This is a discussion on [RBL] Current status? - VMS ; I just noted that some of my names used in RBL configurations are no longer there/working. I removed them (and now there is unfortunately only one left). What is the current status of RBLs? Which one do you use? TIA ...

+ Reply to Thread
Page 1 of 4 1 2 3 ... LastLast
Results 1 to 20 of 76

Thread: [RBL] Current status?

  1. [RBL] Current status?

    I just noted that some of my names used in RBL configurations are no longer
    there/working. I removed them (and now there is unfortunately only one left).

    What is the current status of RBLs?
    Which one do you use?

    TIA

    --
    Peter "EPLAN" LANGSTÖGER
    Network and OpenVMS system specialist
    E-mail Peter@LANGSTOeGER.at
    A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist

  2. Re: [RBL] Current status?

    On Tue, 26 Aug 2008 08:03:44 -0700, Peter 'EPLAN' LANGSTOeGER
    wrote:

    > I just noted that some of my names used in RBL configurations are no
    > longer
    > there/working. I removed them (and now there is unfortunately only one
    > left).
    >
    > What is the current status of RBLs?
    > Which one do you use?
    >
    > TIA
    >


    RBL domains to check:
    ZEN.SPAMHAUS.ORG
    SPAMCOP.NET
    LIST.DSBL.ORG


    --
    PL/I for OpenVMS
    www.kednos.com

  3. Re: [RBL] Current status?

    Tom Linden wrote:
    > On Tue, 26 Aug 2008 08:03:44 -0700, Peter 'EPLAN' LANGSTOeGER
    > wrote:
    >
    >> I just noted that some of my names used in RBL configurations are no
    >> longer
    >> there/working. I removed them (and now there is unfortunately only one
    >> left).
    >>
    >> What is the current status of RBLs?
    >> Which one do you use?
    >>
    >> TIA
    >>

    >
    > RBL domains to check:
    > ZEN.SPAMHAUS.ORG
    > SPAMCOP.NET
    > LIST.DSBL.ORG


    The list.dsbl.org zones are empty as according to their web page they
    had a server failure according to http://www.dsbl.org/.

    -John
    wb8tyw@qsl.network
    Personal Opinion Only

  4. Re: [RBL] Current status?

    In article , "John E. Malmberg" writes:
    >
    >The list.dsbl.org zones are empty as according to their web page they
    >had a server failure according to http://www.dsbl.org/.


    But this was in June 08.
    Should be filled up (a little bit) in the meantime...

    But, you're right. Question is, if it grows again to full service
    (as messages in the forum about "remove IP xxxx" are not expected there)

    --
    Peter "EPLAN" LANGSTÖGER
    Network and OpenVMS system specialist
    E-mail Peter@LANGSTOeGER.at
    A-1030 VIENNA AUSTRIA I'm not a pessimist, I'm a realist

  5. Re: [RBL] Current status?

    In article <48b43770@news.langstoeger.at>, peter@langstoeger.at (Peter
    'EPLAN' LANGSTOeGER) writes:

    > What is the current status of RBLs?
    > Which one do you use?


    I've been using Spamhaus as my only RBL for a while now. Seems to work
    fine. I get a few thousand SMTP connection attempts per day. Perhaps 5
    spam emails per day get through. Although something like this is
    difficult to detect, I don't think false positives are a problem. I
    have Client-In-RBL-Text: set in SMTP.CONFIG which gives basic
    information and mentions a URL for more information. Any legitimate
    user getting (wrongly?) rejected by the RBL should then know what is
    going on. (Even if the user is legitimate, if he is, say, sending
    directly from a volatile IP address (which would be OK if there was no
    problem with spam), I think it is better to reject him and let him get
    the information since he is probably being blocked by other people
    without realising it.)


  6. Re: [RBL] Current status?

    Phillip Helbig---remove CLOTHES to reply wrote:
    >
    > In article <48b43770@news.langstoeger.at>, peter@langstoeger.at (Peter
    > 'EPLAN' LANGSTOeGER) writes:
    >
    > > What is the current status of RBLs?
    > > Which one do you use?

    >
    > I've been using Spamhaus as my only RBL for a while now. Seems to work
    > fine. I get a few thousand SMTP connection attempts per day. Perhaps 5
    > spam emails per day get through. Although something like this is
    > difficult to detect, I don't think false positives are a problem.


    Actually, false positives are a *BIG* problem! Fortunately, on the VMS
    systems we just de-implemented, all of the important pages were sent by
    HTTP using WGET (Thanx, SMS, for a very useful solution!)

    *ALL* of the AIX pages are sent via SMTP, and our paging provider uses
    spamhaus, also. SO, when we get a lone PC inside the firewall that gets
    infected due to unsafe surfing and starts blasting spam all over he
    known universe, our physician and other caregivers as well as our
    technical people stop getting important message by pager.

    So yes, false positives are all too common and immediately become a
    *HUGE* problem!

    D.J.D.

  7. Re: [RBL] Current status?

    David J Dachtera wrote:
    > Phillip Helbig---remove CLOTHES to reply wrote:
    >> In article <48b43770@news.langstoeger.at>, peter@langstoeger.at (Peter
    >> 'EPLAN' LANGSTOeGER) writes:
    >>
    >>> What is the current status of RBLs?
    >>> Which one do you use?

    >> I've been using Spamhaus as my only RBL for a while now. Seems to work
    >> fine. I get a few thousand SMTP connection attempts per day. Perhaps 5
    >> spam emails per day get through. Although something like this is
    >> difficult to detect, I don't think false positives are a problem.

    >
    > Actually, false positives are a *BIG* problem! Fortunately, on the VMS
    > systems we just de-implemented, all of the important pages were sent by
    > HTTP using WGET (Thanx, SMS, for a very useful solution!)
    >
    > *ALL* of the AIX pages are sent via SMTP, and our paging provider uses
    > spamhaus, also. SO, when we get a lone PC inside the firewall that gets
    > infected due to unsafe surfing and starts blasting spam all over he
    > known universe, our physician and other caregivers as well as our
    > technical people stop getting important message by pager.
    >
    > So yes, false positives are all too common and immediately become a
    > *HUGE* problem!


    I posted at least a year ago that some of the dsbl.org testers had
    discovered a virus - spambot infection that was not detectable by the
    commercial virus scanners at the time.

    The only way to detect this infection is to monitor attempts to send
    e-mail directly through a firewall instead of through the designated
    SMTP gateway.

    Of course in some areas of this country, having a system infected with a
    virus where an unknown bot-master was on in control, anyone who's
    personal data could have been accessed needs to be notified.

    And these days, it must be assumed that if a PC was infected with a
    virus, the purpose was to inject a remote control program for various
    criminal activities.

    http://www.spamhaus.org/news.lasso?article=636

    A corporate firewall should be detecting and setting off security alarms
    when a non-mail server attempts to make a direct SMTP connection through it.

    Another techique to use is a Samba Server configured to look like a
    vulnerable PC to see what systems attempt to infect it.

    And Corporate/Educational network owners should consider being
    suspicious of any outgoing e-mail with reply-to addresses for any of the
    free/demo e-mailers:

    hotmail.com, live.com, live.ca, live.co.uk, live.*

    aol.com, games.com, aim.com, aol.*

    voila.fr, myway.com, gazeta.pl

    yahoo.com, rocketmail.com, ymail.com, yahoo.*

    gmail.com, googlemail.com

    The only e-mails that I have seen outside of mailing list traffic with
    explicit reply-to addresses of the above have been Nigerian 419 scam
    variants where it appears that the scammer has somehow aquired the
    e-mail credentials of a legitimate user on the network, and is using
    remote authenticated access.

    -John
    wb8tyw@qsl.network
    Personal Opinion Only

  8. Re: [RBL] Current status?

    In article <48BB5589.405762E9@spam.comcast.net>, David J Dachtera
    writes:

    > Phillip Helbig---remove CLOTHES to reply wrote:
    > >
    > > In article <48b43770@news.langstoeger.at>, peter@langstoeger.at (Peter
    > > 'EPLAN' LANGSTOeGER) writes:
    > >
    > > > What is the current status of RBLs?
    > > > Which one do you use?

    > >
    > > I've been using Spamhaus as my only RBL for a while now. Seems to work
    > > fine. I get a few thousand SMTP connection attempts per day. Perhaps 5
    > > spam emails per day get through. Although something like this is
    > > difficult to detect, I don't think false positives are a problem.

    >
    > Actually, false positives are a *BIG* problem! Fortunately, on the VMS
    > systems we just de-implemented, all of the important pages were sent by
    > HTTP using WGET (Thanx, SMS, for a very useful solution!)


    In my case, after setting up the Spamhaus RBL, I didn't miss any
    expected emails, from which I concluded that (in my case) false
    positives (meaning non-spam which is handled as spam) weren't a problem.


  9. Re: [RBL] Current status?

    "John E. Malmberg" wrote:
    >
    > David J Dachtera wrote:
    > > Phillip Helbig---remove CLOTHES to reply wrote:
    > >> In article <48b43770@news.langstoeger.at>, peter@langstoeger.at (Peter
    > >> 'EPLAN' LANGSTOeGER) writes:
    > >>
    > >>> What is the current status of RBLs?
    > >>> Which one do you use?
    > >> I've been using Spamhaus as my only RBL for a while now. Seems to work
    > >> fine. I get a few thousand SMTP connection attempts per day. Perhaps 5
    > >> spam emails per day get through. Although something like this is
    > >> difficult to detect, I don't think false positives are a problem.

    > >
    > > Actually, false positives are a *BIG* problem! Fortunately, on the VMS
    > > systems we just de-implemented, all of the important pages were sent by
    > > HTTP using WGET (Thanx, SMS, for a very useful solution!)
    > >
    > > *ALL* of the AIX pages are sent via SMTP, and our paging provider uses
    > > spamhaus, also. SO, when we get a lone PC inside the firewall that gets
    > > infected due to unsafe surfing and starts blasting spam all over he
    > > known universe, our physician and other caregivers as well as our
    > > technical people stop getting important message by pager.
    > >
    > > So yes, false positives are all too common and immediately become a
    > > *HUGE* problem!

    >
    > I posted at least a year ago that some of the dsbl.org testers had
    > discovered a virus - spambot infection that was not detectable by the
    > commercial virus scanners at the time.
    >
    > The only way to detect this infection is to monitor attempts to send
    > e-mail directly through a firewall instead of through the designated
    > SMTP gateway.
    >
    > Of course in some areas of this country, having a system infected with a
    > virus where an unknown bot-master was on in control, anyone who's
    > personal data could have been accessed needs to be notified.
    >
    > And these days, it must be assumed that if a PC was infected with a
    > virus, the purpose was to inject a remote control program for various
    > criminal activities.
    >
    > http://www.spamhaus.org/news.lasso?article=636
    >
    > A corporate firewall should be detecting and setting off security alarms
    > when a non-mail server attempts to make a direct SMTP connection through it.


    ....and there in lies the rub: too many vendor-managed proprietary
    (non-Windows) systems where the vendor is unwilling to "play by the
    house rules".

    > Another techique to use is a Samba Server configured to look like a
    > vulnerable PC to see what systems attempt to infect it.
    >
    > And Corporate/Educational network owners should consider being
    > suspicious of any outgoing e-mail with reply-to addresses for any of the
    > free/demo e-mailers:
    >
    > hotmail.com, live.com, live.ca, live.co.uk, live.*
    >
    > aol.com, games.com, aim.com, aol.*
    >
    > voila.fr, myway.com, gazeta.pl
    >
    > yahoo.com, rocketmail.com, ymail.com, yahoo.*
    >
    > gmail.com, googlemail.com


    Note: "should consider being suspicious of", but should not block
    arbitrarily.

    D.J.D.

  10. Re: [RBL] Current status?

    David J Dachtera wrote:
    > "John E. Malmberg" wrote:
    >>
    >> A corporate firewall should be detecting and setting off security alarms
    >> when a non-mail server attempts to make a direct SMTP connection through it.

    >
    > ...and there in lies the rub: too many vendor-managed proprietary
    > (non-Windows) systems where the vendor is unwilling to "play by the
    > house rules".


    If the system is supposed to send e-mail, then it can be let through the
    firewall.

    If it is not supposed to send e-mail, and it attempts to, don't you
    think someone should find out why?

    >> Another techique to use is a Samba Server configured to look like a
    >> vulnerable PC to see what systems attempt to infect it.
    >>
    >> And Corporate/Educational network owners should consider being
    >> suspicious of any outgoing e-mail with reply-to addresses for any of the
    >> free/demo e-mailers:
    >>
    >> hotmail.com, live.com, live.ca, live.co.uk, live.*
    >>
    >> aol.com, games.com, aim.com, aol.*
    >>
    >> voila.fr, myway.com, gazeta.pl
    >>
    >> yahoo.com, rocketmail.com, ymail.com, yahoo.*
    >>
    >> gmail.com, googlemail.com

    >
    > Note: "should consider being suspicious of", but should not block
    > arbitrarily.


    It depends what is more important to the business:

    Delivery of personal e-mails to non-business addresses through the
    businesses e-mail servers/firewalls or the delivery of messages/pages
    that are critical to the business.

    Or if it is important for the business to know if criminals have access
    to private business and personal records.

    -John
    Personal Opinion Only




  11. Re: [RBL] Current status?

    In article , "John E. Malmberg" writes:
    >
    > If it is not supposed to send e-mail, and it attempts to, don't you
    > think someone should find out why?


    We've had a lot of problems deploying COTS products that send
    out notifications via email, from systems that the security folks
    think shouldn't be "mail servers".

    So "supposed to" is in the eye of the beholder.


  12. Re: [RBL] Current status?

    In article ,
    koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes:
    > In article , "John E. Malmberg" writes:
    >>
    >> If it is not supposed to send e-mail, and it attempts to, don't you
    >> think someone should find out why?

    >
    > We've had a lot of problems deploying COTS products that send
    > out notifications via email, from systems that the security folks
    > think shouldn't be "mail servers".
    >
    > So "supposed to" is in the eye of the beholder.


    Not really. Those particular devices should be sending their email to
    the real mailserver which should be the only one communicating with mail
    servers in the the outside world. If network/system managers, in particular
    ISP's, followed this rule 99% of SPAM cold be dealt with in ver short order.

    bill


    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  13. Re: Current status?

    On Sep 4, 6:37 pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    > In article ,
    > koeh...@eisner.nospam.encompasserve.org (Bob Koehler) writes:
    >
    > > In article , "John E. Malmberg" writes:

    >
    > >> If it is not supposed to send e-mail, and it attempts to, don't you
    > >> think someone should find out why?

    >
    > > We've had a lot of problems deploying COTS products that send
    > > out notifications via email, from systems that the security folks
    > > think shouldn't be "mail servers".

    >
    > > So "supposed to" is in the eye of the beholder.

    >
    > Not really. Those particular devices should be sending their email to
    > the real mailserver which should be the only one communicating with mail
    > servers in the the outside world. If network/system managers, in particular
    > ISP's, followed this rule 99% of SPAM cold be dealt with in ver short order.
    >
    > bill
    >
    > --
    > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    > billg...@cs.scranton.edu | and a sheep voting on what's for dinner.
    > University of Scranton |
    > Scranton, Pennsylvania | #include


    Enforcing "email from recognised SMTP servers only" would indeed get
    rid of much spam instantly, and is a tactic already used by some folks
    to reject *incoming* mail, but it would also break hundreds of little
    convenience Windows apps that have their own mailsenders built in, and
    inconvenience millions of their users. Log watchers, webcam watchers,
    etc, anything which sends notification by email when something
    "interesting" happens, using its own built-in mail server; they would
    all need their user/installer to actually know their ISP's SMTP server
    address so they could do the setup properly. How many PC users
    actually know or care much about that kind of thing?

  14. Re: Current status?

    In article <8c328cb8-33b0-42e2-b590-5aab5a7b2670@w1g2000prk.googlegroups.com>,
    johnwallace4@yahoo.co.uk writes:
    > On Sep 4, 6:37 pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    >> In article ,
    >> koeh...@eisner.nospam.encompasserve.org (Bob Koehler) writes:
    >>
    >> > In article , "John E. Malmberg" writes:

    >>
    >> >> If it is not supposed to send e-mail, and it attempts to, don't you
    >> >> think someone should find out why?

    >>
    >> > We've had a lot of problems deploying COTS products that send
    >> > out notifications via email, from systems that the security folks
    >> > think shouldn't be "mail servers".

    >>
    >> > So "supposed to" is in the eye of the beholder.

    >>
    >> Not really. Those particular devices should be sending their email to
    >> the real mailserver which should be the only one communicating with mail
    >> servers in the the outside world. If network/system managers, in particular
    >> ISP's, followed this rule 99% of SPAM cold be dealt with in ver short order.
    >>

    >
    > Enforcing "email from recognised SMTP servers only" would indeed get
    > rid of much spam instantly, and is a tactic already used by some folks
    > to reject *incoming* mail, but it would also break hundreds of little
    > convenience Windows apps that have their own mailsenders built in, and
    > inconvenience millions of their users.


    So, because windows did something wrong we shold allow Email to further
    degenerate? I think not. :-)

    > Log watchers, webcam watchers,
    > etc, anything which sends notification by email when something
    > "interesting" happens, using its own built-in mail server;


    ....... should be sending their emails to a legitimate email server which
    could then deliver it to the recipient. As it's supposed to be!!!

    > they would
    > all need their user/installer to actually know their ISP's SMTP server
    > address so they could do the setup properly. How many PC users
    > actually know or care much about that kind of thing?


    Who cares. It's not the users setting things up wrong that is causing
    the problem, it is the ISP's and even some corporate systems managers
    who don't know what they are doing. If the ISP sets their firewall up
    to block non-MTA machines from connecting to port 25, the problem goes
    away. If the user really wants to use advanced features of these toys,
    they need to learn how to do it right. Period, end of story. We have
    rules for just about evrything we do in life today, from driving to
    keeping a pet and everything in between. A lot of these rules are
    very inconvenient (like picking up after your dog or driving the right
    way on a one way street). But you still have to do them. Networking
    shouldn't be any different. And it doesn't even take new laws to make
    it happen. It just takes competence.

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  15. Re: Current status?

    >> Log watchers, webcam watchers,
    >> etc, anything which sends notification by email when something
    >> "interesting" happens, using its own built-in mail server;


    *Server* ?? I set up my cheap Zyxel DSL modem/router to send
    notifications to me, but it not a *server*. It uses whatever mail
    server it get's after doing a DSN-MX lookup on the receiver
    address, and that should be the official SMTP server of my
    ISP, as far as I understand.

    Why whould anything just needing to *send* a mail have a
    smtp *server* implementation ?

    Jan-Erik.

  16. Re: [RBL] Current status?

    In article <6iakmbFpl207U2@mid.individual.net>, billg999@cs.uofs.edu
    (Bill Gunshannon) writes:

    > Not really. Those particular devices should be sending their email to
    > the real mailserver which should be the only one communicating with mail
    > servers in the the outside world. If network/system managers, in particular
    > ISP's, followed this rule 99% of SPAM cold be dealt with in ver short order.


    Indeed. And, conversely, blocking email from machines which are not
    mail servers will get rid of 99% of SPAM. Many people do this, so even
    if someone is sending non-SPAM from such a machine, I think it is better
    to reject the connection AND TELL HIM ABOUT IT than to accept it.


  17. Re: Current status?

    In article
    <8c328cb8-33b0-42e2-b590-5aab5a7b2670@w1g2000prk.googlegroups.com>,
    johnwallace4@yahoo.co.uk writes:

    > Enforcing "email from recognised SMTP servers only" would indeed get
    > rid of much spam instantly, and is a tactic already used by some folks
    > to reject *incoming* mail, but it would also break hundreds of little
    > convenience Windows apps that have their own mailsenders built in, and
    > inconvenience millions of their users. Log watchers, webcam watchers,
    > etc, anything which sends notification by email when something
    > "interesting" happens, using its own built-in mail server; they would
    > all need their user/installer to actually know their ISP's SMTP server
    > address so they could do the setup properly. How many PC users
    > actually know or care much about that kind of thing?


    Perhaps true. On the other hand, such machines are the source of most
    SPAM today, taken over by viruses etc sending spam without the owner
    knowing, and without sending too many from one machine within a given
    time (a characteristic some folks used to use to identify possible
    sources of spam). I think it would be a good idea that if such little
    convenience apps were to be used, the user would have to enter the name
    of a mailserver.


  18. Re: Current status?

    In article <6iapk6Fphr6oU3@mid.individual.net>, billg999@cs.uofs.edu
    (Bill Gunshannon) writes:

    > > Enforcing "email from recognised SMTP servers only" would indeed get
    > > rid of much spam instantly, and is a tactic already used by some folks
    > > to reject *incoming* mail, but it would also break hundreds of little
    > > convenience Windows apps that have their own mailsenders built in, and
    > > inconvenience millions of their users.

    >
    > So, because windows did something wrong we shold allow Email to further
    > degenerate? I think not. :-)
    >
    > > Log watchers, webcam watchers,
    > > etc, anything which sends notification by email when something
    > > "interesting" happens, using its own built-in mail server;

    >
    > ....... should be sending their emails to a legitimate email server which
    > could then deliver it to the recipient. As it's supposed to be!!!
    >
    > > they would
    > > all need their user/installer to actually know their ISP's SMTP server
    > > address so they could do the setup properly. How many PC users
    > > actually know or care much about that kind of thing?

    >
    > Who cares. It's not the users setting things up wrong that is causing
    > the problem, it is the ISP's and even some corporate systems managers
    > who don't know what they are doing. If the ISP sets their firewall up
    > to block non-MTA machines from connecting to port 25, the problem goes
    > away. If the user really wants to use advanced features of these toys,
    > they need to learn how to do it right. Period, end of story. We have
    > rules for just about evrything we do in life today, from driving to
    > keeping a pet and everything in between. A lot of these rules are
    > very inconvenient (like picking up after your dog or driving the right
    > way on a one way street). But you still have to do them. Networking
    > shouldn't be any different. And it doesn't even take new laws to make
    > it happen. It just takes competence.


    Amen, brother!


  19. Re: Current status?

    In article ,
    =?ISO-8859-1?Q?Jan-Erik_S=F6derholm?=
    writes:

    > >> Log watchers, webcam watchers,
    > >> etc, anything which sends notification by email when something
    > >> "interesting" happens, using its own built-in mail server;

    >
    > *Server* ?? I set up my cheap Zyxel DSL modem/router to send
    > notifications to me, but it not a *server*. It uses whatever mail
    > server it get's after doing a DSN-MX lookup on the receiver
    > address, and that should be the official SMTP server of my
    > ISP, as far as I understand.
    >
    > Why whould anything just needing to *send* a mail have a
    > smtp *server* implementation ?


    You use "server" to mean "receiving end". A more general use, intended
    here, is "handles traffic". Thus, incoming server and outgoing server.
    You are sending your email TO the proper receiving server (via MX), but
    it is still coming from your machine, not an "official email server".
    Technically, there is no problem with your scheme, but in practice, such
    machines on dial-up, volatile IP addresses are the main source of spam,
    and are thus blocked by more and more people.

    Many STMP servers are neither senders nor receivers, but relays.


  20. Re: Current status?

    Phillip Helbig---remove CLOTHES to reply wrote:

    > such
    > machines on dial-up, volatile IP addresses are the main source of spam,


    I do have a hard time thinking that *dial up* has
    that much to do with modern spam, has it ?

    Jan-Erik.

+ Reply to Thread
Page 1 of 4 1 2 3 ... LastLast