I'd agree with Justin...
Using spamcop or spamcop URI to increase the score is the safest method. If
you block at the MTA level you have no way of retrieving a false positive
(for obvious reasons).
SA with a number of custom rulesets can greatly decrease the amount of junk
hitting mail boxes
Mr Michele Neylon
Blacknight Internet Solutions Ltd
http://www.blacknight.ie/
Tel. +353 59 9137101
-----Original Message-----
From: ilug-bounces at linux.ie [mailto:ilug-bounces at linux.ie] On Behalf Of
Justin Mason
Sent: 27 April 2004 17:43
To: David O'Callaghan
Cc: ilug at linux.ie
Subject: Re: [ILUG] Eircom -v- IOL,or just Eircom practicing the best of
spam management,and blacklisting themselves.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David O'Callaghan writes:
> On Tue, 2004-04-27 at 12:07, Enda wrote:
> > Details of a bounced message received from an eircom customer emailing
an
> > IOL.ie customer, seems like Eircom's MTA can't send the message because
its
> > decided for "spamcop" reasons it can't talk with its own mail relay.
Well
> > done Eircom!!
>> Hang on, this looks like IOL are blocking Eircom (based on pretty
> dubious information).
>> > > 193.120.142.80 does not like recipient.
> > > Remote host said: 550-Blocked - see
> > http://www.spamcop.net/bl.shtml?159.134.118.23> > > 550 mail from 159.134.118.23 rejected: administrative prohibition
(host is
> > blacklisted)
> > > Giving up on 193.120.142.80.
>> That is, 193.120.142.80 (hub01.mail.iol.ie) is refusing to deliver mail
> received from 159.134.118.23 (mail07.svc.cra.dublin.eircom.net) because
> of a Spamcop report about it. Eircom are guilty of the following
> terrible crimes:
>> * Been reported as a source of spam less than 10 times
> * Been detected sending mail to spam traps
> * Been witnessed sending mail about 5290 times
>> Knowing that this server belongs to a widely-used ISP (with it's fair
> share of virus-riddled and otherwise clueless users), none of these
> things is particularly surprising.
Yep. Using Spamcop's blocklist as an "all or nothing" blocklist, means
that you will have "issues" with hair-trigger blocks like this, due to
over-sensitivity in how they decide whether to block or not. It's a
pretty common occurrence, reportedly.
I wouldn't recommend using the Spamcop BL in the MTA list of "block on
sight" DNSBLs, where a Spamcop false positive will cause bounces. Leave
that up to "safer" ones like Spamhaus SBL/XBL, and only use Spamcop inside
a more balanced system like SpamAssassin. ;)
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFAjo2RQTcbUG5Y7woRAn4lAJ4mzzd7QckTOeyvXnnedlA+QnI1xwCdGY7t
UEagha6cnPZopSEN/YgPbOg=
=3Z1W
-----END PGP SIGNATURE-----
--
Irish Linux Users' Group
http://www.linux.ie/mailman/listinfo/ilug/
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
