Re: [fw-wiz] Use content-based spam filters, not address-based ones
From: Jim Seymour (jseymour_at_linxnet.com)
Date: 10/14/04
- Previous message: Devdas Bhagat: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
- In reply to: Ng Pheng Siong: "[fw-wiz] Use content-based spam filters, not address-based ones"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Thu, 14 Oct 2004 13:07:39 -0400 (EDT)
Ng Pheng Siong <ngps@netmemetic.com> wrote:
>
> Hi,
>
> I mostly lurk on this list. Now and then I post a followup. I just got a
> bounce from one of the addressees of my followup thusly:
>
> <XXX@XXXXX.XXX>: host XXXX.XXXXX.XXX[999.99.999.99] said: 554 Service
> unavailable; Client host [219.74.168.48] blocked using cbl.abuseat.org;
> Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=219.74.168.48
>
> I've only recently started using automatic spam filtering. This happens at
> the SMTP level, in two layers:
[snip]
>
> Just this two-layered filter is enough to bring my spam down to an
> acceptable level.
I'm happy that's working for you. Some people think packet-filtering
at the border is sufficient, and it works for them, too. To each his
own.
>
> I object to filtering by the other side's IP address. I've been delivering
> mail directly from my desktop for many years, ...
[snip]
Best check that desktop, if it's a 'doze box. According to one of the
CBL's people: "... that type of listing is overwhelmingly caused by
Netsky worms." If you're not running a 'doze desktop, are you behind a
NAT router, the LAN side of which has any 'doze boxes that might be
infected?
Perhaps you're on a dynamic IP, and the previous occupant is infected?
It appears that are eight (8) more listings of the same type in that
/24. If you're trying to email direct from a dynamic IP, then expect
delivery problems. Prior IP residents getting the IP listed is only
the start of the problem. Some people, like me, if enough garbage
arrives from the same /24 w/in a certain time period, just list the
entire /24. Then there are the "dynamic IP blocklists," which I also
use.
>
> Yeah, sure I have colo servers and I can set my desktop to relay mail off
> those, but why do the extra work?
[snip]
>
Because you want your email delivered, maybe?
As I pointed out on another mailing list just earlier today: The days
of "...be liberal in what you accept" are pretty much history. The
Endless September, floods of spammers and crackers, virusware marketed
as an "operating system," so-called "admin"s that can't tell a port
from a hole in the ground, and ISPs that don't care that it's their own
nest being fouled have pretty much seen to that.
Jim
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Devdas Bhagat: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
- In reply to: Ng Pheng Siong: "[fw-wiz] Use content-based spam filters, not address-based ones"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Use content-based spam filters, not address-based ones"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
