SORBS Insanity

• Previous message (by thread): SORBS Insanity
• Next message (by thread): SORBS Insanity
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jeff Kell wrote:

>
> Jeremy Kister wrote:
> [... giant snip ...]
>
> We are a former user of SORBS.  Our issue was not that of dynamic IPs, 
> but rather their spamtrap listings.  A few weeks ago, at least two of 
> Comcast's legitimate mail servers was blacklisted.  As Comcast has a 
> majority of the cable service in our area, we have a lot of users that 
> use Comcast as their ISP.  Needless to say, listing several of 
> Comcast's prominent mail servers caused our mailers to reject the mail 
> with the SORBS bounce reply.  We have since ceased using SORBS and 
> cured the Comcast problem, as well as a couple of other unrelated (and 
> previously unreported) problems. 

I do recommend anyone using the complete DB to whitelist any major 
mailservers 'near' them.  If you can't do this I recomend you use 
tagging and/or use 'safe.dnsbl.sorbs.net' which doesn't contain the spam 
DB, but does contain all other DBs.

> But I have/had a considerable degree of respect for SORBS, and as part 
> of our abuse department, I dutifully report all of our reported spam 
> deliveries to SpamCop.  When SpamCop does it's analysis and notes that 
> the spam in question was listed in SORBS, I now cringe.  It would have 
> been blocked.
>
> So currently I'm considering asking for partial zone transfers of some 
> of their blocks (our mailer doesn't discriminate against the DNS 
> return address being 127.0.0.x or 127.0.0.y, a hit is a hit) and 
> omitting at least the 'spamtrap' portion (for the same reason we don't 
> use SpamCop directly -- the knee-jerk false positives outweigh the 
> real hits to upset a considerable portion of our user base). 

safe.dnsbl.sorbs.net - available on all the public DNS servers and by 
using the zonefiles.

> From the opposite standpoint in acting on spam that originates in our 
> domain, everything to date has been a compromised machine and/or virus.
> If SpamCop lists our registered mailers, I can at least respond from 
> the abuse address that the problem has been corrected and there are no 
> further interruptions in our mail service.  I can only imagine the 
> problems if you end up blacklisted by SORBS if their response time and 
> effort is really this low for cleaning up their lists.  While the big 
> ISPs may not act immediately (or at all) on compromised hosts with 
> trojan proxies, we do keep a tight lid on it (and block SMTP from 
> end-users at egress, but that is another discussion). 

You will note my post before Christmas about the up and coming 
whitelisting mechanism - I am still collecting details for people 
wanting to use it - unfortunately for a variety of reasons the 
whitelisting mechanism is still not ready to go public.

Yours

Matthew

• Previous message (by thread): SORBS Insanity
• Next message (by thread): SORBS Insanity
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]