Firewall Wizards mailing list archives

Re: Use content-based spam filters, not address-based ones

From: jseymour () linxnet com (Jim Seymour)
Date: Thu, 14 Oct 2004 13:07:39 -0400 (EDT)

Ng Pheng Siong <ngps () netmemetic com> wrote:


Hi,

I mostly lurk on this list. Now and then I post a followup. I just got a
bounce from one of the addressees of my followup thusly:

<XXX () XXXXX XXX>: host XXXX.XXXXX.XXX[999.99.999.99] said: 554 Service
    unavailable; Client host [219.74.168.48] blocked using cbl.abuseat.org;
    Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=219.74.168.48

I've only recently started using automatic spam filtering. This happens at
the SMTP level, in two layers:

[snip]


Just this two-layered filter is enough to bring my spam down to an
acceptable level.


I'm happy that's working for you.  Some people think packet-filtering
at the border is sufficient, and it works for them, too.  To each his
own.


I object to filtering by the other side's IP address. I've been delivering
mail directly from my desktop for many years, ...

[snip]

Best check that desktop, if it's a 'doze box.  According to one of the
CBL's people: "... that type of listing is overwhelmingly caused by
Netsky worms."  If you're not running a 'doze desktop, are you behind a
NAT router, the LAN side of which has any 'doze boxes that might be
infected?

Perhaps you're on a dynamic IP, and the previous occupant is infected?
It appears that are eight (8) more listings of the same type in that
/24.  If you're trying to email direct from a dynamic IP, then expect
delivery problems.  Prior IP residents getting the IP listed is only
the start of the problem.  Some people, like me, if enough garbage
arrives from the same /24 w/in a certain time period, just list the
entire /24.  Then there are the "dynamic IP blocklists," which I also
use.


Yeah, sure I have colo servers and I can set my desktop to relay mail off
those, but why do the extra work?

[snip]


Because you want your email delivered, maybe?

As I pointed out on another mailing list just earlier today: The days
of "...be liberal in what you accept" are pretty much history.  The
Endless September, floods of spammers and crackers, virusware marketed
as an "operating system," so-called "admin"s that can't tell a port
from a hole in the ground, and ISPs that don't care that it's their own
nest being fouled have pretty much seen to that.

Jim
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Use content-based spam filters, not address-based ones Ng Pheng Siong (Oct 14)
- Re: Use content-based spam filters, not address-based ones Devdas Bhagat (Oct 14)
- Re: Use content-based spam filters, not address-based ones Jim Seymour (Oct 14)
- Re: Use content-based spam filters, not address-based ones Paul D. Robertson (Oct 14)
- <Possible follow-ups>
- Re: Use content-based spam filters, not address-based ones Abe Singer (Oct 17)