nanog mailing list archives
Re: Working with Spamhaus
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Wed, 29 Jul 2015 11:42:19 -0700
Er - a couple of ways 1. If you run a farm of mail servers, something like splunk for your logs is kind of necessary. How difficult is it going to be to trigger a splunk alert on whatever looks like an administrative block? Either by a large provider, or by a DNS block list. 2. You can rsync spamhaus and grep for mentions of your ASN, get ISP feedback loops etc. On a larger topic - NANOG and M3AAWG (also RIPE and M3AAWG’s summer meeting in Europe) really ought to collocate or at least be back to back in the same city somewhere down the line - maybe with a day’s worth of joint sessions on topics of mutual interest (malware detection and mitigation, DDoS filtering .. there’s a lot going on in M3AAWG that’s not plain old mail or even messaging) It still won’t solve the larger problem that a lot of routing and DNS folks won’t find it of interest, but well, over the decade ++ I’ve been around M3AAWG I see an ever increasing number of (security focused, mainly) *nog regulars turn up there. —srs
On 29-Jul-2015, at 10:37 AM, Bob Evans <bob () FiberInternetCenter com> wrote: I see that point - however, spamhaus has become a haus-hold word these days and everyone runs into these issues....its not malware or bots we block from a network level blackhole. Yet it is basic network operations these days to have to deal with someone complaining about their hacked mail server is now fixed yet they cant get mail. We usually tell them the quickest way is to address spamhaus to get it removed and in parallel also move the mail server to a new IP and change the dns and rDNS to the new one. It gets us out of having to help with these RBL issues. When an RBL sends a notice we jump on it and get it to the customer...however, they usually dont send us or the customer anything.
Current thread:
- Re: Working with Spamhaus, (continued)
- Re: Working with Spamhaus Bryan Tong (Jul 28)
- Message not available
- Re: Working with Spamhaus Larry Sheldon (Jul 28)
- Re: Working with Spamhaus Matt Palmer (Jul 28)
- Re: Working with Spamhaus Bryan Tong (Jul 28)
- Re: Working with Spamhaus Matt Palmer (Jul 28)
- Re: Working with Spamhaus Bob Evans (Jul 29)
- Re: Working with Spamhaus Suresh Ramasubramanian (Jul 29)
- Re: Working with Spamhaus Paul Ferguson (Jul 29)
- Re: Working with Spamhaus Paul Ferguson (Jul 29)
- Re: Working with Spamhaus Bob Evans (Jul 29)
- Re: Working with Spamhaus Suresh Ramasubramanian (Jul 29)
- Re: Working with Spamhaus Jon Lewis (Jul 29)
- Re: Working with Spamhaus Jon Lewis (Jul 29)
- Message not available
- Re: Working with Spamhaus Larry Sheldon (Jul 28)
- Message not available
- Message not available
- Re: Working with Spamhaus Larry Sheldon (Jul 28)
- Re: Working with Spamhaus Bryan Tong (Jul 28)
- Re: Working with Spamhaus goemon (Jul 28)
- Message not available
- Re: Working with Spamhaus Larry Sheldon (Jul 28)