[ILUG] Eircom -v- IOL,
or just Eircom practicing the best of spam management,
and blacklisting themselves.
Michele Neylon :: Blacknight Solutions
michele at blacknightsolutions.com
Tue Apr 27 17:53:24 IST 2004
I'd agree with Justin...
Using spamcop or spamcop URI to increase the score is the safest method. If
you block at the MTA level you have no way of retrieving a false positive
(for obvious reasons).
SA with a number of custom rulesets can greatly decrease the amount of junk
hitting mail boxes
Mr Michele Neylon
Blacknight Internet Solutions Ltd
Tel. +353 59 9137101
From: ilug-bounces at linux.ie [mailto:ilug-bounces at linux.ie] On Behalf Of
Sent: 27 April 2004 17:43
To: David O'Callaghan
Cc: ilug at linux.ie
Subject: Re: [ILUG] Eircom -v- IOL,or just Eircom practicing the best of
spam management,and blacklisting themselves.
-----BEGIN PGP SIGNED MESSAGE-----
David O'Callaghan writes:
> On Tue, 2004-04-27 at 12:07, Enda wrote:
> > Details of a bounced message received from an eircom customer emailing
> > IOL.ie customer, seems like Eircom's MTA can't send the message because
> > decided for "spamcop" reasons it can't talk with its own mail relay.
> > done Eircom!!
> Hang on, this looks like IOL are blocking Eircom (based on pretty
> dubious information).
> > > 184.108.40.206 does not like recipient.
> > > Remote host said: 550-Blocked - see
> > http://www.spamcop.net/bl.shtml?220.127.116.11
> > > 550 mail from 18.104.22.168 rejected: administrative prohibition
> > blacklisted)
> > > Giving up on 22.214.171.124.
> That is, 126.96.36.199 (hub01.mail.iol.ie) is refusing to deliver mail
> received from 188.8.131.52 (mail07.svc.cra.dublin.eircom.net) because
> of a Spamcop report about it. Eircom are guilty of the following
> terrible crimes:
> * Been reported as a source of spam less than 10 times
> * Been detected sending mail to spam traps
> * Been witnessed sending mail about 5290 times
> Knowing that this server belongs to a widely-used ISP (with it's fair
> share of virus-riddled and otherwise clueless users), none of these
> things is particularly surprising.
Yep. Using Spamcop's blocklist as an "all or nothing" blocklist, means
that you will have "issues" with hair-trigger blocks like this, due to
over-sensitivity in how they decide whether to block or not. It's a
pretty common occurrence, reportedly.
I wouldn't recommend using the Spamcop BL in the MTA list of "block on
sight" DNSBLs, where a Spamcop false positive will cause bounces. Leave
that up to "safer" ones like Spamhaus SBL/XBL, and only use Spamcop inside
a more balanced system like SpamAssassin. ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
-----END PGP SIGNATURE-----
Irish Linux Users' Group
More information about the ILUG