Autor: Renaud Allard Datum: To: Peter Bowyer CC: Exim, Users Betreff: Re: [exim] OT(?): SRS vs. SORBS sending mails with '<>' sender
Peter Bowyer wrote:
> You are *listed*. If your listing doesn't meet SORBS' criteria,
> there's a removal form which doesn't require registration (I just
> checked). They accept de-listing requests from registered netblock
> owners or end-users, and process them automatically if the rDNS
> matches Matt's suggested naming conventions. Sounds like a solid
> process to me - have you had problems with it?
I had some clients that were awarded static IPs from the most used ISP
in Belgium, and these IP were just blacklisted by SORBS as DUL. They may
have been DUL IPs in the past, and I see no reason why they shouldn't.
The problem is they were still blacklisted on SORBS as DUL in the time
they were attributed. So, indeed, I did follow the path that let me
whitelist them, and this involved I at least provided my name and so on
to SORBS (and even having an account on at least some cases as I have
one). So indeed, they were removed from DUL, but only when myself
contacted SORBS, not in an automated process.
>
> SORBS DUL helps us block tens of thousands of zombies a day. It's a
> very useful tool for us. FP rate: In the past 6 months:1. And that was
> a guy who was only delivering directly because his ISP's relay got
> itself blocked by Spamcop (which we don't use).
Indeed, SORBS DUL will help blocking tens of thousands of zombies a day.
But I know it will also block at least a small amount of legitimate
senders I know. My personal home IP (85.201.63.39), which is static, was
also on their DUL BL when I got it.
Don't take me wrong, I don't want you to stop using SORBS, I just think
SORBS is not accurate enough for me and some other tests are just
stopping spams that could maybe be on SORBS BL but without stopping
those legitimate mails I wanted.
Also, I don't like the concept of whitelists because you just never know
what could happen of this IP (or even domain name) your trusted in the past.
>
> I'm only going on about this to ensure that the archives carry a
> balanced perspective.
>
>> After all, if all mail servers were required to have matching HELO, PTR
>> and A records, blocking spam would be almost trivial (and I must admit
>> those should be mandatory requirement for mail servers nowadays).
>
> Fair enough, but this doesn't have anything to do with SORBS.
They (at least used) to do this kind of check when you requested removal
from one of their lists (DUL most notably). And most DUL don't have
meaningful matching HELO, PTR, and A.
>
>>>> I am sorry to tell that, but is you use sorbs as a first line of defense
>>>> and reject with 5xx on this only, be prepared to reject a bunch of
>>>> legitimate mails.
>>>> I prefer to use them on a basis like "if you are listed on sorbs spam
>>>> and the callout doesn't verify, and you are attaching an image, just
>>>> forget about sending me mail". So they are useful, no doubt about this,
>>>> but just cannot be trusted.
>>> What's you're evidence for this? Broken down by the 17 separate lists.
>>>
>> Experience with most of them. Unfortunately, I cannot give you any more
>> evidence because I stopped using sorbs as a first line defense quite
>> some years ago.
>
> Perhaps you should qualify your advice with this statement, then? Not
> all of the lists - just most of them (I wonder how many?), and you
> don't actually use them for blocking so you can't tell us what your
> stats are.
Indeed, I can't really report my stats anymore as I stopped using SORBS
quite some time ago as a first line defense.
I just know that I had problems with SORBS that I didn't have with njabl
or ordb (unfortunately dead now).
I may look paranoid about losing legitimate mails, but I think all the
art of antispam is blocking spams without blocking all that bunch of
misconfigured servers. I would really be happy if all mail servers were
required by RFC to have at least matching HELO, PTR and A.