Page 1 of 2 12 LastLast
Results 1 to 20 of 22

Thread: dnswl.org whitelist contains spamming servers

  1. #1
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097

    dnswl.org whitelist contains spamming servers

    dnswl.org whitelist now contains some IPs of spammers, which means that they get whitelisted if you use the list.
    It's very difficult in the current spamblocker version to block the known offending IPs or hosts without turning the dnswl.org check off completely.

    Shouldn't we have the blacklists first and then the whitelists, followed by the RBLs?
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  2. #2
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by interfasys View Post
    dnswl.org whitelist now contains some IPs of spammers, which means that they get whitelisted if you use the list.
    It's very difficult in the current spamblocker version to block the known offending IPs or hosts without turning the dnswl.org check off completely.
    Then turn it off if you don't want to use it.
    Shouldn't we have the blacklists first and then the whitelists, followed by the RBLs?
    That just doesn't work. The whole purpose of a whitelist is to enable you to get email from someone who would otherwise be blocked by a blocklist. If you run the blocklistsl first you've already refused the email by the time you get to a whitelist.

    I will reiterate, the newest RC (#4) works incredibly well for us; we get almost no spam through.

    You can aim to get rid of that almost, but generally the closer you get to that the closer you get to blocking important email.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  3. #3
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    Turning it off is not the solution as the list has only been poisoned and 99% of it can still be used.

    I think you read my post wrong. I don't want the blocklists before the whitelist, but the local black/whitelists before the RBLs. I realized that white should come before black though.

    Here is what I think would make sense.

    Server Whitelist
    Server Blacklist
    RBL Whitelist
    RBL Blacklist

    That way, if we find a discrepancy in the RBLs, we can add the exception to our local lists, otherwise we have to disable entire whitelists, just because of a few IPs

    Spamblocker is working pretty well for us as well, usually some spam comes through and quickly after that, it's blocked by some list. Recently though, a lot of spams coming from 81.228.8.18x and 81.228.9.18x are still not blocked, days after they started to appear. Some IPs are blocked, but not all of them. I think they target specifically Swiss domain names.
    www.dnswl.org still lists them as safe IPs...
    Spam Rat identifies them as rotten IPs, but since it's a blacklist, it has no chance of getting rid of them (already white lised)
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  4. #4
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by interfasys View Post
    Turning it off is not the solution as the list has only been poisoned and 99% of it can still be used.

    I think you read my post wrong. I don't want the blocklists before the whitelist, but the local black/whitelists before the RBLs. I realized that white should come before black though.

    Here is what I think would make sense.

    Server Whitelist
    Server Blacklist
    RBL Whitelist
    RBL Blacklist
    Remind me of this on Friday and I'll have time to look at it over the weekend.

    However do read my comments on the other thread.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  5. #5
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    OK, I will.
    This whole thing got me thinking. Is there a Spamblocker mail flow documented somewhere?
    Things like what goes into each ACL, the order, etc.
    Giving an overview of how it works, so that people can better contribute, if it's one of the goals of SB. Maybe you just want us to comment on RCs and do our own personalisation work or forks.
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  6. #6
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Not yet. I've been planning on doing it before the final release of SpamBlocker 3. I've been having some issues with our office system-management server, but as soon as they're done I'll get started on it.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  7. #7
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    Cool

    Olivier
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  8. #8
    Join Date
    Jul 2006
    Posts
    82
    And, if i want to temporarily skip this check how can i to do?
    Only dnswl.org...
    Hi to all!

  9. #9
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    See my reply just made to your other post. And please don't double-post in the future. Your problem may be both with SpamBlocker and SpamAssassin; if you're using both, and you disable the dnswl in SpamBlocker (see my latest version, here [nobaloney.net]), you can simply comment out the use of the specific list, and then possibly a lot of spam will go down simply because SpamBlocker (if properly configured on your server) will stop it before it gets to your SpamAssassin installation. Or try the changes to your /etc/resolv.conf file as I mentioned in my other reply.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  10. #10
    Join Date
    Jul 2006
    Posts
    82
    Hi Jeff,
    I think that this thread is different to my other. Sorry if not..

    however, how to i can do for disable only one check (list.dnswl.org in this case) from spamassassin/spamblocker?
    Temporarily I have put into my local.cf a line that assign score 0 to this check.

    In my exim.conf there isn't a dnswl.org step...

    #EDIT#35:
    accept domains = +local_domains
    dnslists = list.dnswl.org
    logwrite = $sender_host_address whitelisted in list.dnswl.org
    but the emails also was checked by dnswl.org
    If you want, i can send via private email or message my exim.conf for check...

    I don't understand...
    Hi to all!

  11. #11
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    The two threads are exactly the same and if you continue to post in both of them on the same subject you jeopardize your posting status.

    You write that your exim.conf doesn't have what you call a dnswl.org step, but then you post a stanza beginning with the line #EDIT#35 which does show reference to the dnswl.org whitelist. So I'm not sure what you mean. If you're using an older version of my SpamBlocker exim.conf file, then you're using a version I don't support, but if there's no reference to dnswl.org in it, then it's not whitelisting using that list. Unless you want to hire me to fix your problem I really don't have additional answers for you, though someone else might.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  12. #12
    Join Date
    May 2005
    Location
    Montreal, QC, Canada
    Posts
    110
    FreeBSD <3

  13. #13
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    I've done some testing using dig @8.8.8.8 and dig @LOCAL NAMESERVER and I've determined that yes, this is the problem.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  14. #14
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    I would ask so, what nameserver should be suggested to use?

    Thanks
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  15. #15
    Join Date
    Jun 2007
    Location
    California
    Posts
    498
    Some blocklists apply punitive answers if a given nameserver makes to many requests. So the best bet is probably to build your own, inside your network. That's what I've decided to do.

    If your datacenter or upstream has a cacheing nameserver perhaps using theirs is the best thing to do.

    I'm not going to list suitable nameservers because if I do, lots of people will find the thread when googling, switch to those nameservers, and then suddenly they won't be suitable anymore.

    Jeff
    Serving the DirectAdmin community since 2003
    See Additional posts under user nobaloney

    directadmin@nobaloney.net +1 951 643-5345
    Contract DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    http://www.nobaloney.net
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  16. #16
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Ok, ill need to study how make a local namserver so

    Thanks
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  17. #17
    Join Date
    Jun 2007
    Location
    California
    Posts
    498
    Build a machine, install latest CentOS with minimal packages (or if you're brave perhaps Tiny Core Linux (wikipedia.org)).

    You only need the kernel, your text editor of choice, and BIND. Make sure BIND is set up as a cacheing server. Give it either an external IP# (blocked from the rest of the world by firewalling), or an internal IP# (if you understand to do that on your network).

    Then put it in your datacenter, turn it on, and change your /etc/resolv.conf file to point to it. If you think you may have to bring it down from time to time then you should probably list a second nameserver as well.

    Jeff
    Serving the DirectAdmin community since 2003
    See Additional posts under user nobaloney

    directadmin@nobaloney.net +1 951 643-5345
    Contract DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    http://www.nobaloney.net
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  18. #18
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Why give an external IP if is blocked from any incoming connection? Maybe just internal should be good aswell i suppose, just important is that he can reach internet. but here my question... what nameserver so i should give to the server? If (for example) i put google nameservers the problem wouldnt just be the same (i suppose is just a forwarding or so or no?)?

    What did you meant with "; only your editor of choice, and "?

    Thanks for your help.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  19. #19
    Join Date
    Jun 2007
    Location
    California
    Posts
    498
    Quote Originally Posted by SeLLeRoNe View Post
    Why give an external IP if is blocked from any incoming connection? Maybe just internal should be good aswell i suppose, just important is that he can reach internet.
    You don't just need to reach the nameserver, you need to be able to receive replies as well; for that you need an IP#.
    but here my question... what nameserver so i should give to the server? If (for example) i put google nameservers the problem wouldnt just be the same (i suppose is just a forwarding or so or no?)?
    You set up your nameserver as a cacheing server; let it find everything. You give it any name you want but it must be a real name. It goes only in your /etc/resolv.conf file(s).
    [quote]What did you meant with "; only your editor of choice, and "?[/error]; I was typing something else and then hit ENTER a few times to clear space for my rewrite. Then I forgot to remove it. I've edited my post and removed it now.

    Jeff
    Serving the DirectAdmin community since 2003
    See Additional posts under user nobaloney

    directadmin@nobaloney.net +1 951 643-5345
    Contract DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    http://www.nobaloney.net
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  20. #20
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Oh ok,

    the part i dont get is this:

    Give it either an external IP# (blocked from the rest of the world by firewalling).

    So, everything closed except 53? Or just connected to internet is enough?

    Thanks
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

Page 1 of 2 12 LastLast

Similar Threads

  1. How do I tell if someone's spamming?
    By Ogdentechguy in forum E-Mail
    Replies: 13
    Last Post: 03-25-2010, 04:33 AM
  2. URGENT - server spamming
    By baggs1981 in forum General Technical Discussion & Troubleshooting
    Replies: 1
    Last Post: 09-13-2007, 03:46 PM
  3. how to prevent spamming using your domains
    By gate2vn in forum E-Mail
    Replies: 1
    Last Post: 11-18-2006, 11:57 AM
  4. My server is spamming through SMTP
    By Sfinks in forum E-Mail
    Replies: 15
    Last Post: 01-07-2006, 01:30 PM
  5. exim being used 4 spamming anonymously
    By ank1t in forum E-Mail
    Replies: 4
    Last Post: 12-14-2005, 04:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •