newsNews: Announce: DNSbl (RBLs) in use at mail.gna.org

 
 
Show feedback again
Latest News
mail subsystem upgraded posted by beuc, Sat May 23 18:17:18 2015 - 1 reply
dl/home/cvs/svn/www.gna.org upgraded to debian8 posted by beuc, Thu May 21 22:12:23 2015 - 1 reply
Gna.org SSL certificate renewed posted by zerodeux, Thu Apr 24 07:13:06 2014 - 4 replies
Heartbleed status and measures posted by beuc, Wed Apr 9 09:47:29 2014 - 2 replies
mail subsystem automatically reinstalled posted by beuc, Sat Mar 8 23:02:17 2014 - 0 replies
[124 news in archive]

Announce: DNSbl (RBLs) in use at mail.gna.org

Item posted by Mathieu Roy <yeupou> on Fri Nov 26 09:35:09 2004.

In order to fight spam more accurately, since this month, mail.gna.org relies on DNS blacklist to refuse to carry mails from obviously seriously misconfigured or dishonnest SMTPs. This is not completely new as spamassassin was, in past, using these blacklists to tag mails.

When a mail is found to be sent from a blacklisted host, it is rejected during the SMTP transaction. Unlike spam filtering via spamassassin (which is still effective at mail.gna.org for accepted mails), the filtering is not done by tagging a previously accepted mail. It saves us CPU time, since we do not have to run anything to study the content of the mail sent. It let the faulty originator SMTP to deal with its own crap.

mail.gna.org use several different blacklists: it uses dsn.rfc-ignorant.org, postmaster.rfc-ignorant.org and dnsbl.ahbl.org (excluding dnsbl.ahbl.org=127.0.0.9 case).
The way we use these blacklists block only seriously broken SMTPs or dishonnests SMTP - we do not block personal SMTPs, SMTPs behind endusers IP blocks.

At the following addresses, you can read documentation about the way SMTPs are added to these lists:
http://www.rfc-ignorant.org/policy-dsn.php
http://www.rfc-ignorant.org/policy-postmaster.php
http://www.ahbl.org/docs/howitworks.php

If the SMTP you use is there, write to person in charge of the SMTP so it gets removed from the blacklists (rejection messages include relevant information about the blacklisting) or use another SMTP. Several SMTP of wanadoo.fr (a major French ISP), for instance, are blacklisted (at rfc-ignorant). It is a pity for wanadoo.fr users but it is not an option for us to accept mail from seriously broken SMTPs. Unless one can prove that the blacklist we use had no valid reason to blacklist an SMTP, the only solution is to get the SMTP fixed.
One should be able to expect his/her ISP to provide well configured SMTP servers.

Comments:

Message: 151
RE: Note (posted by yeupou, Fri Dec 17 16:27:46 2004)

Update:

We now rely on abuse and postmaster at rfc-ignorant only for spam tagging. Only dnsbl.ahbl.org and dsn.rfc-ignorant.org are currently used for spam rejection.

The other lists use at rejection time could cause too easily false positive. Enforcing good practices that helps fighting spam cannot be done that far in the current situation.

Relevant "discussion":
<https://mail.gna.org/public/help/2004-12/msg00024.html>

Thread Author Date
NoteyeupouSun Dec 12 12:43:09 2004
      RE: NoteyeupouFri Dec 17 16:27:46 2004

 

Post a followup to this message

You could post if you were logged in
Show feedback again

Back to the top


Powered by Savane 3.1-cleanup