To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Sent: Sunday, February 06, 2005 2:22 PM
Subject: Re: Slightly OT: Greylisting success or failure stories?
Quoting Les Mikesell <les@xxxxxxxxxxxxxxxx> Date: Fri, 04 Feb 2005 17:38:19
How do you know what IP's are dynamic or when someone else reallocates them?
You assume that somebody else has more or less correct database. Usually
various DNSBL databases that have lists of open relays and known spammers, have
these list too. They don't have *all* dynamic ranges (only detected, reported
by someone else, or reported by ISP itself). From time to time you'd get false
positive. Usually some poor guy who bought (rented would be more appropriate
term) single static IP address cheap for his ADSL line, and couldn't afford any
better. Or from time to time an range that was used for dynamic addresses in
the past, but is now used for static (sometimes it takes long time for those
lists to be updated for this kind of changes, unless range was reported by ISP
itself).
Personally, I don't like using those lists for direct blocking (but I do like
using them with scoring tools, such as SpamAssassin, where existance of such
record only affects the score, but is not enough on its own to block the
message). The reason being that while there is less false negatives than with
SpamAssassin, there is also more false positives. That is only my experience,
somebody else might have different experience.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
I'll secodn what Aleksander has said about blocking based on those lists. I'm currently going round and round with some idiots and an ISP who block *everything* from RoadRunner. I have a RoadRunner Business account, and RR is *very* good about policing their network. They already block outgoing port 25 on their dynamic addresses because of all the Windows boxes which have been 0wn3d by spambots. RoadRunner is alse really quick to shut down any of the business class users who spam. So the decision to block my address by this ISP is just stupid. Adding a weight to a message score, maybe. Just shutting it off? Stupid.
Thomas
