Mailing List Archive

On 7/10/20 1:20 PM, Philipp Ewald wrote:
> Hey everyone,
>
> we got a nice mail from spamhaus.
> We have used their DNS Query's.
>
> Important is that we thought we have disabled them by:
> score __RCVD_IN_ZEN 0
>
> But tcpdump says we make dns querys to spamhaus, but the result got
> ignored.

you forgot that DBL rules also query Spamhaus

> I have removed the configuration lines in /usr/share/spamassassin but
> after update the configuration comes back.
>
> How do i disable them right? and why got this behavior changed?

in local.cf add:

dns_query_restriction deny spamhaus.org

that should fix the problem and survive SA updates

h2h

> in local.cf add:
>
> dns_query_restriction deny spamhaus.org
>
> that should fix the problem and survive SA updates

Many Thank! now it's work.

but why is this enabled by default?

Am 10.07.20 um 13:23 schrieb Axb:
> On 7/10/20 1:20 PM, Philipp Ewald wrote:
>> Hey everyone,
>>
>> we got a nice mail from spamhaus.
>> We have used their DNS Query's.
>>
>> Important is that we thought we have disabled them by:
>> score __RCVD_IN_ZEN 0
>>
>> But tcpdump says we make dns querys to spamhaus, but the result got ignored.
>
> you forgot that DBL rules also query Spamhaus
>
>> I have removed the configuration lines in /usr/share/spamassassin but after update the configuration comes back.
>>
>> How do i disable them right? and why got this behavior changed?
>
> in local.cf  add:
>
> dns_query_restriction deny spamhaus.org
>
> that should fix the problem and survive SA updates
>
> h2h

--
Philipp Ewald
Administrator

DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln
AG Köln HRB 27711, St.-Nr. 5215 5811 0640
Geschäftsführer: Werner Grafenhain

Informationen zum Datenschutz: www.digionline.de/ds

On 7/10/20 1:40 PM, Philipp Ewald wrote:
>> in local.cf  add:
>>
>> dns_query_restriction deny spamhaus.org
>>
>> that should fix the problem and survive SA updates
>
> Many Thank! now it's work.
>
> but why is this enabled by default?

because, under fair use, it's free for all.

Most smaller sites have no problem unless they use third party DNS
resolvers which are blocked.
if you're local resolver is forwarding to some ISP's resolver then you
also get blocked.

>
> Am 10.07.20 um 13:23 schrieb Axb:
>> On 7/10/20 1:20 PM, Philipp Ewald wrote:
>>> Hey everyone,
>>>
>>> we got a nice mail from spamhaus.
>>> We have used their DNS Query's.
>>>
>>> Important is that we thought we have disabled them by:
>>> score __RCVD_IN_ZEN 0
>>>
>>> But tcpdump says we make dns querys to spamhaus, but the result got
>>> ignored.
>>
>> you forgot that DBL rules also query Spamhaus
>>
>>> I have removed the configuration lines in /usr/share/spamassassin but
>>> after update the configuration comes back.
>>>
>>> How do i disable them right? and why got this behavior changed?
>>
>> in local.cf  add:
>>
>> dns_query_restriction deny spamhaus.org
>>
>> that should fix the problem and survive SA updates
>>
>> h2h
>

Here's the policy:
https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklistsInclusionPolicy

On 7/10/2020 7:43 AM, Axb wrote:
> On 7/10/20 1:40 PM, Philipp Ewald wrote:
>>> in local.cf  add:
>>>
>>> dns_query_restriction deny spamhaus.org
>>>
>>> that should fix the problem and survive SA updates
>>
>> Many Thank! now it's work.
>>
>> but why is this enabled by default?
>
> because, under fair use, it's free for all.
>
> Most smaller sites have no problem unless they use third party DNS
> resolvers which are blocked.
> if you're local resolver is forwarding to some ISP's resolver then you
> also get blocked.
>
>>
>> Am 10.07.20 um 13:23 schrieb Axb:
>>> On 7/10/20 1:20 PM, Philipp Ewald wrote:
>>>> Hey everyone,
>>>>
>>>> we got a nice mail from spamhaus.
>>>> We have used their DNS Query's.
>>>>
>>>> Important is that we thought we have disabled them by:
>>>> score __RCVD_IN_ZEN 0
>>>>
>>>> But tcpdump says we make dns querys to spamhaus, but the result got
>>>> ignored.
>>>
>>> you forgot that DBL rules also query Spamhaus
>>>
>>>> I have removed the configuration lines in /usr/share/spamassassin
>>>> but after update the configuration comes back.
>>>>
>>>> How do i disable them right? and why got this behavior changed?
>>>
>>> in local.cf  add:
>>>
>>> dns_query_restriction deny spamhaus.org
>>>
>>> that should fix the problem and survive SA updates
>>>
>>> h2h
>>
>
>
--
Kevin A. McGrail
KMcGrail@Apache.org

Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

> Most smaller sites have no problem unless they use third party DNS resolvers which are blocked.
> if you're local resolver is forwarding to some ISP's resolver then you also get blocked.

No. We are like a ISP... and got more than 50.000 accepted Mails a day so this is totally not in free-use includes, but i think enabled by default is... na



Am 10.07.20 um 13:54 schrieb Kevin A. McGrail:
> Here's the policy:
> https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklistsInclusionPolicy

This was active since 2018?

Maybe it would be better to ask if your are commercial or not... AFIK you got problem if your running spamhaus and have no license so any mail got marked as SPAM (or got hit SMAPMHAUS rule on any domain?)

Am 10.07.20 um 13:43 schrieb Axb:
> On 7/10/20 1:40 PM, Philipp Ewald wrote:
>>> in local.cf  add:
>>>
>>> dns_query_restriction deny spamhaus.org
>>>
>>> that should fix the problem and survive SA updates
>>
>> Many Thank! now it's work.
>>
>> but why is this enabled by default?
>
> because, under fair use, it's free for all.
>
> Most smaller sites have no problem unless they use third party DNS resolvers which are blocked.
> if you're local resolver is forwarding to some ISP's resolver then you also get blocked.
>


--
Philipp Ewald
Administrator

DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln
Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ewald@digionline.de

AG Köln HRB 27711, St.-Nr. 5215 5811 0640
Geschäftsführer: Werner Grafenhain

Informationen zum Datenschutz: www.digionline.de/ds

On 10/07/20 18:01, Philipp Ewald wrote:

> Am 10.07.20 um 13:54 schrieb Kevin A. McGrail:
>> Here's the policy:
>> https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklistsInclusionPolicy
>>
>
> This was active since 2018?
>
> Maybe it would be better to ask if your are commercial or not... AFIK
> you got problem if your running spamhaus and have no license so any
> mail got marked as SPAM (or got hit SMAPMHAUS rule on any domain?)
>
Hi,

sorry but this will never happen. We are not going to use a "list the
world" response to queries from anyone. There are dedicated return codes
for that (already included in SpamAssassin):
https://www.spamhaus.org/news/article/788/spamhaus-dnsbl-return-codes-technical-update

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

Thank you for the update!
Last time we used spamhaus this was not given.

Am 10.07.20 um 18:07 schrieb Riccardo Alfieri:
> Hi,
>
> sorry but this will never happen. We are not going to use a "list the world" response to queries from anyone. There are dedicated return codes for that (already included in SpamAssassin): https://www.spamhaus.org/news/article/788/spamhaus-dnsbl-return-codes-technical-update

--
Philipp Ewald
Administrator

DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln
Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ewald@digionline.de

AG Köln HRB 27711, St.-Nr. 5215 5811 0640
Geschäftsführer: Werner Grafenhain

Informationen zum Datenschutz: www.digionline.de/ds

Philipp Ewald skrev den 2020-07-10 18:23:
> Thank you for the update!
> Last time we used spamhaus this was not given.

checking logs everyday ?

i am kidding aswell

On Fri, 10 Jul 2020 18:01:30 +0200
Philipp Ewald wrote:

> > Most smaller sites have no problem unless they use third party DNS
> > resolvers which are blocked. if you're local resolver is forwarding
> > to some ISP's resolver then you also get blocked.
>
> No. We are like a ISP... and got more than 50.000 accepted Mails a
> day so this is totally not in free-use includes, but i think enabled
> by default is... na

The default is right for most, defined in the link as

"covering the small businesses, non-profits, personal users, etc. that
make up the bulk of our installations."

If you are managing an ISP level mail system the assumption is that you
are paid to understand the basics of spam filtering.

> On Jul 10, 2020, at 1:57 PM, RW <rwmaillists@googlemail.com> wrote:
>
> On Fri, 10 Jul 2020 18:01:30 +0200
> Philipp Ewald wrote:
>
>>> Most smaller sites have no problem unless they use third party DNS
>>> resolvers which are blocked. if you're local resolver is forwarding
>>> to some ISP's resolver then you also get blocked.
>>
>> No. We are like a ISP... and got more than 50.000 accepted Mails a
>> day so this is totally not in free-use includes, but i think enabled
>> by default is... na
>
> The default is right for most, defined in the link as
>
> "covering the small businesses, non-profits, personal users, etc. that
> make up the bulk of our installations."
>
> If you are managing an ISP level mail system the assumption is that you
> are paid to understand the basics of spam filtering.

That’s unrealistic. Many ISPs these days that aren’t the “big boys” with dedicated staff for every facet of ISP operations, they are one and two man shops running WISPs in rural areas or developing countries. It’s not the 90’s anymore. It’s a terrible default, even home users should have to take an effort to enable a commercial service.

And spamhaus should just replace the sales pitch email with instructions on how to comment their stuff out if they don’t want small ISPs (a small business, actually!) to use it. :)

Charles

Charles Sprickman wrote:
> That’s unrealistic. Many ISPs these days that aren’t the “big boys” with dedicated staff for every facet of ISP operations, they are one and two man shops running WISPs in rural areas or developing countries. It’s not the 90’s anymore. It’s a terrible default, even home users should have to take an effort to enable a commercial service.

I'm baffled by how a "one or two man shop [W]ISP" can have an in-house
email system that generates more queries than the free limits unless
you're outsourcing nearly everything else including DNS caching. (At
which point, why are you not outsourcing your mail service and spam
filtering too?) From personal experience, a provider of that size
likely has less than 1000 customers, which should match to mail flow
well under the free limit.

I started work for one such small ISP in 2001 with ~2600 users at peak
(granted, the spam landscape was quite different then), and when that
company got taken over by a larger company in 2003, moved on to
maintaining the spam filtering for that larger company.

In that position we still weren't crossing the free query limits for a
while, at ~40K users. None of the five or six other small mail systems
I've had some hand in integrating have come close to the free limits,
and several of those providers have had ~10-15 full-time staff. All of
them *have* had local caching, even if it was built into some nightmare
black-box mail appliance horror, or Microsoft's DNS cache from Windows
Server 2003 (or possibly older, only got involved in the fringes of that
one).

It's not impossible, I'll grant (one guy I knew of a year or two ahead
in university was - in 1997 or so - getting IIRC more than ~5K spams
daily, personally), but I'd call it extremely rare even today.

-kgd

> On Jul 10, 2020, at 5:35 PM, Kris Deugau <kdeugau@vianet.ca> wrote:
>
> Charles Sprickman wrote:
>> That’s unrealistic. Many ISPs these days that aren’t the “big boys” with dedicated staff for every facet of ISP operations, they are one and two man shops running WISPs in rural areas or developing countries. It’s not the 90’s anymore. It’s a terrible default, even home users should have to take an effort to enable a commercial service.
>
> I'm baffled by how a "one or two man shop [W]ISP" can have an in-house email system that generates more queries than the free limits unless you're outsourcing nearly everything else including DNS caching. (At which point, why are you not outsourcing your mail service and spam filtering too?) From personal experience, a provider of that size likely has less than 1000 customers, which should match to mail flow well under the free limit.
>
> I started work for one such small ISP in 2001 with ~2600 users at peak (granted, the spam landscape was quite different then), and when that company got taken over by a larger company in 2003, moved on to maintaining the spam filtering for that larger company.
>
> In that position we still weren't crossing the free query limits for a while, at ~40K users. None of the five or six other small mail systems I've had some hand in integrating have come close to the free limits, and several of those providers have had ~10-15 full-time staff. All of them *have* had local caching, even if it was built into some nightmare black-box mail appliance horror, or Microsoft's DNS cache from Windows Server 2003 (or possibly older, only got involved in the fringes of that one).
>
> It's not impossible, I'll grant (one guy I knew of a year or two ahead in university was - in 1997 or so - getting IIRC more than ~5K spams daily, personally), but I'd call it extremely rare even today.

The letter I got was for an ISP that has less than 1,000 mailboxes and queries two local, caching resolvers.

C

>
> -kgd

> On Jul 10, 2020, at 5:56 PM, Charles Sprickman <spork@bway.net> wrote:
>
>
>> On Jul 10, 2020, at 5:35 PM, Kris Deugau <kdeugau@vianet.ca> wrote:
>>
>> Charles Sprickman wrote:
>>> That’s unrealistic. Many ISPs these days that aren’t the “big boys” with dedicated staff for every facet of ISP operations, they are one and two man shops running WISPs in rural areas or developing countries. It’s not the 90’s anymore. It’s a terrible default, even home users should have to take an effort to enable a commercial service.
>>
>> I'm baffled by how a "one or two man shop [W]ISP" can have an in-house email system that generates more queries than the free limits unless you're outsourcing nearly everything else including DNS caching. (At which point, why are you not outsourcing your mail service and spam filtering too?) From personal experience, a provider of that size likely has less than 1000 customers, which should match to mail flow well under the free limit.
>>
>> I started work for one such small ISP in 2001 with ~2600 users at peak (granted, the spam landscape was quite different then), and when that company got taken over by a larger company in 2003, moved on to maintaining the spam filtering for that larger company.
>>
>> In that position we still weren't crossing the free query limits for a while, at ~40K users. None of the five or six other small mail systems I've had some hand in integrating have come close to the free limits, and several of those providers have had ~10-15 full-time staff. All of them *have* had local caching, even if it was built into some nightmare black-box mail appliance horror, or Microsoft's DNS cache from Windows Server 2003 (or possibly older, only got involved in the fringes of that one).
>>
>> It's not impossible, I'll grant (one guy I knew of a year or two ahead in university was - in 1997 or so - getting IIRC more than ~5K spams daily, personally), but I'd call it extremely rare even today.
>
> The letter I got was for an ISP that has less than 1,000 mailboxes and queries two local, caching resolvers.

Also I just dug up the letter and the wording used was “commercial use”. There was no mention of what the volume was or what the limit would be.

They also tagged one of the resolvers that access customers use (there are two dedicated resolvers for BL lookups), so presumably some very small and low-volume home and small biz users were being tagged in aggregate, probably not even aware they’re using spamhaus.

C

>
> C
>
>>
>> -kgd
>

On Fri, 10 Jul 2020 18:25:33 -0400
Charles Sprickman wrote:


> Also I just dug up the letter and the wording used was “commercial
> use”. There was no mention of what the volume was or what the limit
> would be.
>

The default is to use these list unregistered. Did that ISP register or
did Spamhaus track them down from the IP address?



> They also tagged one of the resolvers that access customers use
> (there are two dedicated resolvers for BL lookups), so presumably
> some very small and low-volume home and small biz users were being
> tagged in aggregate, probably not even aware they’re using spamhaus.

Low-volume users that don't know they should be doing recursive lookups
will often get away with it, and even if they don't, being blocked isn't
significantly worse for them than turning-off spamhaus.

I thought most ISPs had outsourced or given-up on email. ISP email has
IMO always been a way of locking-in gullible customers.

> On Jul 10, 2020, at 7:56 PM, RW <rwmaillists@googlemail.com> wrote:
>
> On Fri, 10 Jul 2020 18:25:33 -0400
> Charles Sprickman wrote:
>
>
>> Also I just dug up the letter and the wording used was “commercial
>> use”. There was no mention of what the volume was or what the limit
>> would be.
>>
>
> The default is to use these list unregistered. Did that ISP register or
> did Spamhaus track them down from the IP address?

Spamhaus found them.

>> They also tagged one of the resolvers that access customers use
>> (there are two dedicated resolvers for BL lookups), so presumably
>> some very small and low-volume home and small biz users were being
>> tagged in aggregate, probably not even aware they’re using spamhaus.
>
> Low-volume users that don't know they should be doing recursive lookups
> will often get away with it, and even if they don't, being blocked isn't
> significantly worse for them than turning-off spamhaus.

I know they have plenty of users with SOHO NAS boxes, home users that tinker, and other “power users”. SA is tucked away in many “appliances” these days it seems.

> I thought most ISPs had outsourced or given-up on email. ISP email has
> IMO always been a way of locking-in gullible customers.

They are in NYC so there’s a sizable chunk of old netheads that want a) the same address they’ve had since ’95 b) mail service that doesn’t exchange privacy for free email c) vanity domains. It’s not a money maker, it’s a value-add.

Personally I think Spamhaus and others going up to these tiny companies and asking for hundreds of bucks a month for access to a list is kind of nuts, but I’m no MBA.

I do wonder if they go after the larger hosters that run CPanel and have mail scattered over hundreds of hosts or if those individually don’t trip the threshold.

The small ISP with email is likely a dying breed, spam being one of the main things that forces yet another service to be outsourced at a not-insignificant cost. This same ISP discontinued Usenet service as a value-add only a few years ago.

C

On 10/07/20 22:51, Charles Sprickman wrote:

>
> That’s unrealistic. Many ISPs these days that aren’t the “big boys” with dedicated staff for every facet of ISP operations, they are one and two man shops running WISPs in rural areas or developing countries. It’s not the 90’s anymore. It’s a terrible default, even home users should have to take an effort to enable a commercial service.
I'm not going to make comments about running an ISP without a basic
knowledge of email/hosting/networking
> And spamhaus should just replace the sales pitch email with instructions on how to comment their stuff out if they don’t want small ISPs (a small business, actually!) to use it. :)

Excuse me but isn't it at least "fair" that, if you use a service
provided by others for commercial purposes, you pay for that service
that contributes to your income?

And I don't know where you got a quote of "hundreds of dollars per
month" for 1000 mailboxes, but it's not really the case if you use DQS.

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaustech.com/

On Sat, 11 Jul 2020 02:49:31 +0200
Reindl Harald wrote:

> Am 11.07.20 um 01:56 schrieb RW:
> > I thought most ISPs had outsourced or given-up on email.
>
> why should someone with a brain outsource anything?

I don't know, why do you outsource?

> > ISP email has IMO always been a way of locking-in gullible
> > customers.
>
> bullshit - how is there a lockin for customers with their own domains?

It locks in those that use the address directly - try and keep up.

> > Am 11.07.20 um 01:56 schrieb RW:
> > > I thought most ISPs had outsourced or given-up on email.
> >
> > why should someone with a brain outsource anything?
>
> I don't know, why do you outsource?
>
> > > ISP email has IMO always been a way of locking-in gullible
> > > customers.

The US is always behind with consumer rights, in the EU consumer data
portability is arranged enforced legislation. Then again, is there not
some saying like 'people deserve the government they are having'

> >
> > bullshit - how is there a lockin for customers with their own
domains?
>
> It locks in those that use the address directly - try and keep up.
>

I think it will be more popular not to host with google or so. Because
google is mixing your messages with spam, and your messages are more
likely to be marked as spam.
Furthermore doctors and anything serious will not use US based providers
because of the lack of privacy.

Recently someone contacted me in regards a CEO fraud issue. Google and
Outlook.com were not even able to deliver evidence an email was
delivered.

On Sat, 11 Jul 2020 17:35:58 +0200
Reindl Harald wrote:

> we are working at ISP level and customers have their own domains where
> they can get an auth-token for transfer the domain at every point in
> time
>
> so there is no dumb outsourcing nor any lockin
>
> when you use something like "myname@gmailcom" or
> "myname@randomisp.com" you are simply dumb given how cheap a domain
> per year is

That's email domain hosting. I was referring to traditional ISP email
with an address or subdomain on an ISP domain.

> On Jul 11, 2020, at 6:33 AM, Riccardo Alfieri <riccardo.alfieri@spamteq.com> wrote:
>
> On 10/07/20 22:51, Charles Sprickman wrote:
>
>>
>> That’s unrealistic. Many ISPs these days that aren’t the “big boys” with dedicated staff for every facet of ISP operations, they are one and two man shops running WISPs in rural areas or developing countries. It’s not the 90’s anymore. It’s a terrible default, even home users should have to take an effort to enable a commercial service.
> I'm not going to make comments about running an ISP without a basic knowledge of email/hosting/networking

Wow, nice sales pitch my man! I will definitely recommend they sign up.

>> And spamhaus should just replace the sales pitch email with instructions on how to comment their stuff out if they don’t want small ISPs (a small business, actually!) to use it. :)
>
> Excuse me but isn't it at least "fair" that, if you use a service provided by others for commercial purposes, you pay for that service that contributes to your income?

Then it shouldn’t be free for “small businesses”. Having spam-free mailboxes will enhance their ability to conduct business, no? Or does your product not provide value.

> And I don't know where you got a quote of "hundreds of dollars per month" for 1000 mailboxes, but it's not really the case if you use DQS.

No idea what DQS is, nor do I care. The quote was from a sales rep. But the Spamhaus pitch was laughably expensive for less than 1,000 mailboxes - much more than they make on those mailboxes.

C

>
> --
> Best regards,
> Riccardo Alfieri
>
> Spamhaus Technology
> https://www.spamhaustech.com/
>

On 11 Jul 2020, at 04:33, Riccardo Alfieri <riccardo.alfieri@spamteq.com> wrote:
> And I don't know where you got a quote of "hundreds of dollars per month" for 1000 mailboxes, but it's not really the case if you use DQS.

Maybe they thought the yearly cost was monthly?

(Last I checked, DQS stars at $250/yr)



--
The other cats just think he's a tosser. --Neil Gaiman

July 11, 2020 1:33 PM, "Riccardo Alfieri" <riccardo.alfieri@spamteq.com> wrote:

> Excuse me but isn't it at least "fair" that, if you use a service provided by others for commercial
> purposes, you pay for that service that contributes to your income?

It is fair.

Unless you have been unknowingly using it and weren't aware of the limits.

But maybe this kind of RBLs shouldn't be on by default due to their commercial nature and must be left to the user to activate after installation.





M. Omer GOLGELI

The question you ask is exactly why we have the DNSBL Inclusion policy and
require the free for some model.

We might need to kick up the need for the BLOCKED rule with instructions in
that description on how to disable the rules. What are your thoughts on
that?


--
Kevin A. McGrail
Member, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Jul 14, 2020 at 10:55 AM M. Omer GOLGELI <omer@chronos.com.tr>
wrote:

> July 11, 2020 1:33 PM, "Riccardo Alfieri" <riccardo.alfieri@spamteq.com>
> wrote:
>
> > Excuse me but isn't it at least "fair" that, if you use a service
> provided by others for commercial
> > purposes, you pay for that service that contributes to your income?
>
> It is fair.
>
> Unless you have been unknowingly using it and weren't aware of the limits.
>
> But maybe this kind of RBLs shouldn't be on by default due to their
> commercial nature and must be left to the user to activate after
> installation.
>
>
>
>
>
> M. Omer GOLGELI
>

M. Omer GOLGELI skrev den 2020-07-14 16:55:

> It is fair.

+1

> Unless you have been unknowingly using it and weren't aware of the
> limits.

+1

> But maybe this kind of RBLs shouldn't be on by default due to their
> commercial nature and must be left to the user to activate after
> installation.

why is any plugins turned on by default ?

spamassassin could make all disabled by default, only enable check
plugin to make --lint testing, hurra sa wont work, scream :=====)))))