Mail from Spamcop being blocked!!!

[dcarlson]

It's sort of ironic. I attempted to report some spam but have forgotten my password. I went to the page to have the password sent to me and the mail from spamcop was blocked by blackholes.five-ten-sg.com.

554 Service unavailable; Client host [64.74.133.248] blocked using blackholes.five-ten-sg.com; added 2004-03-08; spam support - see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL14734 / added 2004-07-31; spam support - see http://www.spamhaus.org/SBL/sbl.lasso?query=SBL10031 / added 2004-07-31; spam support - transit for AS30038 whose entire 69.63.160.0/20 is on the SBL / added 2003-01-15; spam support - see http://www.spamhaus.org/sbl/listings.lasso?isp=internap.com / added 2003-05-20; spam support - ho; from=<service[at]admin.spamcop.net> to=<removed to protect the innocent> proto=ESMTP helo=<vmx1.spamcop.net>

[GraemeL]

It's sort of ironic.  I attempted to report some spam but have forgotten my password.  I went to the page to have the password sent to me and the mail from spamcop was blocked by blackholes.five-ten-sg.com.

I'm surprised that your ISP is using five-ten-sg. I find it much too extreme to use for blocking. Even using it for tagging has a high false positive rate.

[DavidT]

I'm surprised that your ISP is using five-ten-sg. I find it much too extreme to use for blocking. Even using it for tagging has a high false positive rate.

Indeed. You need to find a new email provider, dcarlson.

DT

[dcarlson]

Indeed. You need to find a new email provider, dcarlson.

DT

18105[/snapback]

Or maybe I should disable the use of five-ten-sg.

[GraemeL]

Or maybe I should disable the use of five-ten-sg.   

You probably should. I have a couple of boxes I use SPEWS L1 on and I wouldn't even think of using five-ten on them.

[Merlyn]

Anyone that uses blackholes.five-ten-sg.com does not want to receive mail from everyone on the web.

[dcarlson]

You probably should. I have a couple of boxes I use SPEWS L1 on and I wouldn't even think of using five-ten on them. 

18108[/snapback]

Well it doesn't really matter. The server is used for home/family only. I hate spam and that's why I use many RBL's, including five-ten as well as a couple of country blocks.

It seems much of the spam my family had been receiving was Korea and China based and using the cn.countries.nerd.dk list has eliminated the majority.

Using all the RBL's and Spamassassin, I've eliminated about 98% or more of the spam. A stray one gets through every now and then, but I'm pleased with the results.

[Merlyn]

I find a good combo is:

Blocklists:

sbl.spamhaus.org

opm.blitzed.org

cbl.abuseat.org

china.blackholes.us

cn-kr.blackholes.us

cn.rbl.cluecentral.net

hk.rbl.cluecentral.net

id.rbl.cluecentral.net

jp.rbl.cluecentral.net

kr.rbl.cluecentral.net

my.rbl.cluecentral.net

sg.rbl.cluecentral.net

th.rbl.cluecentral.net

tr.rbl.cluecentral.net

tw.rbl.cluecentral.net

vn.rbl.cluecentral.net

zombie.dnsbl.sorbs.net

hongkong.blackholes.us

id.rbl.cluecentral.net

japan.blackholes.us

korea.blackholes.us

malaysia.blackholes.us

relays.ordb.org

singapore.blackholes.us

dul.dnsbl.sorbs.net

misc.dnsbl.sorbs.net

http.dnsbl.sorbs.net

socks.dnsbl.sorbs.net

taiwan.blackholes.us

thailand.blackholes.us

turkey.blackholes.us

[Wazoo]

It sure seems like there's something missing in that list ... just can't seem to put my finger on it <g>

[dra007]

It sure seems like there's something missing in that list ... just can't seem to put my finger on it <g>

18128[/snapback]

merlyn.cluein.net?

[Merlyn]

I thought it was assumed???????

I shouldn't have to add it to the list.

[HKEY_LOCAL_MACHINE\SOFTWARE\BCWare\NoSPAM\Lookups\SPAMCOP]

"Enabled"=dword:00000001

"Description"="list from the prividers of SpamCop."

"DNS Domain"="bl.spamcop.net"

"Service URL"="http://spamcop.net/bl.shtml"

[michaelanglo]

It sure seems like there's something missing in that list ... just can't seem to put my finger on it <g>

18128[/snapback]

Actually there is. No Brazil.

Which brings me to a nerdy question.

I have brazil.blackholes.us in my smapcop mail blocklist but of late it doesn't seem to be doing anything. Some spam stopped by SpamAssassin is from Brazil and one or two a week that gets through are from Brazil (reverse DNS or Spamcop report addie). example 201.1.201.56

There has been just one day recently (2004/09/27) on which brazil.blackholes.us has had an effect.

I reported some of these missing IPs to the email address given on the blackholes.us website, but can anyone throw any light. eg, how often are updates made in the light of new ip range allocations to Brazil's ISPs ?

Thanks

[GraemeL]

I have brazil.blackholes.us in my smapcop mail blocklist but of late it doesn't seem to be doing anything. Some spam stopped by SpamAssassin is from Brazil and one or two a week that gets through are from Brazil (reverse DNS or Spamcop report addie). example 201.1.201.56

Brazil isn't much of a spam source. It is a significant hoster of spamvertised sites though.

Korea, several large US broadband providers and China all dwarf Brazil as spam sources.

The highest Brazillian ISP on my current spam source statistics shows up at number 27.

[dra007]

>50% of spam advertized sites I get are Br, often in combination with cn and kr sites, if there only was a way to connect the blocking with the spam-advertized domains. Also, most of these domains bounce the reports, so reporting them doesn't seem to do much good. I often wonder if anyone is working on a solution to this problem. Seems a lot of this kind of spam is traveling the hijacked servers so it is coming back in no time. Since these are (to me anyways) the most criminal of spammers, often listed in more than one BL, isn't there a more effective way to deal with them?

[Ellen]

I find a good combo is:

Blocklists:

sbl.spamhaus.org

opm.blitzed.org

cbl.abuseat.org

china.blackholes.us

cn-kr.blackholes.us

cn.rbl.cluecentral.net

hk.rbl.cluecentral.net

id.rbl.cluecentral.net

jp.rbl.cluecentral.net

kr.rbl.cluecentral.net

my.rbl.cluecentral.net

sg.rbl.cluecentral.net

th.rbl.cluecentral.net

tr.rbl.cluecentral.net

tw.rbl.cluecentral.net

vn.rbl.cluecentral.net

zombie.dnsbl.sorbs.net

hongkong.blackholes.us

id.rbl.cluecentral.net

japan.blackholes.us

korea.blackholes.us

malaysia.blackholes.us

relays.ordb.org

singapore.blackholes.us

dul.dnsbl.sorbs.net

misc.dnsbl.sorbs.net

http.dnsbl.sorbs.net

socks.dnsbl.sorbs.net

taiwan.blackholes.us

thailand.blackholes.us

turkey.blackholes.us

18126[/snapback]

Good grief it would be easier to whitelist :-)

[Merlyn]

I have thought about that :-)

Ellen. if you look at my record over the past few years you will see I started reporting a few hundred a day and now it's about 2 or 3 a week :-)

Mailing lists still work and all clients are happy :-)

Blocklists are the only way to go.......

[Ellen]

I have thought about that :-)

Ellen. if you look at my record over the past few years you will see I started reporting a few hundred a day and now it's about 2 or 3 a week :-)

Mailing lists still work and all clients are happy :-)

Blocklists are the only way to go.......

18199[/snapback]

I guess I was just overwhlemed by the number of lists :-)