Jump to content

[Resolved] Composite Blocking List (CBL) - listing discrepancy


Recommended Posts

Can we please know the ongoing approx target time for changes in CBL's listing to be picked up by SC?

- The original incidents failed again just now (I'll repeat each day or two) but, without SC's approx target refresh time, it's not clear whether this observation is bad or just indifferent....

Well according to JT's own words:

Anyway, we are now updating our local copy directly from the CBL people themselves, so it should all be up to date.
I would assume it should be working correctly already. If not, you should probably present the evidence (tracking URL's being the best way) to JT directly at support[at]spamcop.net
Link to comment
Share on other sites

Can we please know the ongoing approx target time for changes in CBL's listing to be picked up by SC?

- The original incidents failed again just now (I'll repeat each day or two) but, without SC's approx target refresh time, it's not clear whether this observation is bad or just indifferent....

I'm not sure I understand .... the use of the CBL would be in "incoming" e-mail .... why/how/whatever would the "original incifents just filed again .. will try again in a few days ..." .... I don't follow that ... you have the means to 'create' new e-mail from the places you wish the filters/BLs to handle ...????

Link to comment
Share on other sites

I'm not sure I understand .... the use of the CBL would be in "incoming" e-mail .... why/how/whatever would the "original incifents just filed again .. will try again in a few days ..." .... I don't follow that ... you have the means to 'create' new e-mail from the places you wish the filters/BLs to handle ...????

It's the most useless of the blocklists we use anyhow I vote for its removal. Do not see the point in installing junk just for the sake of it?

Link to comment
Share on other sites

It's the most useless of the blocklists we use anyhow I vote for its removal. Do not see the point in installing junk just for the sake of it?

Not sure what you mean here. The CBL blocks TONS of stuff. It's a very fast, very accurate list of zombied and otherwise hacked machines. Because of the way they pick stuff up, they will often identify these hacked hosts before the SpamCop blacklist picks them up.

JT

Link to comment
Share on other sites

So far not seen CBL catch much of anything. the highest recorded score goes to SpamAssasin SCBL then the country blocklists like China Brazil etc. Not see the need to pander to CBL. In fact would rather have if needed be another choice I know they tout themselves up but I rarely see them catch anything that is not already being stopped or in the SCBL (and I check)

IMO CBL are run by identities that have never been SpamCop friendly! Reality in-fact very active in trying over many years to bring SpamCop down so do take care (Not a wise choice to give them any credibility they are a poison pill)

Link to comment
Share on other sites

So far not seen CBL catch much of anything. the highest recorded score goes to SpamAssasin SCBL then the country blocklists like China Brazil etc. Not see the need to pander to CBL. In fact would rather have if needed be another choice I know they tout themselves up but I rarely see them catch anything that is not already being stopped or in the SCBL (and I check)

Well, I will agree with you since SpamAssassin was changed to check first on my SpamCop account. Before that, however, CBL was my second biggest BL behind spamcop.

Link to comment
Share on other sites

Well, I will agree with you since SpamAssassin was changed to check first on my SpamCop account. Before that, however, CBL was my second biggest BL behind SpamCop.

Skulduggery tactics with those attacking SpamCop is not new, As I am finding zero use of the CBL I expect mystically I will shortly :excl: As you but no one else already is?

Again today Spamassasin and SpamCop's Blocklist the only ones doing the blocking as usual CBL have no mention. They also go on about not listing mail servers?

Stupid concept as many spam friendly servers are improperly set-up conceal the IP source and I don't want or need their spam.

SpamCop does not block these incompetent fools straight away and always tries to inform them of their abuse problems

When SpamCop does a parse it checks with a number of blocking lists to see CBL are one of such (ineffective) list.

Even then they are slow and behind SpamCop Blocklist (SCBL) in listing IP's. I do not See it as a very good/effective blocklist at best

Not sure if the CBL list afflicts the running of the mail servers my problem is the antics of those that seem to be behind it in trying to harm SpamCop and would not miss seeing the CBL if removed

Link to comment
Share on other sites

I'm not sure I understand .... the use of the CBL would be in "incoming" e-mail .... why/how/whatever would the "original incifents just filed again .. will try again in a few days ..." .... I don't follow that ... you have the means to 'create' new e-mail from the places you wish the filters/BLs to handle ...????

Good news! I recreated the original incidents today (by resubmitting for SC parsing the emails sent to me which SC had CBL-blocked before); and SC reported the relevant IPs as "not listed", in line with the real CBL.

Link to comment
Share on other sites

Good news! I recreated the original incidents today (by resubmitting for SC parsing the emails sent to me which SC had CBL-blocked before); and SC reported the relevant IPs as "not listed", in line with the real CBL.

The PARSER reporting an IP in CBL is completely different than the Smapcop webmail filters reporting it as being listed. The first case is only informational. The second case will cause a message to be sent to the Held Mail folder if the CBL is chosen.

All this time I thought we were discussing the second case (webmail filtering). If so, this test has no relevance. The test you describe is done on completely different systems on different sides of the US.

Link to comment
Share on other sites

The PARSER reporting an IP in CBL is completely different than the Smapcop webmail filters reporting it as being listed. The first case is only informational. The second case will cause a message to be sent to the Held Mail folder if the CBL is chosen.

All this time I thought we were discussing the second case (webmail filtering). If so, this test has no relevance. The test you describe is done on completely different systems on different sides of the US.

To recap, the original incidents involved checking SC's CBL-related filtering versus the "real" CBL list from CBL's website, and double-checking each time with the CBL organisation. This showed that SC's source for CBL listing was out of date, and JT stated that SC had taken steps to resolve this.

Tests for verifying the resolution were then done on the original (not re-mailed) emails, and SC's output from the final test was:-

(a) "82.110.105.65 not listed in cbl.abuseat.org" for one original email, and "88.144.66.221 not listed in cbl.abuseat.org" for the other; whereas...

( B)SC had originally given false positives (posted earlier) to these IPs, by outputting "blocked.cbl.abuseat.org" messages and placing the emails into "held mail".

Your comment suggests in effect that the output at ( a) above was from a subsystem of SC different to the one which produced (B), so that:

- each subsystem may have used a base version of CBL different to the other

- the subsystem producing (B) was not in fact verified by this test

- the test was thus not conclusive

If so, thanks for pointing this out.

Either way, I'll have to leave this now as the test was an "optional extra" - as much as I could devise as a user armed with the original emails only....

Please note that " smiley face" in my view of the above posting should read as ""...

Link to comment
Share on other sites

Your comment suggests in effect that the output at ( a) above was from a subsystem of SC

This fact exists in numerous places. You original complaint was an issue with the SpamCop.net e-mail account stuff which is handled on hardware owned, maintained by JT in Georgia, U.s. (east coast) ...

Your "checking" which does not relate to anything is being applied against the Parsing and Reporting system, which is harware owned, maintained by IronPort out in California, U.S. (west coast) ....

There is no connection for what you are trying to demonstrate. Please note my original reply to your "testing results" posting, when I was asking how you managed to create new e-mail from those same sources ....

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...