Jump to content
Sign in to follow this  
GusB

[Resolved] Composite Blocking List (CBL) - listing discrepancy

Recommended Posts

Can we please know the ongoing approx target time for changes in CBL's listing to be picked up by SC?

- The original incidents failed again just now (I'll repeat each day or two) but, without SC's approx target refresh time, it's not clear whether this observation is bad or just indifferent....

Well according to JT's own words:

Anyway, we are now updating our local copy directly from the CBL people themselves, so it should all be up to date.
I would assume it should be working correctly already. If not, you should probably present the evidence (tracking URL's being the best way) to JT directly at support[at]spamcop.net

Share this post


Link to post
Share on other sites
Can we please know the ongoing approx target time for changes in CBL's listing to be picked up by SC?

- The original incidents failed again just now (I'll repeat each day or two) but, without SC's approx target refresh time, it's not clear whether this observation is bad or just indifferent....

I'm not sure I understand .... the use of the CBL would be in "incoming" e-mail .... why/how/whatever would the "original incifents just filed again .. will try again in a few days ..." .... I don't follow that ... you have the means to 'create' new e-mail from the places you wish the filters/BLs to handle ...????

Share this post


Link to post
Share on other sites
I'm not sure I understand .... the use of the CBL would be in "incoming" e-mail .... why/how/whatever would the "original incifents just filed again .. will try again in a few days ..." .... I don't follow that ... you have the means to 'create' new e-mail from the places you wish the filters/BLs to handle ...????

It's the most useless of the blocklists we use anyhow I vote for its removal. Do not see the point in installing junk just for the sake of it?

Share this post


Link to post
Share on other sites
It's the most useless of the blocklists we use anyhow I vote for its removal. Do not see the point in installing junk just for the sake of it?

Not sure what you mean here. The CBL blocks TONS of stuff. It's a very fast, very accurate list of zombied and otherwise hacked machines. Because of the way they pick stuff up, they will often identify these hacked hosts before the SpamCop blacklist picks them up.

JT

Share this post


Link to post
Share on other sites

So far not seen CBL catch much of anything. the highest recorded score goes to SpamAssasin SCBL then the country blocklists like China Brazil etc. Not see the need to pander to CBL. In fact would rather have if needed be another choice I know they tout themselves up but I rarely see them catch anything that is not already being stopped or in the SCBL (and I check)

IMO CBL are run by identities that have never been SpamCop friendly! Reality in-fact very active in trying over many years to bring SpamCop down so do take care (Not a wise choice to give them any credibility they are a poison pill)

Share this post


Link to post
Share on other sites
So far not seen CBL catch much of anything. the highest recorded score goes to SpamAssasin SCBL then the country blocklists like China Brazil etc. Not see the need to pander to CBL. In fact would rather have if needed be another choice I know they tout themselves up but I rarely see them catch anything that is not already being stopped or in the SCBL (and I check)

Well, I will agree with you since SpamAssassin was changed to check first on my SpamCop account. Before that, however, CBL was my second biggest BL behind spamcop.

Share this post


Link to post
Share on other sites
Well, I will agree with you since SpamAssassin was changed to check first on my SpamCop account. Before that, however, CBL was my second biggest BL behind SpamCop.

Skulduggery tactics with those attacking SpamCop is not new, As I am finding zero use of the CBL I expect mystically I will shortly :excl: As you but no one else already is?

Again today Spamassasin and SpamCop's Blocklist the only ones doing the blocking as usual CBL have no mention. They also go on about not listing mail servers?

Stupid concept as many spam friendly servers are improperly set-up conceal the IP source and I don't want or need their spam.

SpamCop does not block these incompetent fools straight away and always tries to inform them of their abuse problems

When SpamCop does a parse it checks with a number of blocking lists to see CBL are one of such (ineffective) list.

Even then they are slow and behind SpamCop Blocklist (SCBL) in listing IP's. I do not See it as a very good/effective blocklist at best

Not sure if the CBL list afflicts the running of the mail servers my problem is the antics of those that seem to be behind it in trying to harm SpamCop and would not miss seeing the CBL if removed

Share this post


Link to post
Share on other sites
I'm not sure I understand .... the use of the CBL would be in "incoming" e-mail .... why/how/whatever would the "original incifents just filed again .. will try again in a few days ..." .... I don't follow that ... you have the means to 'create' new e-mail from the places you wish the filters/BLs to handle ...????

Good news! I recreated the original incidents today (by resubmitting for SC parsing the emails sent to me which SC had CBL-blocked before); and SC reported the relevant IPs as "not listed", in line with the real CBL.

Share this post


Link to post
Share on other sites
Good news! I recreated the original incidents today (by resubmitting for SC parsing the emails sent to me which SC had CBL-blocked before); and SC reported the relevant IPs as "not listed", in line with the real CBL.

The PARSER reporting an IP in CBL is completely different than the Smapcop webmail filters reporting it as being listed. The first case is only informational. The second case will cause a message to be sent to the Held Mail folder if the CBL is chosen.

All this time I thought we were discussing the second case (webmail filtering). If so, this test has no relevance. The test you describe is done on completely different systems on different sides of the US.

Share this post


Link to post
Share on other sites
The PARSER reporting an IP in CBL is completely different than the Smapcop webmail filters reporting it as being listed. The first case is only informational. The second case will cause a message to be sent to the Held Mail folder if the CBL is chosen.

All this time I thought we were discussing the second case (webmail filtering). If so, this test has no relevance. The test you describe is done on completely different systems on different sides of the US.

To recap, the original incidents involved checking SC's CBL-related filtering versus the "real" CBL list from CBL's website, and double-checking each time with the CBL organisation. This showed that SC's source for CBL listing was out of date, and JT stated that SC had taken steps to resolve this.

Tests for verifying the resolution were then done on the original (not re-mailed) emails, and SC's output from the final test was:-

(a) "82.110.105.65 not listed in cbl.abuseat.org" for one original email, and "88.144.66.221 not listed in cbl.abuseat.org" for the other; whereas...

( B)SC had originally given false positives (posted earlier) to these IPs, by outputting "blocked.cbl.abuseat.org" messages and placing the emails into "held mail".

Your comment suggests in effect that the output at ( a) above was from a subsystem of SC different to the one which produced (B), so that:

- each subsystem may have used a base version of CBL different to the other

- the subsystem producing (B) was not in fact verified by this test

- the test was thus not conclusive

If so, thanks for pointing this out.

Either way, I'll have to leave this now as the test was an "optional extra" - as much as I could devise as a user armed with the original emails only....

Please note that " smiley face" in my view of the above posting should read as ""...

Share this post


Link to post
Share on other sites
Your comment suggests in effect that the output at ( a) above was from a subsystem of SC

This fact exists in numerous places. You original complaint was an issue with the SpamCop.net e-mail account stuff which is handled on hardware owned, maintained by JT in Georgia, U.s. (east coast) ...

Your "checking" which does not relate to anything is being applied against the Parsing and Reporting system, which is harware owned, maintained by IronPort out in California, U.S. (west coast) ....

There is no connection for what you are trying to demonstrate. Please note my original reply to your "testing results" posting, when I was asking how you managed to create new e-mail from those same sources ....

Share this post


Link to post
Share on other sites

Thank you for clearing that up. I knew we had found a problem with the spamcop mail service. I was just making sure that actually fixed your original complaint. This has now reached dead horse stage ;) No more beatings, please.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×