nanog mailing list archives
Re: Spamhaus...
From: "Crist Clark" <Crist.Clark () globalstar com>
Date: Thu, 18 Feb 2010 12:36:22 -0800
On 2/18/2010 at 11:47 AM, Michelle Sullivan <matthew () sorbs net> wrote:Crist Clark wrote:We received such a message from a Spamhaus Datafeed reseller and eventually had our DNS servers blocked. What angered me was that I analyzed our usage, and we were well below the thresholds and met the TOS published at the Spamhaus website for no-cost use. However, they said we had to subscribe to the Datafeed despite that because we have a Barracuda appliance.Well aside from I remember reading that they look for Barracuda Appliances*, it does say on: http://www.spamhaus.org/organization/dnsblusage.html *Definition: "non-commercial use" is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services.
We do not fit into that. We are not selling an appliance or service to others (the 'Cuda is for our internal corporate email only, not customers). If we were still using my home-built SpamAssassin system, it'd be OK to use Spamhaus. Now that we've purchased an appliance and manually added a Spamhaus to the user-customizable DNSBL list on it, it's not OK?
And I want to know how they figured out we had a Barracuda.* well have you considered that the Barracuda may be very specific in it's IP stack, or they signature it produces in queries etc. Might have a very specific open port for administration - and not forgetting that if it's making queries very directly it's exposing it's IP address and therefore can be tested very simply. Many different ways, and I bet I could find out if I were to have a device to look at.
I have considered that, but it would seem it must be some signature in the queries. It does not query directly, but through our own caching DNS servers (I won't name the DNS server software, but its initials are B.I.N.D.).
Current thread:
- Re: Spamhaus..., (continued)
- Re: Spamhaus... Patrick W. Gilmore (Feb 17)
- RE: Spamhaus... Paul Stewart (Feb 17)
- Re: Spamhaus... Matthew Black (Feb 17)
- Re: Spamhaus... John Levine (Feb 17)
- Re: Spamhaus... Dave Sparro (Feb 18)
- Re: Spamhaus... John Levine (Feb 17)
- Re: Spamhaus... Jason Bertoch (Feb 17)
- Re: Spamhaus... Michelle Sullivan (Feb 18)
- Re: Spamhaus... Crist Clark (Feb 18)
- Re: Spamhaus... William Warren (Feb 18)
- Re: Spamhaus... Michelle Sullivan (Feb 18)
- Re: Spamhaus... Crist Clark (Feb 18)
- Re: Spamhaus... Larry Sheldon (Feb 18)
- Re: Spamhaus... James Hess (Feb 18)
- Re: Spamhaus... Jon Lewis (Feb 18)
- Re: Spamhaus... Crist Clark (Feb 18)
- Re: Spamhaus... Michelle Sullivan (Feb 18)
- Re: Spamhaus... Michelle Sullivan (Feb 18)
- Re: Spamhaus... Patrick W. Gilmore (Feb 17)
- Re: Spamhaus... Rich Kulawiec (Feb 19)
- Re: Spamhaus... Michelle Sullivan (Feb 19)
- Re: Spamhaus... Bjørn Mork (Feb 19)
- Re: Spamhaus... Michelle Sullivan (Feb 19)
- Re: Spamhaus... Rich Kulawiec (Feb 19)