nanog mailing list archives
Re: Spamhaus...
From: James Hess <mysidia () gmail com>
Date: Sat, 20 Feb 2010 19:17:39 -0600
On Sat, Feb 20, 2010 at 6:25 PM, Jon Lewis <jlewis () lewis org> wrote:
it off to jail. The questions of when/whether/and to who bounces should be sent is a debate for spam-l or nanae.
I don't know about that. Bounce handling is not a question of spam filtering. Spam or not is orthogonal to the issue of forged return path. There really should be nothing to debate, except in the context of a protocol discussion, as the current internet standards are pretty clear and specifically inflexible on how internet mail hosts must handle error conditions. Just like TCP rfc793 is clear on how internet mail hosts must handle connection establishment.
cache probably won't help. I know at least some of these orgs aggregate queries either per RIR assigned CIDR or per ASN, so spreading the queries out isn't likely to get you around the issue.
When contacted by the DNSBl, perhaps you inform the end-users to make DNSBL queries directly against DNSBL servers, directly from the mail server which is in their SWIP'ed IP range. There is little else you can do, isn't there?
So, do you pay, and setup your own local copy of the zones? Let them block your servers/network and let those of your customers who care make their own arrangements for continued access?
That depends on the importance of the DNSBL. Spamhaus' description of rsync datafeed service on their web site appears to be incompatible with an ISP setting up a local copy and allowing customers to query. When setting up a local copy of the zone, you pay by "Number of e-mail users". See the problem? As an ISP serving a local copy of the zone to customer mail servers, you don't know how many mailboxes they have. Maybe i'm mistaken, but it appears each end user has to buy the service for their own mail servers, and the ISP isn't allowed to bypass that. For the purpose of the agreements with spamhaus, an ISP customer is probably considered a third party, and making a rbldns server available to them is disclosing spamhaus' secret DNSBL zone information.... -- -J
Current thread:
- Re: Spamhaus..., (continued)
- Re: Spamhaus... John Levine (Feb 18)
- Re: Spamhaus... Marc Powell (Feb 19)
- Re: Spamhaus... Michelle Sullivan (Feb 19)
- Re: Spamhaus... Larry Sheldon (Feb 19)
- Re: Spamhaus... Marc Powell (Feb 20)
- Re: Spamhaus... Patrick W. Gilmore (Feb 20)
- Re: Spamhaus... Roger Marquis (Feb 20)
- Re: Spamhaus... Robert Bonomi (Feb 20)
- Re: Spamhaus... James Hess (Feb 20)
- Re: Spamhaus... Jon Lewis (Feb 20)
- Re: Spamhaus... James Hess (Feb 20)
- Re: Spamhaus... John Levine (Feb 20)
- Re: Spamhaus... Graeme Fowler (Feb 21)
- Re: Spamhaus... James Hess (Feb 20)
- Re: Spamhaus... Michelle Sullivan (Feb 21)
- Re: Spamhaus... Jon Lewis (Feb 21)
- Re: Spamhaus... Tony Finch (Feb 21)
- Re: Spamhaus... Michelle Sullivan (Feb 21)
- Re: Spamhaus... Jon Lewis (Feb 21)
- Re: DNSBLs other than Spamhaus... John Levine (Feb 21)
- Re: Spamhaus... Larry Sheldon (Feb 21)
- Re: Spamhaus... Matthias Leisi (Feb 21)