Great Circle Associates List-Managers
(February 2003)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: false positives
From: J C Lawrence <claw @ kanga . nu>
Date: Wed, 26 Feb 2003 11:52:50 -0800
To: "Angel Rivera" <angel @ wolf . com>
Cc: list-managers @ greatcircle . com
In-reply-to: Message from "Angel Rivera" <angel @ wolf . com> of "Wed, 26 Feb 2003 19:44:33 GMT." <20030226194433 . 20116 . qmail @ houston . wolf . com>
References: <tneff @ grassyhill . net> <130798312 . 1046214147 @ [192 . 168 . 254 . 79]> <3E5BF111 . 13482 . A908AAE @ localhost> <1399 . 1046242169 @ kanga . nu> <20030226113300 . 21046 . qmail @ houston . wolf . com> <19087 . 1046288052 @ kanga . nu> <20030226194433 . 20116 . qmail @ houston . wolf . com>

On Wed, 26 Feb 2003 19:44:33 GMT 
Angel Rivera <angel @
 wolf .
 com> wrote:
> J C Lawrence writes:
>> On Wed, 26 Feb 2003 11:33:00 GMT Angel Rivera <angel @
 wolf .
 com> wrote:
>>> J C Lawrence writes:

>> Accepted, partially.  Various RBLs have a tendency to mark associated
>> netblocks, which I find deceptive.

> ah, but I don't find those deceptive-at least in those I use. SPEWS,
> for example will expand the blocked IPs if they do not act on
> complaints-the theory being to give them a little finacial push for
> them to do the right thing.

I should clarify.  I don't find it deceptive on the part of the RBL
operator as most of them are quite forward about that, but deceptive on
the part of the resultant behaviour of my RBL tool: I loose mail via
collateral damage without direct opportunity to review or alter the
criteria creating that umbra.  That's deceptive as I use the tool to
only catch nodes which are directly misbehaving and don't have a means
of distinguishing.

> I do use razor and have submitted some spam.  

I have a variety of addresses, some static, and some dictionary/CGI
derived which pipe directly to razor-report.  They don't get a lot of
traffic, but they do get enough to seem worthwhile.

> I don't use TMDA-more nuisance than I want to deal with.  

At this point I have TMDA down to the point where I simply ignore it.
For those addresses on which its active I get periodic messages
detailing new arrivals in the hold queue which I glance at occasionally
(for things like the stats that I quoted earlier), but that's it.  It
runs itself.

What I haven't yet done fully is integrating TMDA with my mail sending
patterns so I can more transparently use things like dated or sender
addresses.  I'll probably do that before too lone (I've got a little
Exim recipe cooked up that makes it site-wide with per-user

> I do like the idea of configuring SpamAssassin so each user can
> configure their own whitelists as they choose, so I will most likely
> be heading in that direction.

The Debian/Linux package does a rather nice job there.

J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw @
 kanga .
 nu               He lived as a devil, eh?  Evil is a name of a foeman, as I live.

Indexed By Date Previous: Re: false positives
From: "Angel Rivera" <angel @ wolf . com>
Next: Re: Godwin's Law... and more
From: Greg Woods <woods @ ucar . edu>
Indexed By Thread Previous: Re: false positives
From: "Angel Rivera" <angel @ wolf . com>
Next: Re: false positives
From: Chuq Von Rospach <chuqui @ plaidworks . com>

Search Internet Search