Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

New free blacklist: BRBL - Barracuda Reputation Block List

  

 
First page Previous page 1 2 3 4 5 Next page Last page  View All SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


jeffc at surbl

Sep 20, 2008, 11:51 PM

Post #1 of 110 (966 views)
Permalink
New free blacklist: BRBL - Barracuda Reputation Block List
[.Pardon the spam; thought this new blacklist might be worth at
least trying.]

Apparently Barracuda will be publishing a free-to-use sender
blacklist called BRBL:

http://www.barracudacentral.org/rbl

Haven't tried it myself but thought it may be of interest.

Cheers,

Jeff C.
--
Jeff Chan
mailto:jeffc[at]surbl.org
http://www.surbl.org/


newslists at pessimists

Sep 21, 2008, 1:06 PM

Post #2 of 110 (910 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
On Sat, 2008-09-20 at 23:51 -0700, Jeff Chan wrote:
> Haven't tried it myself but thought it may be of interest.

I wonder if it will include the barracuda devices that are set to
backscatter?
--
-Andy

Philosophy is a battle against the bewitchment
of our intelligence by means of language.
- Ludwig Wittgenstein


LConrad at Go2France

Sep 21, 2008, 4:18 PM

Post #3 of 110 (910 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
We're trying it today.

For the same period of about 4.5 hours, zen had about 110 hits, while b.barracuda had about 165.

Len


______________________________________________
IMGate OpenSource Mail Firewall www.IMGate.net


sahil at tandon

Sep 21, 2008, 5:26 PM

Post #4 of 110 (910 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Len Conrad <LConrad[at]Go2France.com> wrote:

> For the same period of about 4.5 hours, zen had about 110 hits, while
> b.barracuda had about 165.

What about overlap? Were the barracuda hits only those that skipped by
zen? Thanks.

--
Sahil Tandon <sahil[at]tandon.net>


LConrad at Go2France

Sep 21, 2008, 7:14 PM

Post #5 of 110 (906 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
>> For the same period of about 4.5 hours, zen had about 110 hits, while
>> b.barracuda had about 165.
>
>What about overlap? Were the barracuda hits only those that skipped by
>zen? Thanks.

for the same period, zen = 153 hits, barracuda = 226 hits

when I comm the two sorted files, zen and barra, of hit IPs, no IPs are common.

I didn't believe this, so I wrote a script that looped over one file and grepped for its IPs in the other file, and vice versa. :) Same result.

I find it hard to believe. Even for such a small sample, 0% overlap? If barracuda is as accurate as zen, great.

Len



______________________________________________
IMGate OpenSource Mail Firewall www.IMGate.net


mouss at netoyen

Sep 21, 2008, 11:30 PM

Post #6 of 110 (904 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Len Conrad wrote:
>>> For the same period of about 4.5 hours, zen had about 110 hits, while
>>> b.barracuda had about 165.
>> What about overlap? Were the barracuda hits only those that skipped by
>> zen? Thanks.
>
> for the same period, zen = 153 hits, barracuda = 226 hits
>
> when I comm the two sorted files, zen and barra, of hit IPs, no IPs are common.
>
> I didn't believe this, so I wrote a script that looped over one file and grepped for its IPs in the other file, and vice versa. :) Same result.
>
> I find it hard to believe. Even for such a small sample, 0% overlap? If barracuda is as accurate as zen, great.
>


do these numbers take into account zen blocking at smtp level (on your
server or before)?


uhlar at fantomas

Sep 22, 2008, 3:13 AM

Post #7 of 110 (900 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
> >> For the same period of about 4.5 hours, zen had about 110 hits, while
> >> b.barracuda had about 165.
> >
> >What about overlap? Were the barracuda hits only those that skipped by
> >zen? Thanks.

On 21.09.08 21:14, Len Conrad wrote:
> for the same period, zen = 153 hits, barracuda = 226 hits

There's no problem in creating blacklist that will have 100% hitrate :)

The problem is in false positives - you won't get any mail with it

--
Matus UHLAR - fantomas, uhlar[at]fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse


Chris.Russell at knowledgeit

Sep 22, 2008, 3:24 AM

Post #8 of 110 (904 views)
Permalink
RE: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
> The problem is in false positives - you won't get any mail with it

I've had servers listed on Barracuda before, despite 17 emails to their
support systems we never had any response, and had to change a customers
mail architecture to compensate.

Very wary of them ..

Chris


dan.mcdonald at austinenergy

Sep 22, 2008, 4:47 AM

Post #9 of 110 (901 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
> We're trying it today.
>
> For the same period of about 4.5 hours, zen had about 110 hits, while b.barracuda had about 165.

In about 26 hours I had 885 hits on b.barracuda, and 309 hits on the
various zen lists.

Zen had only 18 unique hits,

$ grep -c BRBL /var/log/mail/info
885
$ grep -c XBL /var/log/mail/info
270
$ grep -c -P BRBL.+XBL /var/log/mail/info
260
$ grep -c PBL /var/log/mail/info
4
$ grep -c -P BRBL.+PBL /var/log/mail/info
4
$ grep -c SBL /var/log/mail/info
35
$ grep -c -P BRBL.+SBL /var/log/mail/info
27

The numbers might be slightly worse for zen, since I had a couple of
multiple-zen hits:
$ grep -c -P BRBL.+[PSX]BL.+[PSX]BL /var/log/mail/info
3

I'm currently scoring it a 1.00, if it really is accurate I would like
to increase it.
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com


dave.list at pixelhammer

Sep 22, 2008, 5:43 AM

Post #10 of 110 (903 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Jeff Chan wrote:
> [.Pardon the spam; thought this new blacklist might be worth at
> least trying.]
>
> Apparently Barracuda will be publishing a free-to-use sender
> blacklist called BRBL:
>
> http://www.barracudacentral.org/rbl
>
> Haven't tried it myself but thought it may be of interest.

We have a system in use for members of a specific group within the
state. The system takes a list of ID numbers from an email and returns a
result for each number back to the sender. It requires a paid membership
and a manual verification by a human to sign up for the service. The
result emails are very structured, no images, plain text, proper and
complete headers. We have several clients who have the result emails
captured by the Barracuda Reputation System, they cannot seem to get the
result emails past their Barracuda. Other clients have no issues at all.

I have three other clients who we do spam filtering for, they have a
Barracuda between our spam filtering server and their Exchange servers.
They often trap their own intra office mail. Frank in LA emails Bob in
Atlanta, the Atlanta Barracuda says "spam" and bounces the message back
to Frank, then Frank's Barracuda says "spam" and bounces the message
back to Bob. They do not seem to be able to make it stop doing so and
will not pay for a tech to come onsite and investigate. I have a special
"slow" mail queue I dump their traffic into.

If the reputation is based on spam tagged from client managed systems I
would think it not much to count on.

DAve


--
Don't tell me I'm driving the cart!


sm at resistor

Sep 22, 2008, 6:22 AM

Post #11 of 110 (891 views)
Permalink
RE: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
At 03:24 22-09-2008, Chris Russell wrote:
> I've had servers listed on Barracuda before, despite 17 emails to their
>support systems we never had any response, and had to change a customers
>mail architecture to compensate.

It's a free blacklist. People will use it until they get listed and
find out that there is no way to get unlisted as the blacklist is
said to be accurate or there's no delisting policy.

This new free blacklist has not published its listing methodology
yet. There is a removal request link. I'll wait for someone to get
listed to find out whether that actually works.

Regards,
-sm


jm at jmason

Sep 22, 2008, 6:43 AM

Post #12 of 110 (891 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
SM writes:
> At 03:24 22-09-2008, Chris Russell wrote:
> > I've had servers listed on Barracuda before, despite 17 emails to their
> >support systems we never had any response, and had to change a customers
> >mail architecture to compensate.
>
> It's a free blacklist. People will use it until they get listed and
> find out that there is no way to get unlisted as the blacklist is
> said to be accurate or there's no delisting policy.
>
> This new free blacklist has not published its listing methodology
> yet. There is a removal request link. I'll wait for someone to get
> listed to find out whether that actually works.

The fact that there's a prominent removal-request link is a good
sign, in my opinion ;) Let's see how it goes.

--j.


ka at pacific

Sep 22, 2008, 6:55 AM

Post #13 of 110 (888 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
DAve wrote:
> Jeff Chan wrote:
>> [.Pardon the spam; thought this new blacklist might be worth at
>> least trying.]
>>
>> Apparently Barracuda will be publishing a free-to-use sender
>> blacklist called BRBL:
>>
>> http://www.barracudacentral.org/rbl
>>
>> Haven't tried it myself but thought it may be of interest.
>
> We have a system in use for members of a specific group within the
> state. The system takes a list of ID numbers from an email and returns a
> result for each number back to the sender. It requires a paid membership
> and a manual verification by a human to sign up for the service. The
> result emails are very structured, no images, plain text, proper and
> complete headers. We have several clients who have the result emails
> captured by the Barracuda Reputation System, they cannot seem to get the
> result emails past their Barracuda. Other clients have no issues at all.
>
> I have three other clients who we do spam filtering for, they have a
> Barracuda between our spam filtering server and their Exchange servers.
> They often trap their own intra office mail. Frank in LA emails Bob in
> Atlanta, the Atlanta Barracuda says "spam" and bounces the message back
> to Frank, then Frank's Barracuda says "spam" and bounces the message
> back to Bob. They do not seem to be able to make it stop doing so and
> will not pay for a tech to come onsite and investigate. I have a special
> "slow" mail queue I dump their traffic into.
>
> If the reputation is based on spam tagged from client managed systems I
> would think it not much to count on.

I hope that's not how it's managed! We regularly see barracudas bounce
email with PBL listed IPs in the received headers (NOT the connecting
server). MailMarshall does this too, if properly misconfigured. :-(
Ken

>
> DAve
>
>


--
Ken Anderson
Pacific.Net


Ralf.Hildebrandt at charite

Sep 22, 2008, 6:59 AM

Post #14 of 110 (889 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
* Justin Mason <jm[at]jmason.org>:

> The fact that there's a prominent removal-request link is a good
> sign, in my opinion ;) Let's see how it goes.

My top rejections for today are:

% fgrep www.barracudanetworks.com/reputation /var/log/mail.log |
awk '{print $10}' | sort |uniq -c | sort -n | tail

18 mx35.ispgateway.de[80.67.29.41]:
x 18 unknown[203.210.244.169]:
x 18 unknown[62.64.92.218]:
x 18 unknown[77.222.138.14]:
x 19 unknown[194.186.250.230]:
21 mx20.ispgateway.de[80.67.18.53]:
21 mx43.ispgateway.de[80.67.29.52]:
x 22 unknown[222.124.11.83]:
24 mx31.ispgateway.de[80.67.29.35]:
x 28 smtp-out.orange.net[193.252.22.118]:

The hosts marked x can be found in other RBLs (I used openrbl.org to
check).

--
Ralf Hildebrandt (i.A. des GB IT) Ralf.Hildebrandt[at]charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
Geschäftsbereich IT Standort CBF I'm looking for a job!


jpiszcz at lucidpixels

Sep 22, 2008, 7:14 AM

Post #15 of 110 (889 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
On Mon, 22 Sep 2008, Daniel J McDonald wrote:

> On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
>> We're trying it today.
>>
>> For the same period of about 4.5 hours, zen had about 110 hits, while b.barracuda had about 165.
>
> In about 26 hours I had 885 hits on b.barracuda, and 309 hits on the
> various zen lists.
>
> Zen had only 18 unique hits,
>
> $ grep -c BRBL /var/log/mail/info
> 885
> $ grep -c XBL /var/log/mail/info
> 270
> $ grep -c -P BRBL.+XBL /var/log/mail/info
> 260
> $ grep -c PBL /var/log/mail/info
> 4
> $ grep -c -P BRBL.+PBL /var/log/mail/info
> 4
> $ grep -c SBL /var/log/mail/info
> 35
> $ grep -c -P BRBL.+SBL /var/log/mail/info
> 27
>
> The numbers might be slightly worse for zen, since I had a couple of
> multiple-zen hits:
> $ grep -c -P BRBL.+[PSX]BL.+[PSX]BL /var/log/mail/info
> 3
>
> I'm currently scoring it a 1.00, if it really is accurate I would like
> to increase it.
> --
> Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
> Austin Energy
> http://www.austinenergy.com
>

Hmm I signed up for this 1-2 days ago but never got a confirmation e-mail
from them? What is the RBL name?

Justin.


dan.mcdonald at austinenergy

Sep 22, 2008, 7:23 AM

Post #16 of 110 (885 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
On Mon, 2008-09-22 at 10:14 -0400, Justin Piszcz wrote:
>
> On Mon, 22 Sep 2008, Daniel J McDonald wrote:
>
> > On Sun, 2008-09-21 at 18:18 -0500, Len Conrad wrote:
> >> We're trying it today.
> >
>
> Hmm I signed up for this 1-2 days ago but never got a confirmation e-mail
> from them? What is the RBL name?

Here are the rules I'm using:
# URL: http://www.barracudacentral.org/rbl/
header __RCVD_IN_BRBL eval:check_rbl('brbl', 'b.barracudacentral.org')
describe __RCVD_IN_BRBL received via a relay in b.barracudacentral.org
header RCVD_IN_BRBL_RELAY eval:check_rbl_sub('brbl', '127.0.0.2')
tflags RCVD_IN_BRBL_RELAY net
describe RCVD_IN_BRBL_RELAY received via a relay rated as poor by Barracuda
score RCVD_IN_BRBL_RELAY 1.00


--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com


brose at med

Sep 22, 2008, 7:24 AM

Post #17 of 110 (888 views)
Permalink
RE: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
I had the same issue and found that the system that's relaying
(216.129.105.40) those confirmation emails doesn't have a PTR record.
You'd think someone selling a antispam/email appliance would be familiar
with the RFCs.

-----Original Message-----
From: Justin Piszcz [mailto:jpiszcz[at]lucidpixels.com]
Sent: Monday, September 22, 2008 10:15 AM
To: Daniel J McDonald
Cc: users[at]spamassassin.apache.org
Subject: Re: New free blacklist: BRBL - Barracuda Reputation Block List



On Mon, 22 Sep 2008, Daniel J McDonald wrote:



Hmm I signed up for this 1-2 days ago but never got a confirmation
e-mail
from them? What is the RBL name?

Justin.


dkoontz at mbc

Sep 22, 2008, 7:30 AM

Post #18 of 110 (887 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Justin Piszcz wrote ... (9/22/2008 10:14 AM):
> Hmm I signed up for this 1-2 days ago but never got a confirmation
> e-mail from them? What is the RBL name?
>
> Justin.
Same here. For those currently running this, how long did it take to
get confirmation email and setup?

~ Sparky ~


curtislamasters at gmail

Sep 22, 2008, 7:38 AM

Post #19 of 110 (888 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
About 10 minutes. I've had it up and running for about 30 minutes now and
I've gotten 127 hits. Pretty impressive. Now we will need to see what
fallout occurs. :)

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


martinh at solidstatelogic

Sep 22, 2008, 7:39 AM

Post #20 of 110 (885 views)
Permalink
RE: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Dave

I got mine in seconds this morning.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: Dave Koontz [mailto:dkoontz[at]mbc.edu]
> Sent: 22 September 2008 15:30
> To: Justin Piszcz
> Cc: users[at]spamassassin.apache.org
> Subject: Re: New free blacklist: BRBL - Barracuda Reputation
> Block List
>
> Justin Piszcz wrote ... (9/22/2008 10:14 AM):
> > Hmm I signed up for this 1-2 days ago but never got a confirmation
> > e-mail from them? What is the RBL name?
> >
> > Justin.
> Same here. For those currently running this, how long did it
> take to get confirmation email and setup?
>
> ~ Sparky ~
>
>




**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.

Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************


rjl at renaissoft

Sep 22, 2008, 7:45 AM

Post #21 of 110 (887 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Dave Koontz wrote:
> Justin Piszcz wrote ... (9/22/2008 10:14 AM):
>> Hmm I signed up for this 1-2 days ago but never got a confirmation
>> e-mail from them? What is the RBL name?
>>
>> Justin.
> Same here. For those currently running this, how long did it take to
> get confirmation email and setup?

I ran into that problem myself, but checking the logs I noticed that
Barracuda was sending the confirmation mail from an IP address with no
rDNS, so it was being rejected. To receive the confirmation email,
either whitelist 216.129.105.40 or disable your MTA's rDNS verification
temporarily.

As an aside, if you're using the Barracuda RBL with SpamAssassin, I
understand that it's not technically necessary to register your IPs with
them, you just need to use a slightly different RBL address. Instead of
"b.barracudacentral.org", use "bb.barracudacentral.org", which has
supposedly been reserved for SpamAssassin users.

--
Robert LeBlanc <rjl[at]renaissoft.com>
Renaissoft, Inc.
Maia Mailguard <http://www.maiamailguard.com/>


ka at pacific

Sep 22, 2008, 7:47 AM

Post #22 of 110 (886 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Rose, Bobby wrote:
> I had the same issue and found that the system that's relaying
> (216.129.105.40) those confirmation emails doesn't have a PTR record.
> You'd think someone selling a antispam/email appliance would be familiar
> with the RFCs.
>
> -----Original Message-----
> From: Justin Piszcz [mailto:jpiszcz[at]lucidpixels.com]
> Sent: Monday, September 22, 2008 10:15 AM
> To: Daniel J McDonald
> Cc: users[at]spamassassin.apache.org
> Subject: Re: New free blacklist: BRBL - Barracuda Reputation Block List
>
>
>
> On Mon, 22 Sep 2008, Daniel J McDonald wrote:
>
>
>
> Hmm I signed up for this 1-2 days ago but never got a confirmation
> e-mail
> from them? What is the RBL name?
>
> Justin.
>

It hit botnet rules here too, just now.
Ken


--
Ken Anderson
Pacific.Net


dkoontz at mbc

Sep 22, 2008, 7:50 AM

Post #23 of 110 (888 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Rose, Bobby wrote ... (9/22/2008 10:24 AM):
> I had the same issue and found that the system that's relaying
> (216.129.105.40) those confirmation emails doesn't have a PTR record.
> You'd think someone selling a antispam/email appliance would be familiar
> with the RFCs.
>
That would explain why I got no confirmation, we do not accept email
from IP's without a PTR record.

I agree, if true this looks pretty bad for a so called antispam
company. I will check our logs when I return from vacation and verify
what you are seeing. Can anyone else confirm in the mean time?


scheidell at secnap

Sep 22, 2008, 8:06 AM

Post #24 of 110 (885 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
>> The problem is in false positives - you won't get any mail with it
>
> I've had servers listed on Barracuda before, despite 17 emails to their
> support systems we never had any response, and had to change a customers
> mail architecture to compensate.
>
> Very wary of them ..
>
> Chris
>
SOUNDS LIKE MY FREE BLACKLIST: blocked.secnap.net (google for it), lists
all ipv4 addresses in the world.
(and for some reason, one of the perl maintainers used it)

--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________


mouss at netoyen

Sep 22, 2008, 8:10 AM

Post #25 of 110 (887 views)
Permalink
Re: New free blacklist: BRBL - Barracuda Reputation Block List [In reply to]
Justin Piszcz wrote:
>
> Hmm I signed up for this 1-2 days ago but never got a confirmation
> e-mail from them? What is the RBL name?
>


They send from an IP without rDNS.

Received: from barracudacentral.org (unknown [216.129.105.40])

you may have rejected or quarantined it.

First page Previous page 1 2 3 4 5 Next page Last page  View All SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.