At 21:16 2004-08-15 +0200, Raymond Dijkxhoorn wrote:
Pardon me ? Sorry, thats bull. DSBL only lists if a message gets confirmed Could you please subscribe how the above scenario would happen? Are you sure you are talking about DSBL? Not some other list? Please check the way how DSBL lists messages, its not like people add blocks manually or something. Its all done with a confirmation round. I really think you are mistaken and mean another RBL...
Nope, I mean dsbl single hop.
The only way a ISP mailserver gets added if its running a open proxy itself.
DSBL doesn't just list open proxies. It also lists open and unsecure relays, as well as anything else that can be made to send certain messages to a certain address... Many ISP mail servers *are* open relays - for their customers. Many ISPs don't require that their customers authenticate to relay (which is bad, but still common...). As long as your client IP is inside the ISP customer range, you are allowed to relay. Viruses installing proxies that relay through the default outgoing mail server rather than direct to MX is one potential for false positives in dsbl. As is dsbl "trusted users" making mistakes...
Do you have examples of this ? I closely watch the admin and announce list of DSBL, i cannot recally anything like you are saying. You must be confused?
Nope, I'm not confused. I've had to whitelist outgoing mail servers of major major Swedish ISPs after they got listed on dsbl. Those servers where not open proxies or globally open relays.
Unless you believe that the dsbl "trusted users" can be 100% trusted to not make mistakes, or that there are no computers infected with viruses that install proxies configured to relay throgh the default outgoing mail server rather than direct to MX, or any other unforseen new issue, there is a risk of FPs in dsbl.
While the DSBL FAQ is correct in this being "very unlikely", it still happens. As some Googling will show. The dsbl process is not fool-proof.
I'm not bringing this up as a general critique of dsbl. I like dsbl and I still use it, but no longer for blocking directly at the MTA level, and only after first whitelisting local ISPs that don't act as quickly on getting listed in dsbl as they should.
Patrik