Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

Good reasons to dont use RBLs

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


luis.daniel.lucio at gmail

Nov 12, 2009, 7:41 PM

Post #1 of 12 (765 views)
Permalink
Good reasons to dont use RBLs
Hi all,

Again me, Well, in the security scope i use a principle that states that you
souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7
problem that is used to fixed with a Layer 3 solution (RBL).

I'd like a brainstorm to convince that a RBL solution is not the best stoping
SPAM, and we should look for L7 solution such as Bayes.

TIA

LD


kremels at kreme

Nov 12, 2009, 7:50 PM

Post #2 of 12 (738 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
On 12-Nov-2009, at 20:41, Luis Daniel Lucio Quiroz wrote:
> I'd like a brainstorm to convince that a RBL solution is not the best stoping
> SPAM, and we should look for L7 solution such as Bayes.

I reject the notion that spam is a L7 problem.


--
Ninety percent of true love is acute, ear-burning embarrassment. --Wyrd Sisters


wtogami at redhat

Nov 12, 2009, 8:37 PM

Post #3 of 12 (731 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
On 11/12/2009 10:50 PM, LuKreme wrote:
> On 12-Nov-2009, at 20:41, Luis Daniel Lucio Quiroz wrote:
>> I'd like a brainstorm to convince that a RBL solution is not the best stoping
>> SPAM, and we should look for L7 solution such as Bayes.
>
> I reject the notion that spam is a L7 problem.
>

It is more of a L8 problem... money.

Warren


Dan.McDonald at austinenergy

Nov 12, 2009, 8:55 PM

Post #4 of 12 (730 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
On 11/12/09 9:42 PM ,
luis.daniel.lucio [at] gmail wrote:
>Again me, Well, in the security scope i use a principle that states that you
souldnt use a lower layer solution to fix a >higher one. So SPAM is a Layer 7
>problem that is used to fixed with a Layer 3 solution (RBL).

So, worms like conficker are layer 7 applications. Should we not apply a layer 4 access control (stopping port 445 at the AS border) to help mittigate the spread of it?
--
Daniel J McDonald, CCIE #2495, CISSP #78281


kremels at kreme

Nov 12, 2009, 11:29 PM

Post #5 of 12 (729 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
On 12-Nov-2009, at 21:55, McDonald, Dan wrote:
> On 11/12/09 9:42 PM ,
> luis.daniel.lucio [at] gmail wrote:
>> Again me, Well, in the security scope i use a principle that states that you
> souldnt use a lower layer solution to fix a >higher one. So SPAM is a Layer 7
>> problem that is used to fixed with a Layer 3 solution (RBL).
>
> So, worms like conficker are layer 7 applications. Should we not apply a layer 4 access control (stopping port 445 at the AS border) to help mittigate the spread of it?

RBLs are a L3 solution to an L3 problem (I don't want THAT server talking to my server).

It's L3 all the way.

L4 applies after the connection has been established (which is why it's called the Transport Layer)

--
I WILL NOT DEFAME NEW ORLEANS
Bart chalkboard Ep. 9F01


me at junc

Nov 13, 2009, 1:26 AM

Post #6 of 12 (722 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
On fre 13 nov 2009 04:41:36 CET, Luis Daniel Lucio Quiroz wrote
> I'd like a brainstorm to convince that a RBL solution is not the best stoping
> SPAM, and we should look for L7 solution such as Bayes.

and ip's is not part of bayes db ...

--
xpoint


raymond at prolocation

Nov 13, 2009, 2:16 AM

Post #7 of 12 (722 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
Hi!

> Again me, Well, in the security scope i use a principle that states that you
> souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7
> problem that is used to fixed with a Layer 3 solution (RBL).
>
> I'd like a brainstorm to convince that a RBL solution is not the best stoping
> SPAM, and we should look for L7 solution such as Bayes.

Try this on a multi million user system and come back again :) You are
most likely right but that wont fix your problem. If you think the way
you do please redesign the mailsystem. Its a application issue, so with
it there. Bayes is also not a solution, its preventing things afterwards.
Fix it with the source, e-mail isnt designed for what its beeing used for
today....

You can brainstorm, but it wont scale.

Bye,
Raymond.


raymond at prolocation

Nov 13, 2009, 2:17 AM

Post #8 of 12 (721 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
Hi!

>> I reject the notion that spam is a L7 problem.

> It is more of a L8 problem... money.
>
> Warren

Or L9, users. In the end :)

Bye,
Raymond.


marc at perkel

Nov 13, 2009, 11:17 PM

Post #9 of 12 (686 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
Luis Daniel Lucio Quiroz wrote:
> Hi all,
>
> Again me, Well, in the security scope i use a principle that states that you
> souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7
> problem that is used to fixed with a Layer 3 solution (RBL).
>
> I'd like a brainstorm to convince that a RBL solution is not the best stoping
> SPAM, and we should look for L7 solution such as Bayes.
>
> TIA
>
> LD
>
>

I use RBLs because they work. If something actually works I use it.


mouss at ml

Nov 15, 2009, 1:05 AM

Post #10 of 12 (666 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
Luis Daniel Lucio Quiroz a écrit :
> Hi all,
>
> Again me, Well, in the security scope i use a principle that states that you
> souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7
> problem that is used to fixed with a Layer 3 solution (RBL).
>
> I'd like a brainstorm to convince that a RBL solution is not the best stoping
> SPAM, and we should look for L7 solution such as Bayes.
>


If someone tries to guess a working login:pass on your server and does
this a thousand times in a short period, you will still let him continue
because passwords are L7 and the IP address is at L3?

if you want talking about principles, then "defence in depth" suggests
using all your levels to block attacks.

In short, segment your zones, your diagrams, your reports, but do not
segment your defences. When you hear "divide and conquer", divide the
problem, not your army. you still want to coordinate your defences so as
to increase their efficiency.

Besides, spam is at Layer PI (3.1415....) ;-p


aep at exys

Nov 15, 2009, 12:36 PM

Post #11 of 12 (659 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
Luis Daniel Lucio Quiroz wrote:
> Hi all,
>
> Again me, Well, in the security scope i use a principle that states that you
> souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7
> problem that is used to fixed with a Layer 3 solution (RBL).
>
> I'd like a brainstorm to convince that a RBL solution is not the best stoping
> SPAM, and we should look for L7 solution such as Bayes.
>

SA has no effect on L3

--
Arvid
Asgaard Technologies


bernd at firmix

Nov 16, 2009, 2:51 AM

Post #12 of 12 (639 views)
Permalink
Re: Good reasons to dont use RBLs [In reply to]
Hi!

On Thu, 2009-11-12 at 21:41 -0600, Luis Daniel Lucio Quiroz wrote:
[...]
> Again me, Well, in the security scope i use a principle that states that you
> souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7
> problem that is used to fixed with a Layer 3 solution (RBL).
You are mistaken that RBLS *solve* the spam problem.
It's just one tool - and there others too like filtering
viruses/trojans, filtering at SMTP level (based on Mail-From: and
Rcpt-To:) and/or grepping for certain words in the contents (and the
list doesn't claim to be complete - or even extensive).

> I'd like a brainstorm to convince that a RBL solution is not the best stoping
RBLs as such can be a solution to stop the average botnet (because you
plain simply do not accept connections from host with a > 95% spam
history).
OF course, it's *Your* layer > 7 decision if and which RBL to use and/or
run your own (based on whatever data, e.g. on the results of your Bayes
filter?!).

> SPAM, and we should look for L7 solution such as Bayes.
Bayes is only statistics - nothing else. I don't know on which layer
that lives in the OSI world.
And Bayes has other issues, e.g.
- how to handle false positives and false negatives and/or
- CPU and I/O performance f you have a real big mail server/cluster
and/or
- what to do if you have a mailserver on each continent (with
appropriate MX records for global high-abailability). How do I merge
several Bayes-DBs?
And of course combinations thereof.

So please don't claim that RBLS are "the solution to spam" (or that such
"a solution to spam" even exists[0]) and do not talk people out from
using one or the other tool to fight spam.

Bernd

[0]: IMHO there is one solution: Make email expensive enough that it
doesn't pay off for the spammers. But - looking at my snail mailbox
- spam won't go away or even get small enough to be acceptable. So
the result will be just people won't use email because it's too
expensive.
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.