Discussion:
Who is APEWS.ORG
(too old to reply)
Marc Perkel
2007-03-28 20:50:12 UTC
Permalink
Trying to figure out who these people are Who is APEWS.ORG? They claim
to be a blocklist provider to block spam but they are blocking spam
filtering services. They also seem to be hiding who is behind it. Who
are they? Is this some fake front for uceprotect?

Here's what they have on the /24 block that I'm part of.

Entry matching your Query: E-149815
69.50.231.0/24
------------------------------------------------------------------------
CASE: C-117
Systems running abusive Spamdefense on other systems expense. (CR, SAV
or similar crap)
------------------------------------------------------------------------
Special Reason:
Computer Tyme Hosting
754 Glenview Dr. #201
San Bruno, CA 94066
US

Administrative Contact:
Perkel, Marc ***@perkel.com
754 Glenview Dr. #201
San Bruno, CA 94066
US

Technical Contact:
Perkel, Marc ***@perkel.com
754 Glenview Dr. #201
San Bruno, CA 94066
US


for running abusive and selfish SAV from there.
------------------------------------------------------------------------
History:
Entry created 2007-03-15
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Jeremy Harris
2007-03-28 21:16:10 UTC
Permalink
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG? They claim
to be a blocklist provider to block spam but they are blocking spam
filtering services. They also seem to be hiding who is behind it. Who
are they?
Like SPEWS before them, they're staying anonymous to avoid being sued.
Post by Marc Perkel
Is this some fake front for uceprotect?
Not that I've seen any signs of.

If you don't like their service, like all DNSBLs, don't use it.

- Jeremy
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-28 21:20:26 UTC
Permalink
Post by Jeremy Harris
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG? They claim
to be a blocklist provider to block spam but they are blocking spam
filtering services. They also seem to be hiding who is behind it. Who
are they?
Like SPEWS before them, they're staying anonymous to avoid being sued.
Post by Marc Perkel
Is this some fake front for uceprotect?
Not that I've seen any signs of.
If you don't like their service, like all DNSBLs, don't use it.
- Jeremy
Seems like there is a connection. I found this on a Google search.

OK... Here is the info you need:

There is no-one here who can remove your IP addresses from *any*
block list. Coming to your specific problem, APEWS is a blacklist
set up in January 2007 by a group of German/Austrian gay-porn gang
(see below). The same people also operate the uceprotect email
block list at http://www.uceprotect.net. One of the managers is
named: Johann Steigenberger. You can email him at:
***@spamkiller.uceprotect.net .
Failing that, you can try any or all of these email addresses:

***@uceprotect.net / ***@uceprotect.de
***@uceprotect.net / ***@uceprotect.de
ich-sperr-mich-***@uceprotect.de
***@admins.ws
***@admins.ws
***@admins.ws
***@admins.ws
***@admins.ws
(admins.ws is the parent company of apews/uceprotect -
see the copyright mark at the bottom of
http://www.uceprotect.net/en/index.php)

You can phone or fax them at these numbers:

Tel: +49 1805 - 22909000
Tel: +49 9921 - 960888
Fax: +49 1805 - 22909005

Their office is located at:

Admins WS
Rodenstocksiedlung 4
Regen, Bayern 94209
Germany

Their opening hours are (Germany is GMT +2)
Mon-Thu 09:00-13:00 & 14:00-18:00
Fri: 09:00-13:00

If they tell you on the phone or by email that they have no
relation to apews, tell them that you were sent from NANAE and
to stop lying.

apews/uceprotect/admins.ws operates 2 GAY SITES at smartboys.de
and allgaychat.net/allgaychat.de (view the source to see the
hidden @admins.ws emails at the bottom of their home pages).

So, if you are gay or if you tell them that you are gay even if
you are not(!), you may find apews more helpful to your cause.

Good luck!
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Jeremy Harris
2007-03-28 21:46:53 UTC
Permalink
Post by Marc Perkel
Seems like there is a connection. I found this on a Google search.
There is no-one here who can remove your IP addresses from *any*
block list. Coming to your specific problem, APEWS is a blacklist
set up in January 2007 by a group of German/Austrian gay-porn gang
... posted by a persistent troll on Usenet, that opinion is
worth what you paid for it.

- Jeremy
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-28 21:50:18 UTC
Permalink
Post by Jeremy Harris
Post by Marc Perkel
Seems like there is a connection. I found this on a Google search.
There is no-one here who can remove your IP addresses from *any*
block list. Coming to your specific problem, APEWS is a blacklist
set up in January 2007 by a group of German/Austrian gay-porn gang
... posted by a persistent troll on Usenet, that opinion is
worth what you paid for it.
- Jeremy
hmmmm ... so the information isn't accurate then?
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Dave Lugo
2007-03-28 21:48:43 UTC
Permalink
Post by Marc Perkel
Seems like there is a connection. I found this on a Google search.
<snip k00k posting>

<http://groups.google.com/group/news.admin.net-abuse.email/browse_frm/thread/141c36ef3ebcfa51/79015495b2531e24?lnk=st&q=%22Here+is+the+info+you+need%22+apews&rnum=1#79015495b2531e24>

The poster of that is believed to be Moris Chiprut, a spammer
in England who is a few fries short of a Happy Meal (tm).
--
--------------------------------------------------------
Dave Lugo ***@etherboy.com LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Martin A. Brooks
2007-03-28 21:52:11 UTC
Permalink
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG?
I'm trying to figure out the exim-related reason you're posting this to
the exim-users list.
--
Martin A. Brooks | http://www.antibodymx.net/ | Anti-spam & anti-virus
Consultant | e: ***@antibodymx.net | filtering. Inoculate
antibodymx.net | m: +447896578023 | your mail system.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-28 22:04:55 UTC
Permalink
Post by Martin A. Brooks
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG?
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Dave Lugo
2007-03-28 22:07:43 UTC
Permalink
Post by Marc Perkel
Post by Martin A. Brooks
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG?
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
This is a sender verification issue, not an exim issue. I don't
really want to see a rehash of "sav sux/sav is great" argument,
because that issue won't be resolved here.
--
--------------------------------------------------------
Dave Lugo ***@etherboy.com LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Martin A. Brooks
2007-03-28 22:10:24 UTC
Permalink
Post by Marc Perkel
Post by Martin A. Brooks
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
So they're not listing users of any other MTA that use sender
verification? It's exim specific?
--
Martin A. Brooks | http://www.antibodymx.net/ | Anti-spam & anti-virus
Consultant | e: ***@antibodymx.net | filtering. Inoculate
antibodymx.net | m: +447896578023 | your mail system.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
W B Hacker
2007-03-28 22:23:13 UTC
Permalink
Post by Martin A. Brooks
Post by Marc Perkel
Post by Martin A. Brooks
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
So they're not listing users of any other MTA that use sender
verification? It's exim specific?
More likely 'Perkel specific'.

Has it been 28 days already since the last fishing expedition?

Time flies when you are having fun...

Bill
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Ian Eiloart
2007-03-29 10:35:57 UTC
Permalink
Post by W B Hacker
Post by Martin A. Brooks
Post by Marc Perkel
Post by Martin A. Brooks
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
So they're not listing users of any other MTA that use sender
verification? It's exim specific?
More likely 'Perkel specific'.
Actually, the only thing 'Perkel specific' here is the objections that are
being raised. Had anyone else started this thread, I don't believe those
objections would have been raised.

It's certainly not unusual to discuss the merits of implementing certain
features that Exim provides. Indeed, it's quite common for people to reply
"you should not do that" in response to a "how to question".
--
Ian Eiloart
IT Services, University of Sussex
x3148
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Peter Bowyer
2007-03-29 10:39:49 UTC
Permalink
Post by Ian Eiloart
Actually, the only thing 'Perkel specific' here is the objections that are
being raised. Had anyone else started this thread, I don't believe those
objections would have been raised.
It's certainly not unusual to discuss the merits of implementing certain
features that Exim provides. Indeed, it's quite common for people to reply
"you should not do that" in response to a "how to question".
True, but the merits or otherwise of sender callbacks are a path
well-trodden - a bit like the SPF example that Nigel quotes in the
list info on the wiki.

Peter
--
Peter Bowyer
Email: ***@bowyer.org
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Ian Eiloart
2007-03-29 11:41:04 UTC
Permalink
Post by Peter Bowyer
Post by Ian Eiloart
Actually, the only thing 'Perkel specific' here is the objections that
are being raised. Had anyone else started this thread, I don't believe
those objections would have been raised.
It's certainly not unusual to discuss the merits of implementing certain
features that Exim provides. Indeed, it's quite common for people to
reply "you should not do that" in response to a "how to question".
True, but the merits or otherwise of sender callbacks are a path
well-trodden - a bit like the SPF example that Nigel quotes in the
list info on the wiki.
Perhaps. I've not checked, but I don't recall any discussion of RBLs
listing (or claiming to list) servers *because* they do sender address
verification callouts. I'm grateful to Marc for alerting us to this. I also
think its interesting to find out something about the RBL, and the people
behind it (including what disinformation is out there).

So, I think this thread has been useful, and would have died already were
it not for the unnecessary complaints.
--
Ian Eiloart
IT Services, University of Sussex
x3148
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Peter Bowyer
2007-03-29 11:48:12 UTC
Permalink
Post by Ian Eiloart
Perhaps. I've not checked, but I don't recall any discussion of RBLs
listing (or claiming to list) servers *because* they do sender address
verification callouts. I'm grateful to Marc for alerting us to this. I also
think its interesting to find out something about the RBL, and the people
behind it (including what disinformation is out there).
As Marc mentioned, uceprotect definitely do that - he's had a spat
with them before which was discussed on this list.

http://www.uceprotect.net/en/index.php?m=10&s=13

They also think that SRS is abusive - the logic behind that escapes me.

Peter
--
Peter Bowyer
Email: ***@bowyer.org
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Mike Cardwell
2007-03-29 11:57:18 UTC
Permalink
Post by Peter Bowyer
Post by Ian Eiloart
Perhaps. I've not checked, but I don't recall any discussion of RBLs
listing (or claiming to list) servers *because* they do sender address
verification callouts. I'm grateful to Marc for alerting us to this. I also
think its interesting to find out something about the RBL, and the people
behind it (including what disinformation is out there).
As Marc mentioned, uceprotect definitely do that - he's had a spat
with them before which was discussed on this list.
http://www.uceprotect.net/en/index.php?m=10&s=13
They also think that SRS is abusive - the logic behind that escapes me.
server:~# host yahoo.com.l1.apews.rhsbl.uceprotect.net
yahoo.com.l1.apews.rhsbl.uceprotect.net has address 127.0.0.2
server:~# host yahoo.co.uk.l1.apews.rhsbl.uceprotect.net
yahoo.co.uk.l1.apews.rhsbl.uceprotect.net has address 127.0.0.2
server:~#

The fact that APEWS list Yahoo is reason enough for me to not take
them seriously. Personally I wouldn't care if they listed my domains or
IP addresses.

Mike
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
David Chait
2007-03-29 14:26:02 UTC
Permalink
server:~# host yahoo.com.l1.apews.rhsbl.uceprotect.net
Post by Mike Cardwell
yahoo.com.l1.apews.rhsbl.uceprotect.net has address 127.0.0.2
server:~# host yahoo.co.uk.l1.apews.rhsbl.uceprotect.net
yahoo.co.uk.l1.apews.rhsbl.uceprotect.net has address 127.0.0.2
server:~#
The fact that APEWS list Yahoo is reason enough for me to not take
them seriously. Personally I wouldn't care if they listed my domains or
IP addresses.
Mike
I tend to agree, the real power behind a blocklist is the size and
composition of it's user base, no corporation in it's right mind would
implement such a restrictive filter as it would catch a lot of
legitimate mail. Who really cares if a few zealots with whom you have no
contact have you blocked? I certainly wouldn't.

-David
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-29 14:38:38 UTC
Permalink
Post by Peter Bowyer
Post by Ian Eiloart
Perhaps. I've not checked, but I don't recall any discussion of RBLs
listing (or claiming to list) servers *because* they do sender address
verification callouts. I'm grateful to Marc for alerting us to this. I also
think its interesting to find out something about the RBL, and the people
behind it (including what disinformation is out there).
As Marc mentioned, uceprotect definitely do that - he's had a spat
with them before which was discussed on this list.
http://www.uceprotect.net/en/index.php?m=10&s=13
They also think that SRS is abusive - the logic behind that escapes me.
Peter
I'm no fan of SRS but I certainly don't consider it abusive. What I
consider to be busive is adding people to spam block lists who are
actually in the spam filtering business.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-29 14:52:17 UTC
Permalink
Post by Peter Bowyer
Post by Ian Eiloart
Perhaps. I've not checked, but I don't recall any discussion of RBLs
listing (or claiming to list) servers *because* they do sender address
verification callouts. I'm grateful to Marc for alerting us to this. I also
think its interesting to find out something about the RBL, and the people
behind it (including what disinformation is out there).
As Marc mentioned, uceprotect definitely do that - he's had a spat
with them before which was discussed on this list.
http://www.uceprotect.net/en/index.php?m=10&s=13
They also think that SRS is abusive - the logic behind that escapes me.
Peter
Also - UCEPROTECT wants 50 euros per IP to remove you from their lists
so it looks like they are in the business of shaking people down for cash.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Renaud Allard
2007-03-29 16:59:54 UTC
Permalink
Post by Marc Perkel
Also - UCEPROTECT wants 50 euros per IP to remove you from their lists
so it looks like they are in the business of shaking people down for cash.
It has already been discussed in this list that UCEprotect is more an
extortion firm than something useful. They listed some servers I manage
some time ago and I know these servers never sent any spam. I used to
use uceprotect, now I removed it from every server I manage.

I think RBLs are only useful when they list spammers, not when they are
listing random servers just for the sake of having more hosts in their
blacklists like some like to do.
Paul Johnson
2007-04-09 14:16:01 UTC
Permalink
Post by Marc Perkel
Also - UCEPROTECT wants 50 euros per IP to remove you from their lists
so it looks like they are in the business of shaking people down for cash.
The shakedown factor is also present in SPEWS. I wonder if APEWS will crash
and burn similarly from it.
--
Paul Johnson
Email and IM (XMPP & Google Talk): ***@ursine.ca
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-04-09 21:59:50 UTC
Permalink
Post by Paul Johnson
Post by Marc Perkel
Also - UCEPROTECT wants 50 euros per IP to remove you from their lists
so it looks like they are in the business of shaking people down for cash.
The shakedown factor is also present in SPEWS. I wonder if APEWS will crash
and burn similarly from it.
I wish sites like DNSstuff would stop publishing their list so as to
discourage them. When people knowingly list spam filtering services as
spammers then that are helping the spammers.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Sherman
2007-04-09 23:45:21 UTC
Permalink
Post by Marc Perkel
I wish sites like DNSstuff would stop publishing their list so as to
discourage them. When people knowingly list spam filtering services as
spammers then that are helping the spammers.
That would be a huge disservice to the rest of us who need to know when
our domains are listed, on even the most Blarsy of blacklists.

- Marc
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-29 14:35:26 UTC
Permalink
Post by Ian Eiloart
Post by Peter Bowyer
Post by Ian Eiloart
Actually, the only thing 'Perkel specific' here is the objections that
are being raised. Had anyone else started this thread, I don't believe
those objections would have been raised.
It's certainly not unusual to discuss the merits of implementing certain
features that Exim provides. Indeed, it's quite common for people to
reply "you should not do that" in response to a "how to question".
True, but the merits or otherwise of sender callbacks are a path
well-trodden - a bit like the SPF example that Nigel quotes in the
list info on the wiki.
Perhaps. I've not checked, but I don't recall any discussion of RBLs
listing (or claiming to list) servers *because* they do sender address
verification callouts. I'm grateful to Marc for alerting us to this. I also
think its interesting to find out something about the RBL, and the people
behind it (including what disinformation is out there).
So, I think this thread has been useful, and would have died already were
it not for the unnecessary complaints.
The two lists I mention UCEPROTECT and APEWS block people who do sender
verification callouts. And they have manually added me to the list
because I'm standing up to them about it. If you search google you'll
find that they started blocking Verizon for the same thing.

The reason I know that they manually entered my data into their system
is that they list specific IP addresses of mine that I used for dummy MX
records that they claim to have received activity from when I know that
there has never been a computer on those IP addresses. That why I'm
trying to hunt these people down and expose them. I'm pretty sure at
this point that APEWS is just a front for UCEPROTECT allowing them to do
more mischevious stuff than they would do under their company name.

Here is the policy of UCEPROTECT

*What we consider abusive too!*

Spamming is not the only thing that can get your IP address or netblock
on UCEPROTECT-Lists.

Actually following techniques are considered abusive too, even if some
seem to become or are very popular;
SRS (Sender Rewriting Scheme)
<http://www.uceprotect.net/en/index.php?m=10&s=12>, Sender callouts
(Verifys) <http://www.uceprotect.net/en/index.php?m=10&s=13>, Virus
reports <http://www.uceprotect.net/en/index.php?m=10&s=14>, Backscatter
<http://www.uceprotect.net/en/index.php?m=10&s=15>.
.
Simply use common sense before using any new technique. If a technique
or procedure is capable of causing your computer system to be part of a
DDOS against others, you would be better not use it.
*Please read the submenus to get an idea what you should prevent to do.
*

The thing is with Exim sender verify is extremely light and it works
really well when done correctly. And Exim - thanks Phil - does it
correctly, and then some. I welcome sender verification calls myself
because it keeps spammers from wanting to use domains that I host as
fake from addresses which greatly reduces the load on my servers. Sender
Address verifiction works.

So - when someone is adding people to spam block lists like me and
Verizon because we use SAV then that's an issue that is worth discussing.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
David Saez, Padros
2007-03-29 14:46:15 UTC
Permalink
Hi !!
Post by Marc Perkel
The reason I know that they manually entered my data into their system
is that they list specific IP addresses of mine that I used for dummy MX
records that they claim to have received activity from when I know that
there has never been a computer on those IP addresses. That why I'm
trying to hunt these people down and expose them. I'm pretty sure at
this point that APEWS is just a front for UCEPROTECT allowing them to do
more mischevious stuff than they would do under their company name.
I also had (or actually maybe still have) an ip address listed here
because they received some spam from another ip on the same C class
(they blacklisted a whole Rackspace C class). This RBL is so unuseful
that being listed on it is not something someone has to worry about.
--
Best regards ...

----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail ***@ols.es
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-29 15:06:39 UTC
Permalink
Post by David Saez, Padros
Hi !!
Post by Marc Perkel
The reason I know that they manually entered my data into their
system is that they list specific IP addresses of mine that I used
for dummy MX records that they claim to have received activity from
when I know that there has never been a computer on those IP
addresses. That why I'm trying to hunt these people down and expose
them. I'm pretty sure at this point that APEWS is just a front for
UCEPROTECT allowing them to do more mischevious stuff than they would
do under their company name.
I also had (or actually maybe still have) an ip address listed here
because they received some spam from another ip on the same C class
(they blacklisted a whole Rackspace C class). This RBL is so unuseful
that being listed on it is not something someone has to worry about.
We know it's not useful but there are a lot of admins out there who
don't know it and will end up blocking our servers because their
blacklist is listed on places like DNSstuff along with all the
legitimate lists.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Ian Eiloart
2007-03-30 12:16:48 UTC
Permalink
Post by Marc Perkel
We know it's not useful but there are a lot of admins out there who
don't know it and will end up blocking our servers because their
blacklist is listed on places like DNSstuff along with all the
legitimate lists.
And that's a pain in the butt, because it makes work for us. For example,
some of my users (university staff) were unable to contact the schools that
their children attend. It took work for me to persuade the remote admins to
stop using a particular RBL.

It's also a frequently asked question here: "which RBLs should I use?"

Is there a central, trusted resource for evaluating RBLs? Would a page on
the wiki be useful? I'd like something authoritative that I can point
remote admins to.
--
Ian Eiloart
IT Services, University of Sussex
x3148
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Vladimir Koshelenko
2007-03-30 12:38:13 UTC
Permalink
Здравствуйте.
Post by Ian Eiloart
Post by Marc Perkel
We know it's not useful but there are a lot of admins out there who
don't know it and will end up blocking our servers because their
blacklist is listed on places like DNSstuff along with all the
legitimate lists.
And that's a pain in the butt, because it makes work for us. For example,
some of my users (university staff) were unable to contact the schools that
their children attend. It took work for me to persuade the remote admins to
stop using a particular RBL.
It's also a frequently asked question here: "which RBLs should I use?"
Is there a central, trusted resource for evaluating RBLs? Would a page on
the wiki be useful? I'd like something authoritative that I can point
remote admins to.
Personally, I use zen.spamhaus.org
You can use *any* RBL - just do not block mail, if you do not want to lost
mail. Try to impose delay 20s after every SMTP command if sender sits in RBL.
Most spammers will not deal with such slow server.

Example:

acl_check_connect:

warn
dnslists = zen.spamhaus.org
set acl_c_delay = true
...
...
accept
set acl_c_wait = ${if def:acl_c_delay {20}{0}}
delay = ${acl_c_wait}s


and in every ACL add this instead plain accept:

accept
set acl_c_wait = ${if def:acl_c_delay {20}{0}}
delay = ${acl_c_wait}s
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http:
Cronfy
2007-03-30 13:07:49 UTC
Permalink
Hello.
Post by Vladimir Koshelenko
Personally, I use zen.spamhaus.org
You can use *any* RBL - just do not block mail, if you do not want to lost
mail. Try to impose delay 20s after every SMTP command if sender sits in RBL.
Most spammers will not deal with such slow server.
Delay makes your simultaneous connections number grow because time you spend
for serving a connection becomes greater with delays. Defer would work better
here - it does not require to hold a connection but reduces spammer's sending
speed. Just add hosts you want to delay connection with to your greylist and
do not let them send more than 1 message per 2 or 5 minutes.
--
Cronfy.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-30 14:13:35 UTC
Permalink
Post by Vladimir Koshelenko
Здравствуйте.
Post by Ian Eiloart
Post by Marc Perkel
We know it's not useful but there are a lot of admins out there who
don't know it and will end up blocking our servers because their
blacklist is listed on places like DNSstuff along with all the
legitimate lists.
And that's a pain in the butt, because it makes work for us. For example,
some of my users (university staff) were unable to contact the schools that
their children attend. It took work for me to persuade the remote admins to
stop using a particular RBL.
It's also a frequently asked question here: "which RBLs should I use?"
Is there a central, trusted resource for evaluating RBLs? Would a page on
the wiki be useful? I'd like something authoritative that I can point
remote admins to.
Personally, I use zen.spamhaus.org
You can use *any* RBL - just do not block mail, if you do not want to lost
mail. Try to impose delay 20s after every SMTP command if sender sits in RBL.
Most spammers will not deal with such slow server.
warn
dnslists = zen.spamhaus.org
set acl_c_delay = true
...
...
accept
set acl_c_wait = ${if def:acl_c_delay {20}{0}}
delay = ${acl_c_wait}s
accept
set acl_c_wait = ${if def:acl_c_delay {20}{0}}
delay = ${acl_c_wait}s
I have several levels of MX records. I bounce email listed with
Spamhause. But for other RBLs I do a defer on the lowest MX but accept
them on the next level up. If they retry then they get in.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwik
Wakko Warner
2007-03-30 16:27:42 UTC
Permalink
Post by Vladimir Koshelenko
You can use *any* RBL - just do not block mail, if you do not want to lost
mail. Try to impose delay 20s after every SMTP command if sender sits in RBL.
Most spammers will not deal with such slow server.
warn
dnslists = zen.spamhaus.org
set acl_c_delay = true
...
...
accept
set acl_c_wait = ${if def:acl_c_delay {20}{0}}
delay = ${acl_c_wait}s
accept
set acl_c_wait = ${if def:acl_c_delay {20}{0}}
delay = ${acl_c_wait}s
I already experiemented with this. Some servers will not wait more than so
much time (1-2 minutes) for the entire smtp transaction or atleast until the
data phase. It came as no surprise that hotmail was one of those. You may
wish to apply the delay to the first RCPT and not the rest.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Dean Brooks
2007-03-29 15:02:36 UTC
Permalink
Post by Marc Perkel
The thing is with Exim sender verify is extremely light and it works
really well when done correctly. And Exim - thanks Phil - does it
correctly, and then some. I welcome sender verification calls myself
because it keeps spammers from wanting to use domains that I host as
fake from addresses which greatly reduces the load on my servers. Sender
Address verifiction works.
Not everyone in the world thinks SAV on public-facing interfaces is a
good idea, myself included. Just because you think it's a good idea
doesn't mean everyone agrees with you.

Now, please, this exact same issue was beat to death a couple of months
ago. I see no reason to go through the same issue all over again.

--
Dean Brooks
***@iglou.com
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-29 15:08:58 UTC
Permalink
Post by Dean Brooks
Post by Marc Perkel
The thing is with Exim sender verify is extremely light and it works
really well when done correctly. And Exim - thanks Phil - does it
correctly, and then some. I welcome sender verification calls myself
because it keeps spammers from wanting to use domains that I host as
fake from addresses which greatly reduces the load on my servers. Sender
Address verifiction works.
Not everyone in the world thinks SAV on public-facing interfaces is a
good idea, myself included. Just because you think it's a good idea
doesn't mean everyone agrees with you.
Now, please, this exact same issue was beat to death a couple of months
ago. I see no reason to go through the same issue all over again.
The issus isn't if SAV is a good idea or not. The issue is about lists
that claim to be spam blacklists listing non spammers who use SAV. If
you don't like SAV then don't use it. But I choose to use it.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Dean Brooks
2007-03-29 15:20:56 UTC
Permalink
Post by Marc Perkel
The issus isn't if SAV is a good idea or not. The issue is about lists
that claim to be spam blacklists listing non spammers who use SAV. If
you don't like SAV then don't use it. But I choose to use it.
Which is an issue not related in any way to Exim. Please take this
off of this list.

--
Dean Brooks
***@iglou.com
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Ian Eiloart
2007-03-30 12:17:38 UTC
Permalink
Post by Dean Brooks
Post by Marc Perkel
The issus isn't if SAV is a good idea or not. The issue is about lists
that claim to be spam blacklists listing non spammers who use SAV. If
you don't like SAV then don't use it. But I choose to use it.
Which is an issue not related in any way to Exim. Please take this
off of this list.
Of course it is related to Exim. It just isn't specific to Exim.
--
Ian Eiloart
IT Services, University of Sussex
x3148
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
W B Hacker
2007-03-29 15:15:22 UTC
Permalink
Post by Marc Perkel
Post by Ian Eiloart
Post by Peter Bowyer
Post by Ian Eiloart
Actually, the only thing 'Perkel specific' here is the objections that
are being raised. Had anyone else started this thread, I don't believe
those objections would have been raised.
It's certainly not unusual to discuss the merits of implementing certain
features that Exim provides. Indeed, it's quite common for people to
reply "you should not do that" in response to a "how to question".
True, but the merits or otherwise of sender callbacks are a path
well-trodden - a bit like the SPF example that Nigel quotes in the
list info on the wiki.
Perhaps. I've not checked, but I don't recall any discussion of RBLs
listing (or claiming to list) servers *because* they do sender address
verification callouts. I'm grateful to Marc for alerting us to this. I also
think its interesting to find out something about the RBL, and the people
behind it (including what disinformation is out there).
So, I think this thread has been useful, and would have died already were
it not for the unnecessary complaints.
The two lists I mention UCEPROTECT and APEWS block people who do sender
verification callouts. And they have manually added me to the list
because I'm standing up to them about it. If you search google you'll
find that they started blocking Verizon for the same thing.
The reason I know that they manually entered my data into their system
is that they list specific IP addresses of mine that I used for dummy MX
records that they claim to have received activity from when I know that
there has never been a computer on those IP addresses. That why I'm
trying to hunt these people down and expose them. I'm pretty sure at
this point that APEWS is just a front for UCEPROTECT allowing them to do
more mischevious stuff than they would do under their company name.
Here is the policy of UCEPROTECT
*trimmed* (policy quoted, opinions on Exim & SAV effectiveness)
Post by Marc Perkel
So - when someone is adding people to spam block lists like me and
Verizon because we use SAV then that's an issue that is worth discussing.
Or at least passing an alert with - most useful - their having added
equipment-less IP's, a sure sign of something not being honest in their realm.

Fair enoug, I can only wish that you had been as clear and informative in your
*first* post...

That said.. ISTM that the very act of blocking some of the largest providers on
Planet Earth (and, yes, the Yahoos. and Verizons, and Comcasts et al are
sometimes *very* rudely behaved!) will reduce the likelihood of such an RBL
gaining wide acceptance and use.

I am more concerned with the claim on their site that SORBS is including them,
as that makes it potentially harder to use THAT list.

Bill
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Mike Cardwell
2007-03-29 15:23:59 UTC
Permalink
* on the Thu, Mar 29, 2007 at 11:15:22PM +0800, W B Hacker wrote:

<snip stuff>
Post by W B Hacker
Post by Marc Perkel
Here is the policy of UCEPROTECT
*trimmed* (policy quoted, opinions on Exim & SAV effectiveness)
http://groups.google.com/group/news.admin.net-abuse.email/browse_thread/thread/3df8f5dc19a53a3c

That's all there is to say about uceprotect. I don't think I need to
comment further.

<snip stuff>
Post by W B Hacker
I am more concerned with the claim on their site that SORBS is including them,
as that makes it potentially harder to use THAT list.
Sorbs mirror their data in a separate list that is not included in any
of the other sorbs lists:

server:~# host yahoo.com.l1.apews.rhsbl.sorbs.net
yahoo.com.l1.apews.rhsbl.sorbs.net has address 127.0.0.2

In the same way that uceprotect do. Why they would associate themselves
with apews I'm not sure.

Mike
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Chris Edwards
2007-03-29 21:58:42 UTC
Permalink
On Thu, 29 Mar 2007, Marc Perkel wrote:

| If you search google you'll find that they started blocking Verizon for
| the same thing.

[snip]

| So - when someone is adding people to spam block lists like me and
| Verizon because we use SAV then that's an issue that is worth discussing.

For info, it appears verizon stopped their sender callouts a couple of
weeks ago. According to our logs, the attempts stopped on 2007-03-15.

Regards.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-29 22:05:27 UTC
Permalink
Post by Chris Edwards
| If you search google you'll find that they started blocking Verizon for
| the same thing.
[snip]
| So - when someone is adding people to spam block lists like me and
| Verizon because we use SAV then that's an issue that is worth discussing.
For info, it appears verizon stopped their sender callouts a couple of
weeks ago. According to our logs, the attempts stopped on 2007-03-15.
Regards.
It would seem then that APEWS and UCEPROTECT won a victory for the spammers.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Walt Reed
2007-03-30 00:19:42 UTC
Permalink
Post by Chris Edwards
| If you search google you'll find that they started blocking Verizon for
| the same thing.
[snip]
| So - when someone is adding people to spam block lists like me and
| Verizon because we use SAV then that's an issue that is worth discussing.
For info, it appears verizon stopped their sender callouts a couple of
weeks ago. According to our logs, the attempts stopped on 2007-03-15.
That's a good thing. Their specific implementation did not work well,
and caused a lot of failures and needless delays for legitimate
correctly working mail. We have a few newsletters with 100K+
subscribers, and verizon had the worst delivery time and success rate of
all the major US ISP's back when I was tracking it last year.

The mantra was "use Verizon for access, but use someone else for mail."
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-30 00:28:55 UTC
Permalink
Post by Walt Reed
Post by Chris Edwards
| If you search google you'll find that they started blocking Verizon for
| the same thing.
[snip]
| So - when someone is adding people to spam block lists like me and
| Verizon because we use SAV then that's an issue that is worth discussing.
For info, it appears verizon stopped their sender callouts a couple of
weeks ago. According to our logs, the attempts stopped on 2007-03-15.
That's a good thing. Their specific implementation did not work well,
and caused a lot of failures and needless delays for legitimate
correctly working mail. We have a few newsletters with 100K+
subscribers, and verizon had the worst delivery time and success rate of
all the major US ISP's back when I was tracking it last year.
The mantra was "use Verizon for access, but use someone else for mail."
I see your point. Getting SAV right is tricky. Can't imagine doing it
without Exim.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-03-28 22:25:51 UTC
Permalink
Post by Martin A. Brooks
Post by Marc Perkel
Post by Martin A. Brooks
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists
uceprotect and apews are listing Exim servers that use sender
verification.
So they're not listing users of any other MTA that use sender
verification? It's exim specific?
I consider Exim the leader in sender verification technology. Wasn't
sender verification invented here?
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Martin A. Brooks
2007-03-28 22:54:38 UTC
Permalink
Post by Marc Perkel
Post by Martin A. Brooks
So they're not listing users of any other MTA that use sender
verification? It's exim specific?
I consider Exim the leader in sender verification technology. Wasn't
sender verification invented here?
I asked two questions, do you have an answer to either of them?
--
Martin A. Brooks | http://www.antibodymx.net/ | Anti-spam & anti-virus
Consultant | e: ***@antibodymx.net | filtering. Inoculate
antibodymx.net | m: +447896578023 | your mail system.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Renaud Allard
2007-03-28 22:33:04 UTC
Permalink
Post by Marc Perkel
Post by Martin A. Brooks
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG?
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
They don't seem to block any of my servers using sender verification.

Maybe they block you because you are spamming this list frequently :D

Jokes apart, how do you know for sure they are blocking you for use of
sender verification? They are listing you because of "Systems running
abusive Spamdefense on other systems expense. (CR, SAV
or similar crap)". That may mean many different things. Maybe some of
your clients using you as their smarthost have some crap bouncing antivirus.
Marc Perkel
2007-03-28 22:38:29 UTC
Permalink
Post by Renaud Allard
Post by Marc Perkel
Post by Martin A. Brooks
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG?
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
They don't seem to block any of my servers using sender verification.
Maybe they block you because you are spamming this list frequently :D
Jokes apart, how do you know for sure they are blocking you for use of
sender verification? They are listing you because of "Systems running
abusive Spamdefense on other systems expense. (CR, SAV
or similar crap)". That may mean many different things. Maybe some of
your clients using you as their smarthost have some crap bouncing antivirus.
SAV mean Sender Address Verification.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Renaud Allard
2007-03-28 22:49:03 UTC
Permalink
Post by Marc Perkel
Post by Renaud Allard
Post by Marc Perkel
Post by Martin A. Brooks
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG?
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
They don't seem to block any of my servers using sender verification.
Maybe they block you because you are spamming this list frequently :D
Jokes apart, how do you know for sure they are blocking you for use of
sender verification? They are listing you because of "Systems running
abusive Spamdefense on other systems expense. (CR, SAV
or similar crap)". That may mean many different things. Maybe some of
your clients using you as their smarthost have some crap bouncing antivirus.
SAV mean Sender Address Verification.
Indeed, but that still does not prove they are blacklisting you for this
specific reason. Unless of course you've got a mail from them telling
you so.

Anyway, people blocking use of SAV are quite stupid. CR should really be
seen as spam as it sends real content to innocent people. SAV does not,
it just uses a little bit of your bandwidth to protect domains you own
from trivial spoofing. Yes, I know about mass joe jobs, but that's
something you have to be prepared for if you own a domain name and have
some care for it.
James Price
2007-03-28 23:06:14 UTC
Permalink
Just my 2 cents...

A server's use of a RBL is strictly voluntary, the people blocking your
server's mail seem to have configured the use of apews.org, so rather than
ask the exim-users list why you're listed, follow the apews.org delisting
procedures, or ask the receiving party why they're 1. Using apews.org for
rbl and/or 2. Ask them to white list your server or domain.

Please reference: http://www.apews.org/?page=why
Not exim-users

Excerpt from that page:
"However you found us, bear in mind that if any network has rejected your
email or other connections based on the APEWS list, it has deliberately
chosen to do so."

"We do not control the network traffic on anyone else's servers; therefore,
we are not the ones rejecting your email, the mailserver you attempted to
send email to generated the bounce."

Here here!

Again, not that I have a personal opinion on the practice of using RBL's,
which ones are better and which ones are bogus, but I hardly think a mailing
list for a popular MTA is the place to discuss the politics of a particular
RBL or their use in general. It's a choice of the mail server admin based
upon their particular network's policy.

Thanks,
James

-----Original Message-----
From: exim-users-***@exim.org [mailto:exim-users-***@exim.org] On
Behalf Of Marc Perkel
Sent: Wednesday, March 28, 2007 5:38 PM
To: exim users
Subject: Re: [exim] Who is APEWS.ORG
Post by Renaud Allard
Post by Marc Perkel
Post by Martin A. Brooks
Post by Marc Perkel
Trying to figure out who these people are Who is APEWS.ORG?
I'm trying to figure out the exim-related reason you're posting this
to the exim-users list.
The reason it's Exim related is because these two blacklists uceprotect
and apews are listing Exim servers that use sender verification.
They don't seem to block any of my servers using sender verification.
Maybe they block you because you are spamming this list frequently :D
Jokes apart, how do you know for sure they are blocking you for use of
sender verification? They are listing you because of "Systems running
abusive Spamdefense on other systems expense. (CR, SAV
or similar crap)". That may mean many different things. Maybe some of
your clients using you as their smarthost have some crap bouncing antivirus.
SAV mean Sender Address Verification.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Continue reading on narkive:
Loading...