The SURBL community, including developers, users, fans and all
would like to thank the people and networks who have volunteered
to carry our SURBL zones on their public name servers. In no
particular order, they are:
Kelsey Cummings and sonic.net
Raymond Dijkxhoorn and tudelft.nl
Bill Stearns and pa.net
Erik O'Connor and littleredbat.net/supranet.net
Dave Funk and icaen.uiowa.edu
Doc Schneider and maddoc.com
Mark Reynolds and telstra.net
David Coulson and davidcoulson.net
Richard Zuidhof and zonnet.nl
Daryl Jones and smrn.com
Vincent Schonau and xs4all.nl
Left off this list are some specific network and facilities
providers where some of the name servers are located, so
we'll leave it to our friends to forward our thanks to them.
This project would not be possible without our great public
DNS servers thus far, so our hearty thanks go out to everyone
helping to get the SURBL data out.
We also encourage anyone else with DS3 or faster network
connections to consider helping us provide DNS for these zones.
Interest in using SURBLs is ramping up from many different projects
and people, but when SpamAssassin 3.0 comes out in a few months
with its built-in support for SURBLs, the DNS traffic will
probably jump significantly. So we could probably still use some
more help with DNS. Please let us know if you can help.
Expect DNS traffic to max out around 1 or 2 Megabits per second
if things really take off. Also the more servers we have the
less traffic each one does, so a larger community helps to share
the load!
*************************************************************
We also want to strongly encourage any high-volume users of
SURBLs to set up local caching name servers for the zones
in order to offload the public name servers. Probably the
best way to do this is with rbldnsd and rsync, though BIND
versions of the zone files are also available via rsync.
Please contact Raymond at rsync at surbl dot org with your
name server's IP address in order to get rsync access. This
will help keep the load on the public name servers reasonable,
and it's also good engineering practice since it will get you
the best performance for using SURBLs. To re-iterate, if
you're running a high volume mail server, please do your
SURBL queries from your local name server by pulling the
zones using rsync and not from the public servers. Thanks!
*************************************************************
Also, we'd like to remind all SURBL users that the name of the
SURBL list derived from Bill Stearns' sa-blacklist has changed
from sa.surbl.org to ws.surbl.org. If you are using the old name
please change your configs to use the new name. After checking
that DNS traffic for the old name is minimal, we are ceasing DNS
service on the old name now, so use ws.surbl.org now! The
different SURBL lists are described at our site:
http://www.surbl.org/
Please forward this message to any interested parties. It
seems to be getting more difficult to keep in contact with
everyone using SURBLs, so a little help getting the word out
could be useful.
Thanks everyone!
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
4/24/04: In order to prevent future confusion, we are changing
the names of the rbldnsd zone files from .rbldns to .rbldnsd . If
you are using rbldnsd, please update your rsync and cron configs
to use the slightly revised .rbldnsd names. For now both old and
new names are being served, but we may want to stop serving the
deprecated names at some point in future. If you're using the old
names, please update to the new ones. We expect the new names to
be stable. The changes to the rbldnsd zone file names are:
sc.surbl.org.rbldns --> sc.surbl.org.rbldnsd
ws.surbl.org.rbldns --> ws.surbl.org.rbldnsd
be.surbl.org.rbldns --> be.surbl.org.rbldnsd
(For background, there are two RBL name server programs with
similar names but different functionality: rbldnsd and rbldns.
Zone files for the two programs do not share the same syntax. But
they are similar enough to cause potential confusion.)
4/24/04: Zone files now only update when the underlying spam
URI domains have changed.
The latter change means there are fewer unnecessary zone
transfers, but could potentially affect anyone who was looking at
the zone file serial numbers or file times as a status flag or
heartbeat.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
[Linked from the surbl site also... -- Jeff C.]
From: Dallas L. Engelken
To: spamassassin-users, spamassassin-dev
Date: Thursday, April 22, 2004, 3:13:23 PM
Subject: ANNOUNCE: The SARE SURBL+ Checker v0.4
http://www.rulesemporium.com/cgi-bin/uribl.cgi
- domain and ip lookups for sc/ws/be.surbl.org
- ip lookups for standard txt based rbls found in SA
For folks processing more than a a few hundred thousand messages
per day, please set set up a local caching name server for any of
the RBLs you are using, including SURBLs. This is considered a
standard, good practice since it offloads the public name servers.
A very popular and fast name server specifically meant for
serving up RBLs is rbldnsd:
http://www.corpit.ru/mjt/rbldnsd.html
SURBL zone files are available in rbldnsd format.
Then arrange with the RBLs to get rsync access to their zone
files. Since rsync only transmits differences, the zone files
are kept updated in a very efficient manner. For example to get
rsync access to SURBL zone files, please contact Raymond at
rsync at surbl dot org.
Other RBLs have similar procedures for gaining rsync access.
Then configure your mail servers using RBLs to query your local
forwarding RBL name server.
Thanks,
Jeff C.
P.S. Please don't grab zone files from our web site for
production or even hobbyist mail servers, as I see some people
apparently doing right now. I want to say that's really lame,
but that would be rude. ;-)
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Release 0.14 is up on sourceforge.net.
Sorry about all these releases. This is just a small
one to fix the 'Modification of non-creatable array value attempted'
error a few people have been seeing.
You can fetch it at http://sourceforge.net/projects/spamcopuri
--eric
I have just released SpamCopURI 0.13. This release adds some
basic query caching as well as registrar based lookups against
the RBL. Instead of querying for both the 2nd and 3rd level
domain we are now only querying for the 2nd OR the 3rd based
on the TLD. Let me know if you see any issues with this: false
positives, misses that should be hits, etc.
We are now caching the query results on a per test basis
so multiple URLs to the same to domain should only get checked
once per RBL.
There is also a change that fixes a compile error under
Perl 5.005 reported on this list.
Open redirect resolution is still off by default. I would
like to hear how this has worked out for those that have
enabled it. Do you think its safe enough to enabled it
by default?
The latest release can be retrieved from
http://sourceforge.net/projects/spamcopuri
--eric
BigEvil.cf and MidEvil.cf are now available in SURBL form as
be.surbl.org, for use with SpamCopURI SpamAssassin 2.63 and
URIDNSBL SpamAssassin 3.0 plugins. Thanks Chris, Paul and
Gary Funck!
Here's an excerpt about the new list from the Quick Start
section:
http://www.surbl.org/
Chris Santerre and Paul Barbeau's BigEvil and MidEvil
SpamAssassin rules are now available as an SURBL for use with
plugins and programs such as those mentioned above which can
extract message body URI domains and compare them against
name-based RBLs. The name of the list is be.surbl.org, and some
sample rules and scores to use it appears below. The well-known
and popular BigEvil and MidEvil SA rulesets are used to block
messages based on domains that have occurred in spam message body
URIs. Using this as an SURBL instead allows you to remove this
relatively large ruleset from SA memory and lets DNS cache the
data in a zone file instead, querying SURBL hits from DNS as
needed.
An SA 2.63 rule and score using SpamCopURI (but not the SpamCop
data!) looks like this:
uri BE_URI_RBL eval:check_spamcop_uri_rbl('be.surbl.org','127.0.0.2')
describe BE_URI_RBL URI's domain appears in BigEvil
tflags BE_URI_RBL net
score BE_URI_RBL 3.0
An SA 3.0 rule and score using URIBL's urirhsbl looks like this:
urirhsbl URIBL_BE_SURBL be.surbl.org. A
header URIBL_BE_SURBL eval:check_uridnsbl('URIBL_BE_SURBL')
describe URIBL_BE_SURBL Contains a URL listed BigEvil
tflags URIBL_BE_SURBL net
score URIBL_BE_SURBL 3.0
be.surbl.org can be used alone or with other SURBL lists; all
that's needed are different rule and score names, as we've shown
in the samples. More information about be.surbl.org can be found
in the Additional SURBLs section.
http://www.surbl.org/additional.htmlbe.surbl.org joins Bill Stearns' sa-blacklist-based ws.surbl.org
and my own SpamCop URI-based sc.surbl.org SURBLs. All are
described more at the site.
Please send me any questions, comments, corrections, updates,
etc.
Cheers,
Jeff C.
P.S. We will probably offer a combined list at some point.
We're still working out the details of that. Until then it's
quite possible to use one or more of the lists simply by using
separate SA rules for each one that you want to use, as shown
in the Quick Start samples.
P.P.S. The sample rules have been updated to mention "SpamCop"
only in the descriptions of rules that actually use SpamCop data.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Just release 0.12 to fix a test some users may have had errors with
during make test. No real need to grab this unless you want a clean make
test.
--eric
I have just released SpamCopURI version 0.11. This fixes a few
bugs that had been reported and adds open redirect resolution.
This basically takes a URL from say rd.yahoo.com and attempts
to resolve the Location header without ever fetching from
the potential spammy site.
Only the URLs that have hosts that match an address list get
redirect resolution. As well, redirect resolution is off
by default, but can be enabled in the conf file. I have
placed several open redirect sites in the conf file.
The basic requirement is that the redirect return a 300
level HTTP response when fetching. I placed google.com
in there even though they don't have their own redirect
domain, but this should be fairly safe since most if not
all google URLs are either redirects or searches. Give
it a try and tell me what you think. This is all dependent
upon LWP, but if you don't have LWP everything else
will function as it did before.
I have removed all the deprecated tests that depended on local Storable
data. See the INSTALL file for information about upgrading
from a previous version. There is also a bit more information
about installation that should help those that had trouble
in the past.
--eric
Here are a couple changes to the SURBL testpoints and TXT
records:
http://www.surbl.org/news.html
4/20/04: SURBL testpoints "example.com" have been changed to
"surbl-org-permanent-test-point.com" to avoid potential spam
detection on sample URIs.
So the SURBL testpoints are now:
Name: test.sc.surbl.org.sc.surbl.org (with ws for sc, etc.)
Address: 127.0.0.2
Name: test.surbl.org.sc.surbl.org
Address: 127.0.0.2
Name: 2.0.0.127.sc.surbl.org
Address: 127.0.0.2
Name: surbl-org-permanent-test-point.com.sc.surbl.org
Address: 127.0.0.2
4/20/04: TXT record for sc.surbl.org is changed from:
"Message body contains recently and multiply-reported SpamCop
spamvertised domain."
to:
"Message body contains SpamCop spamvertised domain."
TXT record for ws.surbl.org is changed from:
"Message body contains domain in sa-blacklist. See:
http://www.stearns.org/sa-blacklist/"
to:
"Blocked, See: http://www.stearns.org/sa-blacklist/".
Please update any test suites, rules, configs and other code
accordingly. We expect these to be (more) stable. :-)
(The default/sample SA 2.63 SpamCopURI and SA 3.0 urirhsbl rules
seem to write their own text descriptions based on the A record,
so these changes probably do not affect most SpamAssassin users
of SURBLs. Other applications may need to make adjustments if
they were using the TXT records.)
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/