In March 2009 we stopped delegating public DNS service of individual
list zones such as sc.surbl.org, ws.surbl.org, etc., since they are
obsolete and all their data are included in multi.surbl.org. We would
also like to stop rsync service for these files, again since their
content is included in multi.surbl.org, which is the only zone anyone
should be using. If anyone has feedback about this proposed change,
then please contact us by email at rsync at our domain.
[Please send follow up discussions to: discuss at lists . surbl. org]
An experimental source of some snowshoe and pill domains is now being
published in xs.surbl.org. SURBL considers this feed to be
experimental and would very much welcome feedback about it,
particularly about any false positives. Does anyone know anyone who
actually wants to receive snowshoe messages? Here's Spamhaus'
description of snowshoe:
http://www.spamhaus.org/faq/answers.lasso?section=Glossary#233
XS is not included in multi currently, so for testing purposes it must
be specified as a standalone list. For SpamAssassin, a rule would be:
urirhssub URIBL_XS_SURBL xs.surbl.org. A 2
body URIBL_XS_SURBL eval:check_uridnsbl('URIBL_XS_SURBL')
describe URIBL_XS_SURBL Contains an URL listed in the XS
SURBL blocklist
tflags URIBL_XS_SURBL net
#reuse URIBL_XS_SURBL
and a score would be:
score URIBL_XS_SURBL 0 0.001 0 0.001
or whatever values you like. 0 would disable the test. 0.001 would
be visible in headers and reporting, but likely not push a score over
a threshold. 6.0 would block outright in most
systems, etc. Remember to add the rule and score to a local.cf if you
want it to persist across version upgrades.
(As an aside, the SpamAssassin command urirhsbl should still work for
an individual list, but arguably is obsoleted by urirhssub since the
latter is just about universally used now and will handle the case of
a standalone list too. More info at:
http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_URID…
)
For use in other systems, treat xs.surbl.org as it's own list and look
for a 127.0.0.2 DNS A record result to indicate inclusion. IOW, you
won't find it in multi yet. :)
Here's a manual test:
% dig difficultflamingos.com.xs.surbl.org
[...]
;; QUESTION SECTION:
;difficultflamingos.com.xs.surbl.org. IN A
;; ANSWER SECTION:
difficultflamingos.com.xs.surbl.org. 180 IN A 127.0.0.2
which of course may roll off the list when that particular record
expires.
Once it goes into production, XS would be included in multi, and this
temporary, standalone test list would go away. ***The configs would
need to be adjusted to use multi at that time, or the filtering for
that source would go away.*** In other words, please don't put the
standalone test list into production and leave it there. It will very
likely go away later in favor of inclusion in multi.
Note that testing XS after sender blacklists and other filtering
techniques may result in XS not getting many hits.
Note also that other types of data probably will be added to XS in future.
Please test XS and send results to discuss at lists. surbl dot org