Discuss May 2004

discuss@lists.surbl.org

44 participants
91 discussions

Re: [SURBL-Discuss] Another redirector
by Patrik Nilsson 23 May '04

23 May '04

At 16:35 2004-05-22 +0200, Raymond Dijkxhoorn wrote: > > Might already be known, but since I haven't seen it mentioned, here's > > another redirector used in spam: > > urllog.com > > > > Actual example of spam using it available if needed. > >Please provide all info, or post it on the list. Then we can contact the >guys running the service and see if we can get them SURBL'ed. OK, wasn't sure submitting the actual example mail to the list was a reliable method as it might get blocked. Anyway - example attached. Patrik

2 2

Re: [SURBL-Discuss] RFC: Combined SURBL list details, phishing list ready
by Jeff Chan 23 May '04

23 May '04

On Saturday, May 22, 2004, 8:30:56 AM, Daniel Quinlan wrote: > Jeff Chan <jeffc(a)surbl.org> writes: >> So should I open an RFE in bugzilla to request handling of a >> combined SURBL list in urirhsbl (modulo the later updates of the > Yes. Done. >> corrected name multi.surbl.org and starting from .2 not .1)? > Why starting at .2 instead of .1? Don't you want to use all of the > bits available? Someone said that 127.0.0.1 in an RBL would cause general mail delivery problems, but I believe that might only apply to an RBL applied to message headers in an MTA, which SURBLs aren't. OPM uses the .1 bit, but it does it in the larger context of 127.1.0.x not 127.0.0.X, where .1 could perhaps run into the loopback address. http://opm.blitzed.org/info I suppose we could start with the 2,4,8 bits and expand back down to .1 if we feel it's safe later. Does that sound ok? >>> Default TTL for the combined list is generally the longest of the >>> included lists, which is six hours, while individual entries >>> inherit the shortest TTL which can be 10 minutes for sc data. >>> That allows individual entries to expire in BIND appropriately to >>> their data source. > Shouldn't the TTL be the shortest of the included lists? Yes, individual entries would get the shortest TTL if it appears on multiple lists. Jeff C.

1 0

RE: [SURBL-Discuss] DNS for dummies
by rleonard＠opto22.com 20 May '04

20 May '04

Written like a true, typical linux lurker! Sometimes it is better to have one on one with somebody who knows what they are doing, than going off of some text from Google.. I got a lot of great help, and got it running in less than an hour.. much less time than it would have taken me to research, read, test, re-research any questions and implement.. Another, better question is.. why do some people feel compelled to reply negatively rather than just ignore? I get more traffic on this newsgroup than I get SPAM.. most of it is completely beyond me, and I'm of no use to anybody.. but every once in a while I get a message from another newbie that is running into an issue I have already figured out.. and it is with pleasure I reply to them.. even though they probably could have just googled the answer themselves. The rest I glance at, and delete. Thanks again to everybody on this list that is helpful to those of us that are either new, time restricted or just plain lost.. -----Original Message----- From: Ralph Seichter [mailto:mailing-list@seichter.de] Sent: Thursday, May 20, 2004 4:08 AM To: SURBL Discussion list Subject: Re: [SURBL-Discuss] DNS for dummies rleonard(a)opto22.com wrote: > Has anybody written a "HOWTO DNS" for dummies.. Why don't people do their homework? Next time, use Google to search for "HOWTO DNS". It returned approximately 510,000 hits. -- Mit freundlichen Grüßen / Yours sincerely Dipl. Inform. Ralph Seichter HORUS-IT Ahornweg 10 D-57635 Oberirsen Tel +49 2686 987880 Fax +49 2686 987889 http://horus-it.de/ _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss

3 2

Re: [SURBL-Discuss] Hatcheck: this one is a toughy for me....
by Patrik Nilsson 20 May '04

20 May '04

At 15:38 2004-05-20 -0400, Chris Santerre wrote: >205.236.189.57 = www.Default-Homepage-Network.com >thoughts on this? http://www.spamhaus.org/sbl/sbl.lasso?query=SBL9442 http://groups.google.com/groups?q=Default-Homepage-Network.com&scoring=d Pornspam and hijackware. Patrik

2 2

Hatcheck: this one is a toughy for me....
by Chris Santerre 20 May '04

20 May '04

205.236.189.57 = www.Default-Homepage-Network.com thoughts on this? Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

2 1

RE: [SURBL-Discuss] Fwd: Re: ANTI-SURBL technique used by spammer
by Chris Santerre 20 May '04

20 May '04

>-----Original Message----- >From: Raymond Dijkxhoorn [mailto:raymond@prolocation.net] >Sent: Thursday, May 20, 2004 5:32 AM >To: Jeff Chan; SURBL Discussion list >Subject: Re: [SURBL-Discuss] Fwd: Re: ANTI-SURBL technique used by >spammer > > >Hi! > >> I brought it up due to the possible bad uses of this >technology. It's >> possible for a spammer to use this service for free >bandwidth for images and >> other content (flash, etc). >> >> This is just one of those things to hold on to and keep an >eye out for, if >> the word get's out, the spammers might try and abuse it. >From the message >> boards, most people don't care what it's used for, except >those using 40 GB >> per day in illegal movie downloads cause they choose to be a mirror. > >> >> Are you aware of http://freecache.org ? >> >> Take a look here if not: >> >> http://slashdot.org/articles/04/05/12/1635205.shtml?tid=126&tid=95 >> >> Thanks! > >We might tell them about SURBL and ask to implement caching >only for non >listed domains. Others implemented things like that allready. >Jeff, can >you take that actionpoint? > >Bye, >Raymond. I think that is a fantastic idea! They want there service to be great. It can't be if they are blacklisted. I second the motion to contact them. Can't hurt. --Chris

2 1

DNS for dummies
by rleonard＠opto22.com 20 May '04

20 May '04

Hi all.. I'm a wanna be Linux guy who somehow, even with my own ineptitude, managed to get SA 2.63 with Qmail up and running on Redhat 9.0! Recently I got the SURBL's working and they have helped a LOT (I have a very weak box that is running SA.. so the lookups saved a lot of processing time!).. however.. I have noticed my outgoing traffic on our T1 has shot through the roof. I currently have the Linux box using our ISP's DNS server for lookups.. I'm guessing it would be much more efficient if I had the linux box do it, cache it.. I've even read about having it transfer the SURBL zones directly so that lookups remain local.. Has anybody written a "HOWTO DNS" for dummies.. that could help walk me through setting this up on my Linux box? Thanks!!!!!!!!!!!!

3 2

Re: ANTI-SURBL technique used by spammer
by Jeff Chan 20 May '04

20 May '04

Thanks Fred, I have whitelisted freecache.org, which in terms of proper operations of SURBLs should be all that's needed to prevent false positives and allow the actual spam sites to be caught. In terms of using freecache to distribute hosting of the SURBL web site, we'll look into that. I am asking freecache.org to consider blocking access to their services for spammers, as metamark is doing for redirection using SURBL data. Jeff C. __ On Wednesday, May 19, 2004, 3:30:00 PM, Fred Fred wrote: > Well, I brought this up for a couple of reasons, it can be used for many > reasons, GOOD and BAD. > Your idea sounds good, it might also be used for some other heavy data files > we host for whatever reason. > I brought it up due to the possible bad uses of this technology. It's > possible for a spammer to use this service for free bandwidth for images and > other content (flash, etc). > This is just one of those things to hold on to and keep an eye out for, if > the word get's out, the spammers might try and abuse it. From the message > boards, most people don't care what it's used for, except those using 40 GB > per day in illegal movie downloads cause they choose to be a mirror. > Frederic Tarasevicius > Internet Information Services, Inc. > http://www.i-is.com/ > 810-794-4400 > mailto:info@i-is.com > Jeff Chan wrote: >> On Wednesday, May 19, 2004, 2:22:38 PM, Fred wrote: >>> Jeff, >>> Are you aware of http://freecache.org ? >>> Take a look here if not: >>> http://slashdot.org/articles/04/05/12/1635205.shtml?tid=126&tid=95 >>> Thanks! >> >>> Frederic Tarasevicius >> >> Thanks for the info Fred. Sounds like akamai for the rest of us. >> :) >> >> Should we publish the surbl site with it? >> >> Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 1

Fwd: Re: ANTI-SURBL technique used by spammer
by Jeff Chan 20 May '04

20 May '04

This is a forwarded message From: Fred <spamassassin(a)freddyt.com> To: "Jeff Chan" <jeffc(a)surbl.org> Date: Wednesday, May 19, 2004, 3:30:00 PM Subject: ANTI-SURBL technique used by spammer ===8<==============Original message text=============== Well, I brought this up for a couple of reasons, it can be used for many reasons, GOOD and BAD. Your idea sounds good, it might also be used for some other heavy data files we host for whatever reason. I brought it up due to the possible bad uses of this technology. It's possible for a spammer to use this service for free bandwidth for images and other content (flash, etc). This is just one of those things to hold on to and keep an eye out for, if the word get's out, the spammers might try and abuse it. From the message boards, most people don't care what it's used for, except those using 40 GB per day in illegal movie downloads cause they choose to be a mirror. Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400 mailto:info@i-is.com Jeff Chan wrote: > On Wednesday, May 19, 2004, 2:22:38 PM, Fred wrote: >> Jeff, >> Are you aware of http://freecache.org ? >> Take a look here if not: >> http://slashdot.org/articles/04/05/12/1635205.shtml?tid=126&tid=95 >> Thanks! > >> Frederic Tarasevicius > > Thanks for the info Fred. Sounds like akamai for the rest of us. > :) > > Should we publish the surbl site with it? > > Jeff C. ===8<===========End of original message text=========== -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

2 2

Draft of rbldnsd with BIND under FreeBSD document
by Jeff Chan 20 May '04

20 May '04

Please take a look at my draft document about using rbldnsd with BIND under FreeBSD: http://www.surbl.org/rbldnsd-bind-freebsd.html And let me know if you have any comments, suggestions, corrections, updates, etc. I wasn't really sure what interface to put the fake address on so I used loopback. Is that ok? Style comments are welcome too. Jeff C.

1 0

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss May 2004