>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Monday, June 28, 2004 10:41 PM
>To: SURBL Discuss
>Subject: [SURBL-Discuss] Pleaae beta test ds.surbl.org - 6dos data
>
>
>Please beta test ds.surbl.org which is the 6dos data turned into
>a SURBL. In particular, please check the false positive rate and
>let us know what you find.
>
>Please do not use ds.surbl.org for production mail servers as it
>is hosted only on my name server.
>
>(Chris, the list has about 120,000 entries. Were there some .c
>files which we should exclude?)
"So, drop: Misc.c Registrars.c Mainsleaze.c and that oughta put a pretty
big dent in complaints." - A friend. ;)
--Chris
Good day, all,
The physical host that hosts www.stearns.org, spamgate, and around
25 other virtual machines has experienced some massive drive problems over
the last 36 exhausing hours. I have the systems mostly up, but there's a
lot of cleanup work that needs to be done.
I don't expect to be able to restore the automatic update
functionality until this weekend.
To the best of my knowledge, ws.surbl.org (hosted on another
physical system) is working just fine. It'll keep providing the latest
list until I can get the automatic updates working again.
Cheers,
- Bill
---------------------------------------------------------------------------
"Absence is to love what wind is to fire. It extinguishes the
small, it enkindles the great."
(Courtesy of Arnaud Installe <ainstalle(a)filepool.com>)
--------------------------------------------------------------------------
William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------
>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Tuesday, June 29, 2004 10:24 AM
>To: SURBL Discussion list (E-mail)
>Subject: Re: [SURBL-Discuss] Whitelist entry needed
>
>
>On Tuesday, June 29, 2004, 7:18:15 AM, Chris Santerre wrote:
>> I can't get to Stearns site just yet to fix this. (server is
>up, but not
>> back to where we can change things yet.) We need to
>whitelist search.com
>
>I've whitelisted it in SURBLs.
>
Many thanks.
--chris
>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Tuesday, June 29, 2004 10:23 AM
>To: Chris Santerre
>Cc: 'Jeff Chan'; 'SURBL Discussion list'
>Subject: Re: [SURBL-Discuss] Pleaae beta test ds.surbl.org - 6dos data
>
>
>On Tuesday, June 29, 2004, 7:12:38 AM, Chris Santerre wrote:
>
>>>From: Jeff Chan [mailto:jeffc@surbl.org]
>
>>>As a data point, 6dos hit 300 whitelist entries out of 120,000
>>>records, which is about a ten times greater whitelist hit *rate*
>>>than ob.surbl.org.
>>>
>
>> 0.25% fp rate, so it has an S/O rating of 99.75 :)
>
>No, that's not an FP rate since my whitelist does not include
>every possible FP. In fact, it's rather limited. More like
>the 1000 most common web domains plus many more obscure
>geographic tlds that will probably never be used in spams.
LOL, you missed the joke there! ;)
>
>The whitelist hits might give a hint at relative FP rates between
>lists, but only actual testing against real messages will give
>meaningful FP rates.
Believe me, I know!
>
>> Actually that is great info. Can we get the whitelist hits?
>This might be a
>> great way to tweak the 6dos list. I'm also very interested
>in who hit the
>> whitelist. I'd like to see the xref in 6dos to see who these
>people are
>> dealing with. I think RSK would be interested as well.
>
>I've saved a copy of the 6dos hits against my whitelist at:
>
> http://spamcheck.freeapp.net/6dos.domains.whitelist-hits
>
Sweeeeet!
>The entire whitelist, including many geographic domains is at:
>
> http://spamcheck.freeapp.net/whitelist-domains.sort
>
>> Even if we have to clean up 1-2% of these listed, look how
>many evil domains
>> we get. But I fully understand your philosophy on this Jeff.
>Some of these
>> evil domains may not have spammed.....yet. ;)
>
>I don't mind pre-emptively listing every domain of every known
>spam operation. What we don't want are FPs on legitimate domains.
>
10-4 good buddy.
--Chris
I can't get to Stearns site just yet to fix this. (server is up, but not
back to where we can change things yet.) We need to whitelist search.com
Anyway you can fix that Jeff?
Chris Santerre
System Admin and SARE Ninja
http://www.rulesemporium.comhttp://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin
>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Tuesday, June 29, 2004 1:21 AM
>To: SURBL Discuss
>Subject: Re: [SURBL-Discuss] Pleaae beta test ds.surbl.org - 6dos data
>
>
>On Monday, June 28, 2004, 7:46:16 PM, David Coulson wrote:
>> Jeff Chan wrote:
>>> Please do not use ds.surbl.org for production mail servers as it
>>> is hosted only on my name server.
>
>> Even though it took a day to load (almost), I've got it
>running on ns10
>> if you want to add that to the NS glue.
>
>Thanks David. I'd like to see what kind of false positive rates
>we see before committing to running it for real.
>
>As a data point, 6dos hit 300 whitelist entries out of 120,000
>records, which is about a ten times greater whitelist hit *rate*
>than ob.surbl.org.
>
0.25% fp rate, so it has an S/O rating of 99.75 :)
Actually that is great info. Can we get the whitelist hits? This might be a
great way to tweak the 6dos list. I'm also very interested in who hit the
whitelist. I'd like to see the xref in 6dos to see who these people are
dealing with. I think RSK would be interested as well.
Even if we have to clean up 1-2% of these listed, look how many evil domains
we get. But I fully understand your philosophy on this Jeff. Some of these
evil domains may not have spammed.....yet. ;)
--Chris
We are using the spamcop_uri with the 3 main feeds, ws, ob, ab and the main
man and we are seeing a reduction of 4-5 in our mail box in the mornings to
1, of course all the other junk is nailed with SA.
Great idea and a great addition to fighting the ads for pills, my small
p*nis and my girlfriends undersized headlight notifications as well as the
fact that I am approved for high interest loans. I am so gullible that I now
can rest easy knowing I won't be taken ;)
Thanks to the SURLB team...
--
David Thurman
The Web Presence Group
http://www.the-presence.com
Web Development/E-Commerce/CMS/Hosting/Dedicated Servers
800-399-6441/309-679-0774
>-----Original Message-----
>From: Dave Navarro [mailto:dave@basicguru.com]
>Sent: Friday, June 25, 2004 12:53 AM
>To: discuss(a)lists.surbl.org
>Subject: [SURBL-Discuss] rDNS entries
>
>
>One thing I notice is that the IP addresses of blacklisted
>domains are not
>always listed in the BL as well.
>
>For example, when I look up:
>
> ghcclccc.biz.multi.surbl.org
>
>It's listed. However, when I look up:
>
> 72.2.139.221.multi.surbl.org
>
>it's not listed.
>
>Might I suggest that all domains listed in the BL also include
>corresponding IP addresses?
>
That might hurt a lot of virtually hosted and legit sites. We only list IPs
if a spam URL explicitly lists the IP.
--Chris
Please beta test ds.surbl.org which is the 6dos data turned into
a SURBL. In particular, please check the false positive rate and
let us know what you find.
Please do not use ds.surbl.org for production mail servers as it
is hosted only on my name server.
(Chris, the list has about 120,000 entries. Were there some .c
files which we should exclude?)
Please note that I have removed ob2.surbl.org as it was for
testing only and the data source for it is now used as
ob.surbl.org.
Jeff C.
>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Monday, June 28, 2004 5:28 PM
>To: SURBL Discussion list (E-mail)
>Subject: Re: [SURBL-Discuss] The beast has been fed. 6dos now in
>WS.surbl.org
>
>
>On Monday, June 28, 2004, 12:31:24 PM, Chris Santerre wrote:
>> The '6dos' project domains have now been fed into
>ws.surbl.org. This is a
>> huge collection of spam domains. The reason I did this now
>is the format is
>> changing and it would have been a nightmare to do this later.
>
>> I briefly looked thru them, but there are a LOT. I expect a
>few FPs. But for
>> the shear number of domains you can't beat it. I will remove
>any reported
>> FPs. Bill if you want to whitelist some if I can't get to
>them right away,
>> go ahead. I will post when I remove, or if they are spammers and the
>> whitelist needs to be removed.
>
>> This is a great addition. And NO I can't tell you the source
>of the '6dos'
>> project. You will just have to contact me with any questions :)
>
>NO!!!!!!! DO NOT DO THIS.
Stop yelling or I'll start calling you my wife ;) DOn't think I
won't.....honey! :P
>
>Rich's list is way too big and inaccurate for our use in terms
>of false positives. It will ruin SURBLs and people's use of them.
Yes and no. But have a look at the file I posted.
>
>The huge list is probably the reason Bill's server is choking
>now.
Damn I hope it wasn't the list that killed it! That would suck! But size
wise it didn't look any bigger then some of the other lists people had
submitted.
But I have no problems making this a seperate SURBL list. The data is very
good once you look at it.
Sorry if I seem testy. I'm on a 3 week schedule of no Hockey. I'm ready to
kill at a moments notice :)
--Chris