You could keep a generic list of nameservers such as 'Server 1', 'Server
2', etc, which correlates to 'ns1', 'ns2', etc. It'd just add a level
of obscurity and require just a little more of a monkey to figure out
though.
william
-----Original Message-----
From: Jeff Chan [mailto:jeffc@surbl.org]
Sent: Tuesday, August 24, 2004 6:40 AM
To: SURBL Discuss
Subject: Re: [SURBL-Discuss] Improved name server status page
On Tuesday, August 24, 2004, 6:32:44 AM, Chris Santerre wrote:
> That is very cool! However do you think it is wise to make public the
IP's
> of the servers?
Yeah that kind of raised some flags for me too, but the servers
are easy enough to find, and the names of the servers are not
unique due to the round robin.
For example e.surbl.org resolves to two different name servers.
So the only thing unique and used for the subdomains are their
IP addresses. I suppose we could set up another set of aliases
for them, but kind of don't want another set to maintain.
(The old style ns1, ns2, etc. names remain but for BIND
type servers for the parent zone. They have already diverged
from the rbldnsd servers.)
Jeff C.
_______________________________________________
Discuss mailing list
Discuss(a)lists.surbl.org
http://lists.surbl.org/mailman/listinfo/discuss
>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Tuesday, August 24, 2004 3:51 AM
>To: SURBL Discuss
>Subject: Re: [SURBL-Discuss] WS & DS FP?
>
>
>On Tuesday, August 24, 2004, 12:27:22 AM, David Funk wrote:
>> On Mon, 23 Aug 2004, Jeff Chan wrote:
>
>>> > <! click the link below or copy it into a web browser.>
>>> > <!
>>> >
>https://secure.clickaction.MUNGEDnet/ClickAction?func=S_TurnOff
>Html&partname=itworld&uid=MUNGED
>>> > ==========
>>>
>>> > It was tagged by both WS and DS. Should this domain be
>whitelisted and/or
>>> > removed from these SURBLs?
>>>
>>> I'm going to assume that itworld.com would not put spammer
>>> domains in their newsletter. Whitelisting:
>>>
>>> accelacommunications.com
>>> itwpub1.com
>>> itworld.com
>>> clickaction.net
>>>
>>> If anyone knows anything about any of them, please speak
>>> up.
>
>> FWIW, I've got "clickaction.net" spam in my archive and there's
>> a couple hundred NANAS listings for them too.
>
>> It may be that that "secure.clickaction.net" is the clean side
>> of their house but I have spam sent from the clickaction.net
>> mail servers containing "www.clickaction.net" URLs.
>
>I took a look at some of the NANAS hits on clickaction.net and
>most of them seem to be for legitimate businesses and
>organizations. That leads me to think we should keep them off
>the lists, though they do seem somewhat spammy.
>
>Anyone else know anything about them?
>
Good lord the deeper the rabbit hole goes, the spammier they look! They are
yesmail, and yesmail is a spammer in my book! They are using itworld as a
"Legitimizer" How does this quote of theirs sound to you?
"Join Yesmail, Latham & Watkins, and Accela Communications to learn more
about how you can mitigate risk to your company and continue to leverage the
power of email communications in your marketing programs."
With a quote like that, I would keep them listed in a heartbeat. And the
more I look the more I say let them stay. You legit companies in NANAS still
look like spam. The vermont teddy stuff looks like a run on a purchased mail
list.
I keep looking, and I keep seeing spammer! Someone show me a legit ham, that
was optin, or asked for!
--Chris
I've set up a better SURBL name server status page at:
http://www.surbl.org/nameservers-output.html
which is also linked from the main page.
It shows some latency in zone file propagation, and it also
shows one of the name servers down. (Bjorn is that coming
back eventually?)
We may want to ask all the public name servers to rsync
every 10 minutes.... Would that be OK Raymond?
Currently I have the DNS timeout set to 10 seconds with two
retries. What kind of values are more typical or standard
for resolvers?
I will use the scripts that generate the page to send
notifications (probably to myself at first) once things
stabilize. Since events don't happen very often, it's
probably not necessary to show a history on the page.
Comments?
Jeff C.
Using SpamCopURI, ws.surbl.org FP'ed some mail from Fedora-List.
http://dirk-wendland.deMUNGED.vu/ (a personal webpage in a sig).
WS contains deMUNGED.vu. But they're a registrar. (.vu is Vanuatu.) So
perhaps SURBL should whitelist de.vu and check at third level?
--
lundin(a)fini.net
"Not only did we get you an apple with a mouse like
you asked, we also got you a banana with a lizard."
Included in an "IT World" newsletter (www.itworld.com) is the content below
that included clickaction.MUNGEDnet:
==========
<! ATTENTION!>
<! You are reading this message because your mail reader cannot display
HTML.>
<! If you would prefer to receive text messages from now on,>
<! click the link below or copy it into a web browser.>
<!
https://secure.clickaction.MUNGEDnet/ClickAction?func=S_TurnOffHtml&partnam…
==========
It was tagged by both WS and DS. Should this domain be whitelisted and/or
removed from these SURBLs?
Bill
Finally. I've been taunting you poor folks for weeks, now. :-)
Here it is:
http://ry.ca/geturi/ -- geturi v1.4
>From the DESCRIPTION:
geturi is designed to process a directory containing a list of RFC822
messages (one message per file). It analyses each message, attempts to
strip out as many unclickable URIs as possible, and then compiles the
list of found URIs, putting HTML output on STDOUT.
What I'd *like* to see are a bunch of people using this, and some
suggestions for improvement (I already have quite a few, some of which
are in the TODO section of the documentation). I'd call this alpha code
at the moment, for want of testers, but I don't know of any huge bugs.
Feedback more than welcome!
- Ryan
--
Ryan Thompson <ryan(a)sasknow.com>
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
We've had a request to whitelist rm04.net and rm02.net.
Does anyone know anything about them? They seem to belong to:
> SilverPOP Systems
> (DOM-151479)
> 200 Galleria Parkway
> Suite 750 Atlanta
> GA
> 30339 US
And reportedly appeared in a newsletter belonging to:
Altiris http://www.altiris.com
Comments?
Jeff C.
Found a citibank phish that used a redirect thru go.msn.com to
'zach.com.previewmysite.com' (see attached message).
Is previewmysite.com guilty or an innocent open site that is being
exploited?
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
I kind of keep tabs on these guys from time to time. Since they had started
using SARE rules in their commercial product. Looks like their new version
will support SURBL. Jeff you might want to drop them a "Hey there!" email.
http://www.omni-ts.com/Forum/ShowPost.aspx?PostID=2913
Chris Santerre
System Admin and SARE Ninja
http://www.rulesemporium.comhttp://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin