Discuss

discuss@lists.surbl.org

2 participants
1870 discussions

Help with sa-blacklist load
by William Stearns 16 Sep '05

16 Sep '05

Good day, all, I'm running into a problem with the sa-blacklist content I host at http://www.stearns.org/sa-blacklist/ . The box (*) is hosted at pa.net, a colo facility once employing a good friend. A new guy was going over the bandwidth stats and noticed that that machine hogs the available bandwidth on its ethernet segment for a few minutes after each hour as people download the sa-blacklist. I asked him what kind of bandwidth he'd ideally like that system to use, and how much I'm using at the moment. I should be using around 10G/month. I'm currently using 1TB/month. Oops. I'm not in imminent danger of being kicked off their cable, but both they and I agree that I need to do something differently. I could put another physical box at another ISP with unlimited bandwidth, but I'm already paying around $1500/year to host the site, and am reluctant to double that. Because that box hosts 27 virtual machines, moving it is a project that would need a few months of lead time to arrange, and would be a nightmare in itself. It would be great if someone already has enough bandwidth to host the content on a different cable, but I think people with a terabyte/month to spare may be rare. *smile* If you've got some bandwidth you could share, would you consider doing round-robin with me with the content? 10 sites spreading the load would have 100GB/month, or an average of about 300 kilobits/sec. 20 sites sould be half that each, and so on. I'd need to upload content via rsync over ssh. The actual content is published via web, rsync, and ftp, although I could easily set up www.sa-blacklist.stearns.org for the sites willing to share over http, rsync.sa-blacklist.stearns.org, for the sites willing to share over rsync, and ftp.sa-blacklist.stearns.org. If you can spare some bandwidth, please respond. Let me know what you can spare in average kilobits/sec. That way, if only 10 people respond and one of them can provide 100 kilobits/sec, I'll know not to include that person in the mirror until I can get 30 people. If you can take part, I'd be forever grateful. *sincere smile* Cheers, - Bill * http://www.stearns.org/slartibartfast/uml-coop.current.html --------------------------------------------------------------------------- (Referring to the 32 bit system that feeds out files for kernel.org) "We learned that the Linux load average rolls over at 1024. And we actually found this out empirically." -- Peter Anvin -------------------------------------------------------------------------- William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------

2 1

cheetahmail / rhsbl.ahbl.org
by wolfgang 31 Aug '05

31 Aug '05

Hi, when experimenting with rhsbl.ahbl.org sender blacklists on MTA level, I noticed: reject_warning: RCPT from mta121.cheetahmail.com[66.165.100.122]: 571 Service unavailable; Sender address [bo-byytbuda6faq70bcxwgsmb73r6zqxc(a)b.apc.chtah.com] blocked using rhsbl.ahbl.org; Domain used in spam. Access is not allowed.; To me, the email seemed to be a valid product hotfix notification from http://www.apc.com to registered recipients. What are your experiences with or views about cheetah.com? They appear to be mass mailers, but also engaged in anti-spam measures / sender verification acitivities, and what are your experiences with rhsbl.ahbl.org? I would like to make up my mind - whether to whitelist cheetah.com mailservers from being blocked on MTA level in order to avoid FPs when using ahbl - whether to use rhsbl.ahbl.org to reject mails at the MTA level. Cheers, wolfgang

4 7

Fw: [off-topic] Free Opera Registration
by Kevin A. McGrail 30 Aug '05

30 Aug '05

Just passing along some interesting news: Opera is celebrating 10 years with a free registration code. It's very simply and very much on the up and up. Go to http://my.opera.com/community/party/reg.dml " SURPRISE!!! Free registration codes - Party favors: Get a free Opera registration code by clicking the "go free" button below. We're giving away registration codes for as long as the party lasts!" Regards, KAM

1 0

photo.com?
by Jeff Chan 29 Aug '05

29 Aug '05

Got a spam mentioning photo.com and some chat site. The chat site may be spammy but does anyone know anything about photo.com? Seems to be several years old: Registrant: Calumet Photographic Inc. 890 Supreme Dr. Bensenville, IL 60106 US Domain Name: PHOTO.COM Administrative Contact: Perazella, Tom tom.perazella(a)CALUMETPHOTO.COM Calumet Photographic, Inc. 890 Supreme Dr. Bensenville, IL 60106 US (630) 860-7447 fax: 999 999 9999 Technical Contact: Fischer, Douglas doug.fischer(a)calumetphoto.com 890 Supreme Drive Bensenville, IL 60106 US 630-860-7447 X3204 fax: 123 123 1234 Record expires on 06-Apr-2006. Record created on 07-Apr-1998. Database last updated on 28-Aug-2005 04:09:30 EDT. Domain servers in listed order: NS1.PRIMARYDEVELOPMENT.NET 38.119.37.68 NS3.PRIMARYDEVELOPMENT.NET 38.119.37.120 NS2.PRIMARYDEVELOPMENT.NET 38.119.37.69 Jeff C. -- Don't harm innocent bystanders.

2 3

re: [SURBL-Discuss] RE: Porn Domains and SURBL
by Jay Swackhamer 26 Aug '05

26 Aug '05

> The address I had for reporting spam to mailpolice was: > > > spam(a)mailpolice.com > > But it may no longer work. Yes, the address still works. Please do send any kind of spam to that address. -- Jay Swackhamer <jswack(a)nebularis.com> Nebularis Inc <http://www.nebularis.com> MailPolice Spam&Virus Elimination <http://www.mailpolice.com> Tel: 1-613-843-9358 Fax: 1-613-825-5960

3 2

RE: Porn Domains and SURBL
by Rob McEwen 23 Aug '05

23 Aug '05

It was brought to the attention of some SURBL contributors recently a reminder that we have to be careful not to list porn messages just because they are porn if little or no evidence of actual spamming is found. This is because SURBL is suppose to be a "spammer's URI" list, not an objectionable content list. There has always been a general agreement on this. But this issue has reminded me to remind everyone to please, where applicable, send any porn domains which did NOT quite make the SURBL "spam threshold" over to MailPolice.com's "porn.rhs.mailpolice.com" list... especially the newer ones which might not already be there. In fact, for the past 14 months, I've been slowly and diligently working on my own commercial spam filtering solution with which I hope to carve out a nitch area where I will especially appeal to families who are concerned about content as well as spam. Therefore, for my **own** filtering, porn is filtered out regardless of spamming issues and, therefore, MailPolice's porn list is a great addition to my filter. Other filters may choose to have a "family option" or "strict option" which would be ideal for "grownups" who struggle with porn addiction and/or great for families who want an extra layer of protection for their own children's e-mail accounts. This can catch porn outfits who spam "just below the radar" or it can catch them if/when they just start spamming. Of course, this is no substitute for linguistic filtering, for which I have one of the best porn filters ever. Of course, the real trick is to catch these without catching the dirty jokes that people send around to each other. (and I've gotten pretty good at blocking the former without blocking the latter in my linguistic filtering!) Of course, this kind of filtering is not for everyone or every mail server!!! But I just want to make sure that you all know about MailPolice being a good place to send this stuff to when not deemed SURBL-material. BTW - When I start selling my spam filtering service, it will be available here: http://Stop-Spam-Forever-Filter-Blocker.com (or, alternatively) http://StopSpamForever.com But my web site for promoting my filter is not yet built :( Finally, funny thing is... I don't know for sure **how** best to report porn domains to MailPolice. Jay Swackhamer <jswack at nebularis.com> is the contact there who provided the MailPolice-to-SURBL phishing data feed. Try him or perhaps Jeff or someone else has a suggestion or additional contact there? Rob McEwen PowerView Systems Rob(a)PowerViewSystems.com

3 2

Surbl.org mirror down due to hardware probs
by Dirk Bonengel 21 Aug '05

21 Aug '05

Hi, I'm sorry but trabant.login-solutions.de (212.172.180.57), one of the mirror servers for the surbl.org zones, is down, probably due to hardware probs. Please, can someone disable that machine in the DNS setup. Thanks Dirk

2 1

RBLDNSD + mrtg
by Michele Neylon 16 Aug '05

16 Aug '05

Hi Has anyone managed to plot RBLDNS stats using MRTG? I've googled, but I haven't found anything TIA Michele

2 2

Geocities
by Darrell (support＠invariantsystems.com) 13 Aug '05

13 Aug '05

I want to check on this before I add geocities as an exception (i.e. do not check against SURBL) - Is geocities one of the domains that would never end up on SURBL. I was doing an analysis this week against domains that always returned clean and number of times - and geocities was listed as #1. Darrell

5 4

Lookup of (phishing) URLs with an IP
by Dirk Bonengel 13 Aug '05

13 Aug '05

Hi, sorry for crossposting, but I think this concerns both SURBL and URIBL. Given: A (phishing-)mail containg a link to the IP 219.144.194.158 The lookup page on rulesemporium.com says it's listed on ws and ph in SURBL However, I find that the current SpamAssassin (3.0.4) does not appear to lookup IP-based URLs. Is that correct? Secondly, which form would be correct to lookup that IP via dig (or whatever), and how should SA handle it if it tried to lookup IP-based URIs? dig 219.144.194.158.multi.surbl.org gives no results back, but the reversed dotted decimal form does: dig 158.194.144.219.multi.surbl.org returns 127.0.0.12. Lastly: The URIBL-Lookup page says that the IP 219.144.194.158 is neither listed on SURBL nor URIBL but claims that 158.194.144.219 is listed both in SURBL (ws and ph) and URIBL (black). I take that to be simply wrong. Dirk

2 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss