>-----Original Message-----
>From: Andy Jezierski [mailto:ajezierski@stepan.com]
>Sent: Friday, June 25, 2004 12:30 PM
>To: Chris Santerre
>Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail)
>Subject: Re: [SARE] Bigevil IMPORTANT update/test.
>
>
>
>
>
>
>Chris Santerre <csanterre(a)MerchantsOverseas.com> wrote on 06/25/2004
>11:21:20 AM:
>
>> I have no idea how this will effect systems under heavy load. Those
>systems
>> should definitely stay with SURBL as this is just a local
>regex copy of
>it.
>> But for those systems that can't/won't use SURBL and want a
>local copy of
>> this larger bigevil here is the link: (~600k)
>>
>
>Will you be coming up with a MiniEvil that contains just the wildcard
>rules? Or have all the wildcard sites been added to surbl
>individually?
>
Yes I will be coming out with a wildcard BE. Scored much lower. WS.surbl.org
will not contain those. I'm taking things one step at a time. I'm way behind
in my other SARE projects even now. I can't thnk the other ninjas enough for
picking up my slack. SARE and SURBL have great people involved in those
projects.
And of course, no of this would be possible without the great work of the
devs! Who's Kung-fu is mighty!
--Chris
Good afternoon, administrator,
Thanks for providing the littleurl service - the links you provide
are a lot easier to type.
I'd like to offer one free resource to you in trying to keep your
system from being abused by spammers. I maintain a blacklist of spam
domains at http://www.stearns.org/sa-blacklist/ ; the specific file you'll
probably want is
http://www.stearns.org/sa-blacklist/sa-blacklist.current.domains . This
is a list of ~22,700 spammer domains. Would you consider checking the
domains people submit for littleurl against that list as part of the
littleurl creation process, and if found, perhaps not provide a littleurl
for it?
If you'd rather not check against a file that large or you want to
do this over dns, you can also place a lookup for that domain against
submitted.domain.ws.surbl.org
- if you get back an "A" record for it, it's in the above list.
More details at http://www.surbl.org .
Please let us know if you have any questions or concerns.
Cheers,
- Bill
---------------------------------------------------------------------------
"Silly hacker, root is for administrators."
-- Unknown
(Courtesy of Fabrice MARIE <fabrice(a)celestix.com>)
--------------------------------------------------------------------------
William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
--------------------------------------------------------------------------
This Off topic but figured most of us all get hit with this stuff.
I am in need of a bit of help.
I got a whole bunch of open relays doing rumpelstiltskin(sic) attacks on
both my main mailserver and my seconary MX server... hitting the
secondary and making it throttle the main one.
Anyway is there a way to use some of these RBLs to basically deny these
open relays to be able to even attempt these attacks?
I'm running Sendmail 8.12.11 on Linux... both these boxen run RH 6.2
and are really locked down against other attacks.
I use to just drop routes to these idiots but never a good solution
IMNSHO 8*)
I looked through the sendmail FAQs and didn't find anything that was
helpful.
Any idea would be more then welcome.
--
-Doc
---
MomNDoc Online Consultants
http://www.maddoc.net/
momndoc(a)maddoc.net
Why are you reading here? Content inline below.....go ahead...go read.....
>-----Original Message-----
>From: David Hooton [mailto:djh-lists@platformhosting.com]
>Sent: Thursday, June 24, 2004 5:11 PM
>To: 'SURBL Discussion list'
>Subject: RE: [SURBL-Discuss] A question on policy
>
>
>> -----Original Message-----
>> From: discuss-bounces(a)lists.surbl.org [mailto:discuss-
>> bounces(a)lists.surbl.org] On Behalf Of Jeff Chan
>> Sent: Friday, 25 June 2004 6:56 AM
>> To: SURBL Discuss
>> Subject: Re: [SURBL-Discuss] A question on policy
>>
>> Apparently uptilt.com does appear in message bodies since I see
>> it appearing once on SpamCop's spamvertised sites. Chris adding
>> it to ws.surbl.org could be ok.
>
>FWIW - we have had uptilt.com listed in our internal lists for quite a
>while.
>
Sure...tell us now ;)
>Jeff's policy is pretty much identical to ours - we don't
>generally block
>first time offenders (read: Anthony Robbins) who are known to
>generally be
>reasonable quality content providers.
Yeah I try to do the same. This particular thread had me questioning becase
the person called the robbin's organisation and they seemed they were not
going to do anything about it. So we will see.
>
>We do however block on site any "Marketing Partners" who have
>decided to
>"Market" to our customers who have not subscribed to the list
>- in this case
>uptilt.com
>
Being a marketing partner is a death sentance around here as well :)
--Chris
>-----Original Message-----
>From: Dave Navarro [mailto:dave@basicguru.com]
>Sent: Thursday, June 24, 2004 11:50 PM
>To: discuss(a)lists.surbl.org
>Subject: [SURBL-Discuss] Hello
>
>
>Hi,
>
>I originally found the SURBL site through CPU magazine. I've
>done some
>testing with it and I find that the number of domains listed is pretty
>sparse. Is this project still active?
>
>--Dave
>
Oh yeah, we are picking up steam everyday. This started with just 3-4 guys,
and had no really great way to submit. We got the basics worked out now, and
a few more submitters and lots of sources of domains. So actually we are
jamming. And we make sure quality comes first over quantity. We HATE false
positives here. They make me breakout in hives ;)
Chris Santerre
System Admin and SARE Ninja
http://www.rulesemporium.com
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin
Yusuf and Suresh of Outblaze have provided a different version of
the Outblaze data which excludes some sender domains which are
not really relevant to SURBL use. I've put the revised list up
as:
ob2.surbl.org
Please beta test it against ob.surbl.org
Please also test ab.surbl.org which are the top 425 or so
spamvertised sites from abusebutler.com.
So please beta test:
ob.surbl.orgob2.surbl.orgab.surbl.org
and let us know the results here. ob2 and ab are only
on my name server right now, so please don't test on any
really large volume mail servers. Hand-checked corpus
testing would be ideal, and we're particularly interested
in false positives and spam detection percentages.
Thanks,
Jeff C.
Hi,
I originally found the SURBL site through CPU magazine. I've done some
testing with it and I find that the number of domains listed is pretty
sparse. Is this project still active?
--Dave
One thing I notice is that the IP addresses of blacklisted domains are not
always listed in the BL as well.
For example, when I look up:
ghcclccc.biz.multi.surbl.org
It's listed. However, when I look up:
72.2.139.221.multi.surbl.org
it's not listed.
Might I suggest that all domains listed in the BL also include
corresponding IP addresses?
--Dave
I was doing some browsing of NANAE and came across something interesting.
http://tinyurl.com/2xkyw
But the thread basically says that uptilt.com (a known spam sender) was
hired by tonyrobbins.com to advertise. So they sent out spam. Now my
question is, do we list them?
Do we list somewhat legit domains that hire these people without (or maybe
with) the knowledge that they will spam? I'm leaning towards yes, in the
hopes they will learn to choose their advertisers more carefully.
Thoughts?
Chris Santerre
System Admin and SARE Ninja
http://www.rulesemporium.com
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin