On Sat, 12 Jun 2004, Jeff Chan wrote:
On Saturday, June 12, 2004, 4:10:30 PM, Matt Kettler wrote:
At 08:26 PM 6/12/04 +0200, Matthias Keller wrote:
I just upgraded to 2.63 and installed the patch to use surbls But I'm now not quite sure which .cf-rules I may remove now....? sc.surbl.org -> replaces spamcop_top200.cf ?
No.. spamcop_top200 is NOT URI based, it's Received: headers..
The normal spamcop DNSBL (RCVD_IN_BL_SPAMCOP_NET) overlaps with spamcop_top200.cf not SURBL.
ws.surbl.org -> replaces blacklist-uri.cf, right?
Yes.
-- but also blacklist.cf ?
No. surbl ONLY does uri's.. WS's blacklist.cf is a sender-domain blacklist.
be.surbl.org -> that one I'm sure, it replaces bigevil (and midevil) .....
Somewhat, although be.surbl.org is going away and even right now it doesn't (and cannot) contain all of bigevil.
Thanks for a good response Matt! You hit all the points excellently.
Key is that SURBLs contain message body URI domains. This is a very different approach from most RBLs which as you note list sender domains or sending IP addresses. SURBLs don't go after the sources of the messages, they go after the URIs in the message bodies.
More information about the lists can be found at:
http://www.surbl.org/lists.html
Eventualy JC, WS, And CS are going to get together and merge all the static-text stuff in bigevil over to WS's stuff, and bigevil will focus only on wide-range regex stuff, at which point it can't be surbl hosted and must be a .cf file. (DNS can't do regexes, just exact text match)
The enumerable domains in be.surbl.org are now being merged into ws.surbl.org, so be.surbl.org is just about ready to go away, with the heavily-wildcarded, widely-varying domains ending up exclusively in BigEvil.cf.
In other words the domains from BigEvil and MidEvil that can be listed without many wildcards go into ws.surbl.org and the domains that need more wildcards (too many to be practically enumerated) will end up in BigEvil.cf .
Chris may not be ready to do the latter yet, but the former is already in place as of a few days ago. We're watching it all run for a while before announcing officially.
Thanks for info Jeff, one question, for us who rsync the zones off your servers, will the be.surbl.org.bind/be.surbl.org.rbldsnd files disappear ? Does this mean we need to reconfigure our bind/rbldnsd if BE disappears and transforms back into a .cf ?