On Wednesday, April 21, 2004, 6:30:05 AM, Chris Santerre wrote:
Paul and I are still working out how we can merge ME and BE together without a lot of work. But I have no problems at all combining the ME and BE together and letting Paul add just as much as me. He knows my basic criteria for checking the domains.
Sounds good. Can you let me know what kind of TTL I should set?
Basically I'd like to set the lifetime of the zone info to something relevant towards how often you and Paul usually update the lists. Nothing too specific is needed, just a general idea. Like is it daily, twice a day, every other day on average, etc.
Also does this TXT record work for you guys:
"Blocked in BigEvil. See: http://www.rulesemporium.com/"
It was just a generic placeholder. I'd like comments/improvements on it.
- BigEvil wildcards. Not sure how you would handle these. Something like
evil\d{2,4}spam.com is a general wildcard. Some of those domains don't even exhist. Not sure how SURBL will handle that.
Yes, I should have mentioned that I'm simply discarding them. Unfortunately there's no easy way to deal with them. Domains without any patterns in them, which are a majority, come right through. The script is at:
http://spamcheck.freeapp.net/handle-bigevil
http://spamcheck.freeapp.net/clean-bigevil.sed
- Where would I send updates? As single domains, or a txt list? How would I
remove an FP?
As you can see from the script, we are web-grabbing copies of both .cf files every time the script is run, which is currently hourly. It's all automatic; all you guys need to do is have the current versions on your web sites.
- What is the quickest way to check a domain against the other SURBL lists?
Basically I see no reason to duplicate the listings. *gulp* and on a Windowze machine? (Don't ask!)
I wouldn't worry too much about that for now. For now we just want to get an accurate record of everything. We're working on ways to merge things next.
- Has there been any talk with the sendmail people? It would be interesting
to actually block at the MTA level based on an evil URL. I realise the inherent dangers in this ;)
Yes, there is talk about sendmail milters using SURBLs. I haven't heard of anyone doing one yet, but they're feasible. The limiting factor is the FP rate. FPs must be as close to zero as possible before people will dare to reject spams at the MTA level using SURBLs, other than perhaps for personal servers, etc.
Jeff C.