On Saturday, June 12, 2004, 4:10:30 PM, Matt Kettler wrote:
At 08:26 PM 6/12/04 +0200, Matthias Keller wrote:
I just upgraded to 2.63 and installed the patch to use surbls But I'm now not quite sure which .cf-rules I may remove now....? sc.surbl.org -> replaces spamcop_top200.cf ?
No.. spamcop_top200 is NOT URI based, it's Received: headers..
The normal spamcop DNSBL (RCVD_IN_BL_SPAMCOP_NET) overlaps with spamcop_top200.cf not SURBL.
ws.surbl.org -> replaces blacklist-uri.cf, right?
Yes.
-- but also blacklist.cf ?
No. surbl ONLY does uri's.. WS's blacklist.cf is a sender-domain blacklist.
be.surbl.org -> that one I'm sure, it replaces bigevil (and midevil) .....
Somewhat, although be.surbl.org is going away and even right now it doesn't (and cannot) contain all of bigevil.
Thanks for a good response Matt! You hit all the points excellently.
Key is that SURBLs contain message body URI domains. This is a very different approach from most RBLs which as you note list sender domains or sending IP addresses. SURBLs don't go after the sources of the messages, they go after the URIs in the message bodies.
More information about the lists can be found at:
http://www.surbl.org/lists.html
Eventualy JC, WS, And CS are going to get together and merge all the static-text stuff in bigevil over to WS's stuff, and bigevil will focus only on wide-range regex stuff, at which point it can't be surbl hosted and must be a .cf file. (DNS can't do regexes, just exact text match)
The enumerable domains in be.surbl.org are now being merged into ws.surbl.org, so be.surbl.org is just about ready to go away, with the heavily-wildcarded, widely-varying domains ending up exclusively in BigEvil.cf.
In other words the domains from BigEvil and MidEvil that can be listed without many wildcards go into ws.surbl.org and the domains that need more wildcards (too many to be practically enumerated) will end up in BigEvil.cf .
Chris may not be ready to do the latter yet, but the former is already in place as of a few days ago. We're watching it all run for a while before announcing officially.
Jeff C.
On Sat, 12 Jun 2004, Jeff Chan wrote:
On Saturday, June 12, 2004, 4:10:30 PM, Matt Kettler wrote:
At 08:26 PM 6/12/04 +0200, Matthias Keller wrote:
I just upgraded to 2.63 and installed the patch to use surbls But I'm now not quite sure which .cf-rules I may remove now....? sc.surbl.org -> replaces spamcop_top200.cf ?
No.. spamcop_top200 is NOT URI based, it's Received: headers..
The normal spamcop DNSBL (RCVD_IN_BL_SPAMCOP_NET) overlaps with spamcop_top200.cf not SURBL.
ws.surbl.org -> replaces blacklist-uri.cf, right?
Yes.
-- but also blacklist.cf ?
No. surbl ONLY does uri's.. WS's blacklist.cf is a sender-domain blacklist.
be.surbl.org -> that one I'm sure, it replaces bigevil (and midevil) .....
Somewhat, although be.surbl.org is going away and even right now it doesn't (and cannot) contain all of bigevil.
Thanks for a good response Matt! You hit all the points excellently.
Key is that SURBLs contain message body URI domains. This is a very different approach from most RBLs which as you note list sender domains or sending IP addresses. SURBLs don't go after the sources of the messages, they go after the URIs in the message bodies.
More information about the lists can be found at:
http://www.surbl.org/lists.html
Eventualy JC, WS, And CS are going to get together and merge all the static-text stuff in bigevil over to WS's stuff, and bigevil will focus only on wide-range regex stuff, at which point it can't be surbl hosted and must be a .cf file. (DNS can't do regexes, just exact text match)
The enumerable domains in be.surbl.org are now being merged into ws.surbl.org, so be.surbl.org is just about ready to go away, with the heavily-wildcarded, widely-varying domains ending up exclusively in BigEvil.cf.
In other words the domains from BigEvil and MidEvil that can be listed without many wildcards go into ws.surbl.org and the domains that need more wildcards (too many to be practically enumerated) will end up in BigEvil.cf .
Chris may not be ready to do the latter yet, but the former is already in place as of a few days ago. We're watching it all run for a while before announcing officially.
Thanks for info Jeff, one question, for us who rsync the zones off your servers, will the be.surbl.org.bind/be.surbl.org.rbldsnd files disappear ? Does this mean we need to reconfigure our bind/rbldnsd if BE disappears and transforms back into a .cf ?
On Saturday, June 12, 2004, 7:56:15 PM, ian list) wrote:
On Sat, 12 Jun 2004, Jeff Chan wrote:
In other words the domains from BigEvil and MidEvil that can be listed without many wildcards go into ws.surbl.org and the domains that need more wildcards (too many to be practically enumerated) will end up in BigEvil.cf .
Chris may not be ready to do the latter yet, but the former is already in place as of a few days ago. We're watching it all run for a while before announcing officially.
Thanks for info Jeff, one question, for us who rsync the zones off your servers, will the be.surbl.org.bind/be.surbl.org.rbldsnd files disappear ? Does this mean we need to reconfigure our bind/rbldnsd if BE disappears and transforms back into a .cf ?
We had lots of difficulty reaching people and getting them to stop using sa.surbl.org when we simply wanted to rename that list to ws.surbl.org, and that was early on, so I suspect be.surbl.org may live on but with essentially no content. be's been around longer so it would be harder to get it out of configs out there. But the useable content from be is now in ws.
Ideally if folks want every function, they should:
0. Use sc.surbl.org
1. Use ws.surbl.org (which now has the be.surbl.org domains)
2. *Not* use be.surbl.org (which is now redundant)
3. Use BigEvil.cf (and perhaps MidEvil.cf also, depending on how Chris and Paul work things out.)
That said, not every one chooses to use every component. The choice is up to them.
To summarize the changes, the relatively fixed domains from be are now in ws, and the heavily wildcarded domains will end up only in BigEvil.cf. So to get the original BigEvil functionality one would continue to use BigEvil.cf and add ws.surbl.org. (That would also add the sa-blacklist domains for someone who was only using BigEvil before.)
I hope this makes sense. Please let me know otherwise. :-)
Jeff C.
Hi!
Ideally if folks want every function, they should:
Use sc.surbl.org
Use ws.surbl.org (which now has the be.surbl.org domains)
*Not* use be.surbl.org (which is now redundant)
Use BigEvil.cf (and perhaps MidEvil.cf also, depending
on how Chris and Paul work things out.)
4. Subscribe to the zones list. That is, for the people rsyncing.
So if we change things they know. If they are ignorant, they end up with a large logfile full off rsync errors (in worst case) :)
Bye, Raymond.