On Tuesday, April 20, 2004, 6:10:30 PM, Bill Landry wrote:
----- Original Message ----- From: "Jeff Chan" jeffc@surbl.org
So the quick answer is they'll probably not be combined.
However we probably will offer a combined version of Bill's list and Chris' BigEvil list since they are more similar in character.
Jeff, why not one DNS query that supports multiple result codes:
test: somedomain.com.sc.surbl.org
results:
127.0.0.2 = Spamcop 127.0.0.3 = WS List 127.0.0.4 = BigEvil List 127.0.0.5 = etc...
Same thing multi-test RBLs like AHBL, Sorbs, Blars,
FiveTen, NJABL and
others do.
That's pretty cool. One could even extend that as such (if they don't already):
test: example.com.all.surbl.org ;)
results:
127.0.0.2 = SC List 127.0.0.4 = WS List 127.0.0.8 = BigEvil List 127.0.0.16 = Someother List etc....
Multiple hits for the same lookup could be returned by combining the last octet i.e. a result of 127.0.0.10 would indicate the URI was found in both the SC and BigEvil lists. If one was only interested in what SC found, then one would AND the result with 127.0.0.2
just thinking out loud...
On Tuesday, April 20, 2004, 7:12:25 PM, Scott Truman wrote:
On Tuesday, April 20, 2004, 6:10:30 PM, Bill Landry wrote:
127.0.0.2 = Spamcop 127.0.0.3 = WS List 127.0.0.4 = BigEvil List 127.0.0.5 = etc...
Same thing multi-test RBLs like AHBL, Sorbs, Blars,
FiveTen, NJABL and
others do.
One could even extend that as such (if they don't already):
127.0.0.2 = SC List 127.0.0.4 = WS List 127.0.0.8 = BigEvil List 127.0.0.16 = Someother List etc....
Multiple hits for the same lookup could be returned by combining the last octet i.e. a result of 127.0.0.10 would indicate the URI was found in both the SC and BigEvil lists. If one was only interested in what SC found, then one would AND the result with 127.0.0.2
Nice. We probably will do an "all" list, so this is good to think about.
Does anyone have any comments about either approach? Bill seems to indicate there was a precedent in other "combining" RBLs, but Scott's suggestion is also clever.
(BTW Pardon the large cross posting, but this is the sort of thing that would be good to work out up front. Maybe if someone could gateway the question to other RBL folks for comment....)
Jeff C.
On Tue, 20 Apr 2004, Jeff Chan wrote:
On Tuesday, April 20, 2004, 7:12:25 PM, Scott Truman wrote:
On Tuesday, April 20, 2004, 6:10:30 PM, Bill Landry wrote:
127.0.0.2 = Spamcop 127.0.0.3 = WS List 127.0.0.4 = BigEvil List 127.0.0.5 = etc...
Same thing multi-test RBLs like AHBL, Sorbs, Blars,
FiveTen, NJABL and
others do.
One could even extend that as such (if they don't already):
127.0.0.2 = SC List 127.0.0.4 = WS List 127.0.0.8 = BigEvil List 127.0.0.16 = Someother List etc....
Multiple hits for the same lookup could be returned by combining the last octet i.e. a result of 127.0.0.10 would indicate the URI was found in both the SC and BigEvil lists. If one was only interested in what SC found, then one would AND the result with 127.0.0.2
Nice. We probably will do an "all" list, so this is good to think about.
Does anyone have any comments about either approach? Bill seems to indicate there was a precedent in other "combining" RBLs, but Scott's suggestion is also clever.
Both two encodings are used by other DSBLs. The first one is an enumeration (used by Sorbs, NJABL, etc), the second one a bit-field ("set") (used by MAPS RBL+).
The enumeration has the advantage of being simpler and covering more posibilities but is only single valued. (IE the match is for only one possible list).
The bit-field has the advantage of being able to represent membership in multiple lists at the cost of represinting fewer lists (7 as opposed to 254 possible groups). IE you can say that a particular entry is in both SC list & WS list.
SA already has functions for picking apart either kind of representation.
Given the nature of the proposed blackist (IE a compilation of different sources of information), I'd suggest the bit-field format to best handle the case of a given host being in more than one list.
----- Original Message ----- From: "David B Funk" dbfunk@engineering.uiowa.edu
Both two encodings are used by other DSBLs. The first one is an enumeration (used by Sorbs, NJABL, etc), the second one a bit-field ("set") (used by MAPS RBL+).
The enumeration has the advantage of being simpler and covering more posibilities but is only single valued. (IE the match is for only one possible list).
That's not correct. For example, one query as follows to Sorbs return several result codes:
dig 91.119.193.81.dnsbl.sorbs.net
;; ANSWER SECTION: 91.119.193.81.dnsbl.sorbs.net. 172657 IN A 127.0.0.3 91.119.193.81.dnsbl.sorbs.net. 172657 IN A 127.0.0.6 91.119.193.81.dnsbl.sorbs.net. 172657 IN A 127.0.0.2
SA has several multi-response RBLs setup to post a single query and receive multiple responses. Here is a the above response handled by SA:
*SNIP* Apr 22 09:24:19 gw1 amavis[28426]: (28426-10) SPAM-TAG, xgcbued@aol.com -> jtercek@pointshare.net, Yes, hits=140.9 tagged_above=1.0 required=1.0 tests=RCVD_IN_SORBS, RCVD_IN_SORBS-HTTP, RCVD_IN_SORBS-SOCKS, RCVD_IN_SORBS-SPAM
Note that SA reported that the message failed three Sorbs test, all from a single DNS query.
Bill
Hi!
;; ANSWER SECTION: 91.119.193.81.dnsbl.sorbs.net. 172657 IN A 127.0.0.3 91.119.193.81.dnsbl.sorbs.net. 172657 IN A 127.0.0.6 91.119.193.81.dnsbl.sorbs.net. 172657 IN A 127.0.0.2
SA has several multi-response RBLs setup to post a single query and receive multiple responses. Here is a the above response handled by SA:
*SNIP* Apr 22 09:24:19 gw1 amavis[28426]: (28426-10) SPAM-TAG, xgcbued@aol.com -> jtercek@pointshare.net, Yes, hits=140.9 tagged_above=1.0 required=1.0 tests=RCVD_IN_SORBS, RCVD_IN_SORBS-HTTP, RCVD_IN_SORBS-SOCKS, RCVD_IN_SORBS-SPAM
Note that SA reported that the message failed three Sorbs test, all from a single DNS query.
thats also what i wanted to do with the seperate 'results', thanks for explaining in detail. I guess most people have a clear vieuw now. So, when can we start using the combined lists :)
Bye, Raymond.
On Friday, April 23, 2004, 5:25:06 AM, Raymond Dijkxhoorn wrote:
So, when can we start using the combined lists :)
We're waiting to hear back from Bill, Chris, Paul, et. al., about whether they want to combine their rules before they reach us. Should have a better idea after a conference call this evening.
Jeff C.
-
Bill Landry -
David B Funk -
Jeff Chan -
Raymond Dijkxhoorn -
Scott Truman