-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Sunday, June 13, 2004 12:28 AM To: SpamAssassin Users; SURBL Discuss Subject: Re: Which rules are replaces by *.surbl.org?
On Saturday, June 12, 2004, 7:56:15 PM, ian list) wrote:
On Sat, 12 Jun 2004, Jeff Chan wrote:
In other words the domains from BigEvil and MidEvil that can be listed without many wildcards go into ws.surbl.org and the domains that need more wildcards (too many to be practically enumerated) will end up in BigEvil.cf .
Chris may not be ready to do the latter yet, but the former is already in place as of a few days ago. We're watching it all run for a while before announcing officially.
Thanks for info Jeff, one question, for us who rsync the
zones off your
servers, will the be.surbl.org.bind/be.surbl.org.rbldsnd
files disappear ?
Does this mean we need to reconfigure our bind/rbldnsd if BE
disappears
and transforms back into a .cf ?
We had lots of difficulty reaching people and getting them to stop using sa.surbl.org when we simply wanted to rename that list to ws.surbl.org, and that was early on, so I suspect be.surbl.org may live on but with essentially no content. be's been around longer so it would be harder to get it out of configs out there. But the useable content from be is now in ws.
Ideally if folks want every function, they should:
Use sc.surbl.org
Use ws.surbl.org (which now has the be.surbl.org domains)
*Not* use be.surbl.org (which is now redundant)
Use BigEvil.cf (and perhaps MidEvil.cf also, depending
on how Chris and Paul work things out.)
Yes, but I want to add that there _WILL_ be a "BigEvil style" cf version of ws.surbl.org for those people who won't/can't use the SURBL net lookups for some strange reason. This is still being worked on. One of the main reasons I haven't updates BE in a while is because I've been working on the new WS submission stuff. (Thanks to everyone who is involved in that!)
Things should also pickup in the addition of new domains. More _trusted_ sources are being worked on now. We are being really picky, and making people walk the Gauntlet of Fire! :D
That said, not every one chooses to use every component. The choice is up to them.
To summarize the changes, the relatively fixed domains from be are now in ws, and the heavily wildcarded domains will end up only in BigEvil.cf. So to get the original BigEvil functionality one would continue to use BigEvil.cf and add ws.surbl.org. (That would also add the sa-blacklist domains for someone who was only using BigEvil before.)
Yeah I will be working on the more dynamic Bigevil.cf soon. I'm trying to work on another ruleset now that has nothing to do with URLs :) My eyes have been getting cross-eyed!
Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
On Monday, June 14, 2004, 2:03:11 PM, Chris Santerre wrote:
From: Jeff Chan [mailto:jeffc@surbl.org]
Ideally if folks want every function, they should:
Use sc.surbl.org
Use ws.surbl.org (which now has the be.surbl.org domains)
*Not* use be.surbl.org (which is now redundant)
Use BigEvil.cf (and perhaps MidEvil.cf also, depending
on how Chris and Paul work things out.)
Yes, but I want to add that there _WILL_ be a "BigEvil style" cf version of ws.surbl.org for those people who won't/can't use the SURBL net lookups for some strange reason. This is still being worked on. One of the main reasons I haven't updates BE in a while is because I've been working on the new WS submission stuff. (Thanks to everyone who is involved in that!)
Thanks, I forgot about that other direction of rules style entries moving from sa-blacklist back into bigevil.cf. Sounds like the best of both worlds in a nice mirror of both types:
A. ws.surbl.org gets all the "static" domains from BigEvil, sa-blacklist, etc. in the form of a SURBL.
B. BigEvil.cf gets all the domains, including those from sa-blacklist, heavily wildcarded ones, etc. in the form of a ruleset.
I didn't think of it earlier, but that will increase the overlapped coverage for folks using both of the above however.
Please be sure to let me know when you start feeding the larger lists into BigEvil.cf so I can know when to stop feeding them into be. Don't want a feedback loop of those going into ws. Accordingly I will also stop feeding be into ws at that time.
(Bill Stearns, please note the above. My feed of be to you should freeze at some point. Chris we should definitely coordinate when I should freeze the be I send Bill. Please let me know.)
Also: *when should we announce that be domains are now in ws, and that people should stop using be?* Is everyone comfortable that the combined ws is now working as expected, including the be domains being folded in?
Things should also pickup in the addition of new domains. More _trusted_ sources are being worked on now. We are being really picky, and making people walk the Gauntlet of Fire! :D
More data sources sound good. I'm glad we're being very careful that false positives don't get in. When we get a clearinghouse set up to double check them, that will help.
Jeff C.
Hi!
Yes, but I want to add that there _WILL_ be a "BigEvil style" cf version of ws.surbl.org for those people who won't/can't use the SURBL net lookups for some strange reason. This is still being worked on. One of the main reasons I haven't updates BE in a while is because I've been working on the new WS submission stuff. (Thanks to everyone who is involved in that!)
Thanks, I forgot about that other direction of rules style entries moving from sa-blacklist back into bigevil.cf. Sounds like the best of both worlds in a nice mirror of both types:
A. ws.surbl.org gets all the "static" domains from BigEvil, sa-blacklist, etc. in the form of a SURBL.
B. BigEvil.cf gets all the domains, including those from sa-blacklist, heavily wildcarded ones, etc. in the form of a ruleset.
I dont see the problem listsing them inside a SURBL. The extra few kb it will take on the nameservers ? For me i would like to put the preassure on DNS, not on every single box that has to do expression lookups, those will cost a lot more CPU... Most of the times its not the nameservers that cant keep up, but the mailboxes...
Also: *when should we announce that be domains are now in ws, and that people should stop using be?* Is everyone comfortable that the combined ws is now working as expected, including the be domains being folded in?
Yes. Let me know when i should start slaving them. Same applies for the rsync...
Bye, Raymond.
[setting back to the correct distribution list; I broke it by manually setting the SA developers list before.]
On Monday, June 14, 2004, 4:18:02 PM, Raymond Dijkxhoorn wrote:
Yes, but I want to add that there _WILL_ be a "BigEvil style" cf version of ws.surbl.org for those people who won't/can't use the SURBL net lookups for some strange reason. This is still being worked on. One of the main reasons I haven't updates BE in a while is because I've been working on the new WS submission stuff. (Thanks to everyone who is involved in that!)
Thanks, I forgot about that other direction of rules style entries moving from sa-blacklist back into bigevil.cf. Sounds like the best of both worlds in a nice mirror of both types:
A. ws.surbl.org gets all the "static" domains from BigEvil, sa-blacklist, etc. in the form of a SURBL.
B. BigEvil.cf gets all the domains, including those from sa-blacklist, heavily wildcarded ones, etc. in the form of a ruleset.
I dont see the problem listsing them inside a SURBL. The extra few kb it will take on the nameservers ? For me i would like to put the preassure on DNS, not on every single box that has to do expression lookups, those will cost a lot more CPU... Most of the times its not the nameservers that cant keep up, but the mailboxes...
ws.surbl.org will continue to get all the domains that are practical to enumerate from sa-blacklist, BigEvil.cf, MidEvil.cf, etc. We don't be getting heavily wildcarded ones or ones with regular expression ranges, etc, into SURBLs since BIND and rbldnsd would not know how to handle them.
Something like *spammer.biz would be impossible to enumerate, for example, whereas spammer[0-2].biz can be successfully enumerated and would be included in ws.surbl.org as spammer0.biz, spammer1.biz, spammer2.biz .
Does that sound right? :-)
Also: *when should we announce that be domains are now in ws, and that people should stop using be?* Is everyone comfortable that the combined ws is now working as expected, including the be domains being folded in?
Yes. Let me know when i should start slaving them. Same applies for the rsync...
ws and be changes should propagate automatically as things are set up now.
We're still waiting to hear back from people about the performance, especially a false positive rate from ob.surbl.org before announcing or distributing them. And multi.surbl.org presumably doesn't have code that can use it yet. Those are the only new lists needing some feedback/coding.
Jeff C.
Hi!
I dont see the problem listsing them inside a SURBL. The extra few kb it will take on the nameservers ? For me i would like to put the preassure on DNS, not on every single box that has to do expression lookups, those will cost a lot more CPU... Most of the times its not the nameservers that cant keep up, but the mailboxes...
ws.surbl.org will continue to get all the domains that are practical to enumerate from sa-blacklist, BigEvil.cf, MidEvil.cf, etc. We don't be getting heavily wildcarded ones or ones with regular expression ranges, etc, into SURBLs since BIND and rbldnsd would not know how to handle them.
Something like *spammer.biz would be impossible to enumerate, for example, whereas spammer[0-2].biz can be successfully enumerated and would be included in ws.surbl.org as spammer0.biz, spammer1.biz, spammer2.biz .
Wonder if i would like to run that anyway, *spammer.biz, then i would also block antispammer.biz. =)
We're still waiting to hear back from people about the performance, especially a false positive rate from ob.surbl.org before announcing or distributing them. And multi.surbl.org presumably doesn't have code that can use it yet. Those are the only new lists needing some feedback/coding.
If i have some more time the next days i can have a look also.
Bye, Raymond.
-
Chris Santerre -
Jeff Chan -
Raymond Dijkxhoorn