-----Original Message----- From: John Wilcock [mailto:john@tradoc.fr] Sent: Thursday, April 22, 2004 2:26 AM To: Jeff Chan; SURBL Discussion list Subject: Re: [SURBL-Discuss] BigEvil + MidEvil as SURBL
On Wed, 21 Apr 2004 14:49:51 -0700, Jeff Chan wrote:
- BigEvil wildcards. Not sure how you would handle these.
Something like
evil\d{2,4}spam.com is a general wildcard. Some of those
domains don't even
exhist. Not sure how SURBL will handle that.
Yes, I should have mentioned that I'm simply discarding them. Unfortunately there's no easy way to deal with them. Domains without any patterns in them, which are a majority, come right through. The script is at:
Can we make sure that when you announce this to the
public that they know
this! :) I can see the flurry of emails now.
Definitely will mention the differences in the announcement and web site!
Perhaps the ideal would be if the script that converts bigevil to rbl form could also generate a separate "wildevil" cf file containing only the wildcard entries from bigevil, so that people can have the best of both worlds...
John.
Hold off on the wilcard idea for now. Let me figure out with the other guys what we are doing. A few ideas in the mix. But I would let wildcards stay as a regex file. It is crazy to try to lookup things like /\dmeds\d{2,6}.(?:com|net|biz)/ , that would take a looong time to do just that one!
--Chris
On Thursday, April 22, 2004, 9:01:19 AM, Chris Santerre wrote:
From: John Wilcock [mailto:john@tradoc.fr]
Perhaps the ideal would be if the script that converts bigevil to rbl form could also generate a separate "wildevil" cf file containing only the wildcard entries from bigevil, so that people can have the best of both worlds...
John.
Hold off on the wilcard idea for now. Let me figure out with the other guys what we are doing. A few ideas in the mix. But I would let wildcards stay as a regex file. It is crazy to try to lookup things like /\dmeds\d{2,6}.(?:com|net|biz)/ , that would take a looong time to do just that one!
My *strongly* preferred solution to the remaining 2% wildcarded domains would be to produce the non-wildcarded versions of domains that had actually occurred in spams.
I.e. if the current (discarded due to wildcarding) rule is
/\dmeds\d{2,6}.(?:com|net|biz)/
but the actual domain(s) that triggered the rule are
dmedsdd.com dmedsddd.net dmedsddddd.biz ...
then just get me the ones that actually occur. We can always add more later... Yes, it does mean a longer list.
People are really fixated on this small number of discarded rules, but of course there are solutions.
Jeff C.
Hi!
My *strongly* preferred solution to the remaining 2% wildcarded domains would be to produce the non-wildcarded versions of domains that had actually occurred in spams.
I.e. if the current (discarded due to wildcarding) rule is
/\dmeds\d{2,6}.(?:com|net|biz)/
but the actual domain(s) that triggered the rule are
dmedsdd.com dmedsddd.net dmedsddddd.biz ...
Wont take much ram in DNS anyway, and there will be just one query, so even if you write down all possible ones its doable also.
Bye, Raymond.
-
Chris Santerre -
Jeff Chan -
Raymond Dijkxhoorn