From announce at lists.surbl.org Thu Dec 10 11:59:13 2009 From: announce at lists.surbl.org (SURBL Announcement list [READONLY]) Date: Thu, 10 Dec 2009 02:59:13 -0800 Subject: [SURBL-Announce] Experimental list: XS now contains snowshoe and pill domains, feedback wanted Message-ID: <7b7cecbb0912100259y3aa8bff1r674d002b719ecbdc@mail.gmail.com> [Please send follow up discussions to: discuss at lists . surbl. org] An experimental source of some snowshoe and pill domains is now being published in xs.surbl.org. SURBL considers this feed to be experimental and would very much welcome feedback about it, particularly about any false positives. Does anyone know anyone who actually wants to receive snowshoe messages? Here's Spamhaus' description of snowshoe: http://www.spamhaus.org/faq/answers.lasso?section=Glossary#233 XS is not included in multi currently, so for testing purposes it must be specified as a standalone list. For SpamAssassin, a rule would be: urirhssub URIBL_XS_SURBL xs.surbl.org. A 2 body URIBL_XS_SURBL eval:check_uridnsbl('URIBL_XS_SURBL') describe URIBL_XS_SURBL Contains an URL listed in the XS SURBL blocklist tflags URIBL_XS_SURBL net #reuse URIBL_XS_SURBL and a score would be: score URIBL_XS_SURBL 0 0.001 0 0.001 or whatever values you like. 0 would disable the test. 0.001 would be visible in headers and reporting, but likely not push a score over a threshold. 6.0 would block outright in most systems, etc. Remember to add the rule and score to a local.cf if you want it to persist across version upgrades. (As an aside, the SpamAssassin command urirhsbl should still work for an individual list, but arguably is obsoleted by urirhssub since the latter is just about universally used now and will handle the case of a standalone list too. More info at: http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Plugin_URIDNSBL.html ) For use in other systems, treat xs.surbl.org as it's own list and look for a 127.0.0.2 DNS A record result to indicate inclusion. IOW, you won't find it in multi yet. :) Here's a manual test: % dig difficultflamingos.com.xs.surbl.org [...] ;; QUESTION SECTION: ;difficultflamingos.com.xs.surbl.org. IN A ;; ANSWER SECTION: difficultflamingos.com.xs.surbl.org. 180 IN A 127.0.0.2 which of course may roll off the list when that particular record expires. Once it goes into production, XS would be included in multi, and this temporary, standalone test list would go away. ***The configs would need to be adjusted to use multi at that time, or the filtering for that source would go away.*** In other words, please don't put the standalone test list into production and leave it there. It will very likely go away later in favor of inclusion in multi. Note that testing XS after sender blacklists and other filtering techniques may result in XS not getting many hits. Note also that other types of data probably will be added to XS in future. Please test XS and send results to discuss at lists. surbl dot org From announce at lists.surbl.org Mon Dec 21 13:45:11 2009 From: announce at lists.surbl.org (SURBL Announcement list [READONLY]) Date: Mon, 21 Dec 2009 04:45:11 -0800 Subject: [SURBL-Announce] RFC: Discontinuing rsync service of individual list zone files In-Reply-To: <7b7cecbb0910190215qc058f46y996aad93db542735@mail.gmail.com> References: <7b7cecbb0910190215qc058f46y996aad93db542735@mail.gmail.com> Message-ID: <7b7cecbb0912210445xba75aebhb321b8916ad932cf@mail.gmail.com> On 10/19/09, Jeff Chan wrote: > In March 2009 we stopped delegating public DNS service of individual > list zones such as sc.surbl.org, ws.surbl.org, etc., since they are > obsolete and all their data are included in multi.surbl.org. We would > also like to stop rsync service for these files, again since their > content is included in multi.surbl.org, which is the only zone anyone > should be using. If anyone has feedback about this proposed change, > then please contact us by email at rsync at our domain. There was no feedback on the above request for comments. Therefore, zone files other than xs and multi have been removed from the rsync servers. Everyone should please use multi. There were a few systems still trying to rsync *.rbldnsd, etc. Please check your rsync clients and make sure they are rsyncing and using multi only, and not the individual zone files.