[SURBL-Discuss] quick poll on SURBL hit %

Jeff Chan jeffc at surbl.org
Thu Jan 6 11:51:27 CET 2005


On Wednesday, January 5, 2005, 8:50:07 PM, Matt (hotmail) wrote:
> It could have been a smaller time period (it was last week sometime), I
> didn't notice it till I started getting complaints about spam. when I dug
> into it everything looked like it should have been caught but the uribl
> rules weren't firing in SA. manual dig's showed 10+ second delays (I asked
> several NS's directly) and spamassassin was giving up after 2 seconds (or
> whatever the default is I forget). I upped the timeout in SA to 10 seconds
> at the sacrifice of mail throughput and the rules started firing again. the
> server has bind running locally and I wasn't having problems resolving
> anything else. I chalked it up to spammers DDossing the surbl.org zones
> because it was such an effective measure. decided it was too valuable to not
> have and opted to run the zone's locally. before I got the rsync approval
> things seemed to have settled down and my query times were back to normal
> but I had already setup rbldnsd so I opted to run the zones anyway along
> with some standard rbl zones that I use.

Hmm, if anyone spots problems with name resolution I hope they'll
let us know.  We didn't have any other reports of solow
resolution and several of the people hosting DNS keep an eye on
the traffic, as I do. I haven't noticed any attacks on the
servers I have stats for.

Note that the SURBL name server stauts page uses a timeout of
10 seconds:

  http://www.surbl.org/nameservers-output.html

but every check I've done of the name servers has typically
had responses within the ten to say 300 millisecond range.
So if you saw 10 second delays it would be useful to
know where they came from.

Can you try some of your manual lookups using the SURBL
public name servers and let us know what results you get?

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list