You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by João Gouveia <jo...@anubisnetworks.com> on 2010/02/28 02:40:25 UTC
Fwd: DNSBL mirrors
Probably makes sense to post this here also?
Sorry for the cross post if it doesn't :-)
Re: DNSBL mirrors
Posted by João Gouveia <jo...@anubisnetworks.com>.
Hi Marc!
It would be best if you could just rsync the zones from us and set them up with a rbldnsd.
Would that be possible? I would prefer not having to to operate remote servers myself.
If you're up to it, let me know which IP addresses you'll be using for rsync and I'll add them to the ACL.
Thanks!
----- "Marc Perkel" <ma...@perkel.com> wrote:
> I'll help - what do you need? I can give you a VPS under OpenVZ - a
> Centos or Fedora 12 64 bit environment. I have bandwidth ant
> processing power.
>
> João Gouveia wrote:
>
> Probably makes sense to post this here also?
> Sorry for the cross post if it doesn't :-)
>
>
>
>
> Subject: DNSBL mirrors
>
> From: João Gouveia <jo...@anubisnetworks.com>
>
> Date: Sun, 28 Feb 2010 01:35:18 +0000 (WET)
>
> To: Spamassassin <us...@spamassassin.apache.org>
>
> To: Spamassassin <us...@spamassassin.apache.org>
> Hi all,
>
> we are aiming to provide free usage of our DNSBL to the general anti
> spam community as soon as possible.
> However, in order to do this we would need to deploy more DNS mirrors
> or we risk providing a poor service due to the amount of DNS traffic
> we expect to receive.
> If you think you are up to this (or you know someone that would be)
> and you have the necessary infrastructure and bandwidth to support a
> rbldnsd mirror, please contact me off list so we can discuss details.
>
> This DNSBL has been running for a while now, incorporated in the
> SpamAssassin weekly mass checks and isn't exactly new (we've been
> operating since Feb 2008). What's new is the "free" part of it.
>
> You can check the current results here (last two weeks):
> http://ruleqa.spamassassin.org/20100220-r912093-n/%2FRCVD
> http://ruleqa.spamassassin.org/20100227-r916929-n/%2FRCVD The relevant
> rule name is "T_RCVD_IN_ANBREP_BL" (aggregation of all bad reputation
> IP addresses). Note that both the rule name and the DNS zone in use
> will change to a dedicated zone (which is already up and running). If
> you want to test it out use this one instead:
> http://mailspike.org/anubis/implementation_sa.html .
>
> At the moment our goal is to get enough mirrors to provide a free
> sustained service and an overall good experience to SpamAssassin
> users, so that in the future this can be included in the SpamAssassin
> base rules (assuming of course SA folks would see value in it).
>
> All the best,
>
> ---
> João Gouveia
Re: Fwd: DNSBL mirrors
Posted by Marc Perkel <ma...@perkel.com>.
I'll help - what do you need? I can give you a VPS under OpenVZ - a
Centos or Fedora 12 64 bit environment. I have bandwidth ant processing
power.
João Gouveia wrote:
> Probably makes sense to post this here also?
> Sorry for the cross post if it doesn't :-)
>
> ------------------------------------------------------------------------
>
> Subject:
> DNSBL mirrors
> From:
> João Gouveia <jo...@anubisnetworks.com>
> Date:
> Sun, 28 Feb 2010 01:35:18 +0000 (WET)
> To:
> Spamassassin <us...@spamassassin.apache.org>
>
> To:
> Spamassassin <us...@spamassassin.apache.org>
>
>
> Hi all,
>
> we are aiming to provide free usage of our DNSBL to the general anti spam community as soon as possible.
> However, in order to do this we would need to deploy more DNS mirrors or we risk providing a poor service due to the amount of DNS traffic we expect to receive.
> If you think you are up to this (or you know someone that would be) and you have the necessary infrastructure and bandwidth to support a rbldnsd mirror, please contact me off list so we can discuss details.
>
> This DNSBL has been running for a while now, incorporated in the SpamAssassin weekly mass checks and isn't exactly new (we've been operating since Feb 2008). What's new is the "free" part of it.
>
> You can check the current results here (last two weeks):
>
> http://ruleqa.spamassassin.org/20100220-r912093-n/%2FRCVD
> http://ruleqa.spamassassin.org/20100227-r916929-n/%2FRCVD
>
> The relevant rule name is "T_RCVD_IN_ANBREP_BL" (aggregation of all bad reputation IP addresses). Note that both the rule name and the DNS zone in use will change to a dedicated zone (which is already up and running). If you want to test it out use this one instead: http://mailspike.org/anubis/implementation_sa.html .
>
> At the moment our goal is to get enough mirrors to provide a free sustained service and an overall good experience to SpamAssassin users, so that in the future this can be included in the SpamAssassin base rules (assuming of course SA folks would see value in it).
>
> All the best,
>
> ---
> João Gouveia
>
Mailspike IP Reputation (was: Re: Fwd: DNSBL mirrors)
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sun, 2010-02-28 at 01:40 +0000, João Gouveia wrote:
> http://mailspike.org/anubis/implementation_sa.html
I guess the rule definitions are slightly broken. After all, the ZBI
meta especially is meant to counter multiple hits. However, since the
plain Z eval() rule does not have a score assigned, it still *does* get
a default score of 1.0.
I'm also slightly irritated by the meta logic. A Z listed "spam wave
participant" only hits ZBI and thus its 4.1, if they are NOT also listed
with a poor reputation. That applies to senders with no previous
reputation data, as well as ones with a *good* reputation otherwise.
On the other hand, a L3 "low reputation" listing prevents ZBI hits, and
scores the 2.9 of L3 only. Compare that to the above with a good sender,
both currently listed in Z. Is that actually intended?
Ah, well, the default 1.0 for Z in this case makes up for that -- turns
the 2.9 into a 3.9 almost equal to 4.1...
What listing and scoring logic did you actually mean? Feel free to give
a verbal rather than logic expression. :)
Also, what I wondered about, can a single IP really have multiple,
different listing results? I should go dig into the code on this.
On a side note, the very brief "Bad" comment on your actual base
check_rbl() eval rule is quite irritating on a first look. Kind of gives
the impression of a bad example, with better rules following...
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}