How to remove a domain from a stock or third-party 2tld ruleset?

[Kris Deugau <kd...@vianet.ca>]

Is there any way to take a domain listed with util_rb_2tld, and 
"un-2tld" it (similar to how you can unwhitelist stock whitelist entries 
if they don't work well with your mail)?

I recently came across a "free-subsite" domain that seems to be part of 
a cluster of **very** similar sites which I've given up listing 
subdomains for locally;  instead I've added the TLDs to a local blacklist.

The domain that's in the stock 2tld list is bravepages.com;  it seems to 
be Yet Another Face of 0catch.com, and I've seen these domains as well:

1accesshost.com
bigheadhosting.net
easyfreehosting.com
envy.nu
digitalzones.com

And no doubt there are a fairly long list of others in the cluster.

For now I've just added a regular uri rule, but I'm pretty sure that 
won't scale, and it doesn't help with some of the automation I've been 
using to extract URIs not listed on any DNSBL yet from missed-spam reports.

-kgd

Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Yet Another Ninja <sa...@alexb.ch>]

On 2010-05-28 23:57, Kris Deugau wrote:
> Karsten Bräckelmann wrote:
>> On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote:
>>> Is there any way to take a domain listed with util_rb_2tld, and 
>>> "un-2tld" it (similar to how you can unwhitelist stock whitelist 
>>> entries if they don't work well with your mail)?
>>
>> IIRC this is not possible. Well, possible, but there's just no code to
>> handle it. ;)
> 
> Didn't think so, but...
> 
>>> I recently came across a "free-subsite" domain that seems to be part 
>>> of a cluster of **very** similar sites which I've given up listing 
>>> subdomains for locally;  instead I've added the TLDs to a local 
>>> blacklist.
>>
>>> For now I've just added a regular uri rule, but I'm pretty sure that 
>>> won't scale, and it doesn't help with some of the automation I've 
>>> been using to extract URIs not listed on any DNSBL yet from 
>>> missed-spam reports.
>>
>> uri rules should work. I wouldn't worry about scaling too much, because
>> the number of util_rb_2tld listings is limited.
>>
>> Another approach, since I understand you want to query against a local
>> URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
>> 2tld listing and the resulting DNS lookup, it would return the same
>> listing for the pure TLD and a second level TLD.
> 
> Hmm.  I hadn't thought of this, I'll give it a try and see if something 
> chokes.  Thanks!

let me guess... .co.cc ?

Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Kris Deugau <kd...@vianet.ca>]

Kris Deugau wrote:
> Karsten Bräckelmann wrote:
>> Another approach, since I understand you want to query against a local
>> URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
>> 2tld listing and the resulting DNS lookup, it would return the same
>> listing for the pure TLD and a second level TLD.
> 
> Hmm.  I hadn't thought of this, I'll give it a try and see if something 
> chokes.  Thanks!

This seems to be a usable way to work around a domain in the stock 
util_rb_2tld lists.  I added *.t35.com (made a convenient test case - 
actually listed locally with util_rb_2tld;  going to remove it 
eventually) to our local URI blacklist, and while there have been missed 
spams with t35.com subdomains, none have shown up in the list to be 
added to the blacklist since I did so.

-kgd

Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Kris Deugau <kd...@vianet.ca>]

Karsten Bräckelmann wrote:
> On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote:
>> Is there any way to take a domain listed with util_rb_2tld, and 
>> "un-2tld" it (similar to how you can unwhitelist stock whitelist entries 
>> if they don't work well with your mail)?
> 
> IIRC this is not possible. Well, possible, but there's just no code to
> handle it. ;)

Didn't think so, but...

>> I recently came across a "free-subsite" domain that seems to be part of 
>> a cluster of **very** similar sites which I've given up listing 
>> subdomains for locally;  instead I've added the TLDs to a local blacklist.
> 
>> For now I've just added a regular uri rule, but I'm pretty sure that 
>> won't scale, and it doesn't help with some of the automation I've been 
>> using to extract URIs not listed on any DNSBL yet from missed-spam reports.
> 
> uri rules should work. I wouldn't worry about scaling too much, because
> the number of util_rb_2tld listings is limited.
> 
> Another approach, since I understand you want to query against a local
> URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
> 2tld listing and the resulting DNS lookup, it would return the same
> listing for the pure TLD and a second level TLD.

Hmm.  I hadn't thought of this, I'll give it a try and see if something 
chokes.  Thanks!

-kgd

Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Karsten Bräckelmann <gu...@rudersport.de>]

On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote:
> Is there any way to take a domain listed with util_rb_2tld, and 
> "un-2tld" it (similar to how you can unwhitelist stock whitelist entries 
> if they don't work well with your mail)?

IIRC this is not possible. Well, possible, but there's just no code to
handle it. ;)

> I recently came across a "free-subsite" domain that seems to be part of 
> a cluster of **very** similar sites which I've given up listing 
> subdomains for locally;  instead I've added the TLDs to a local blacklist.

> For now I've just added a regular uri rule, but I'm pretty sure that 
> won't scale, and it doesn't help with some of the automation I've been 
> using to extract URIs not listed on any DNSBL yet from missed-spam reports.

uri rules should work. I wouldn't worry about scaling too much, because
the number of util_rb_2tld listings is limited.

Another approach, since I understand you want to query against a local
URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
2tld listing and the resulting DNS lookup, it would return the same
listing for the pure TLD and a second level TLD.


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}