Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Karsten Bräckelmann <gu...@rudersport.de>]

On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote:
> Is there any way to take a domain listed with util_rb_2tld, and 
> "un-2tld" it (similar to how you can unwhitelist stock whitelist entries 
> if they don't work well with your mail)?

IIRC this is not possible. Well, possible, but there's just no code to
handle it. ;)

> I recently came across a "free-subsite" domain that seems to be part of 
> a cluster of **very** similar sites which I've given up listing 
> subdomains for locally;  instead I've added the TLDs to a local blacklist.

> For now I've just added a regular uri rule, but I'm pretty sure that 
> won't scale, and it doesn't help with some of the automation I've been 
> using to extract URIs not listed on any DNSBL yet from missed-spam reports.

uri rules should work. I wouldn't worry about scaling too much, because
the number of util_rb_2tld listings is limited.

Another approach, since I understand you want to query against a local
URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
2tld listing and the resulting DNS lookup, it would return the same
listing for the pure TLD and a second level TLD.


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Yet Another Ninja <sa...@alexb.ch>]

On 2010-05-28 23:57, Kris Deugau wrote:
> Karsten Bräckelmann wrote:
>> On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote:
>>> Is there any way to take a domain listed with util_rb_2tld, and 
>>> "un-2tld" it (similar to how you can unwhitelist stock whitelist 
>>> entries if they don't work well with your mail)?
>>
>> IIRC this is not possible. Well, possible, but there's just no code to
>> handle it. ;)
> 
> Didn't think so, but...
> 
>>> I recently came across a "free-subsite" domain that seems to be part 
>>> of a cluster of **very** similar sites which I've given up listing 
>>> subdomains for locally;  instead I've added the TLDs to a local 
>>> blacklist.
>>
>>> For now I've just added a regular uri rule, but I'm pretty sure that 
>>> won't scale, and it doesn't help with some of the automation I've 
>>> been using to extract URIs not listed on any DNSBL yet from 
>>> missed-spam reports.
>>
>> uri rules should work. I wouldn't worry about scaling too much, because
>> the number of util_rb_2tld listings is limited.
>>
>> Another approach, since I understand you want to query against a local
>> URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
>> 2tld listing and the resulting DNS lookup, it would return the same
>> listing for the pure TLD and a second level TLD.
> 
> Hmm.  I hadn't thought of this, I'll give it a try and see if something 
> chokes.  Thanks!

let me guess... .co.cc ?

Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Kris Deugau <kd...@vianet.ca>]

Kris Deugau wrote:
> Karsten Bräckelmann wrote:
>> Another approach, since I understand you want to query against a local
>> URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
>> 2tld listing and the resulting DNS lookup, it would return the same
>> listing for the pure TLD and a second level TLD.
> 
> Hmm.  I hadn't thought of this, I'll give it a try and see if something 
> chokes.  Thanks!

This seems to be a usable way to work around a domain in the stock 
util_rb_2tld lists.  I added *.t35.com (made a convenient test case - 
actually listed locally with util_rb_2tld;  going to remove it 
eventually) to our local URI blacklist, and while there have been missed 
spams with t35.com subdomains, none have shown up in the list to be 
added to the blacklist since I did so.

-kgd

Re: How to remove a domain from a stock or third-party 2tld ruleset?

[Kris Deugau <kd...@vianet.ca>]

Karsten Bräckelmann wrote:
> On Wed, 2010-05-26 at 11:35 -0400, Kris Deugau wrote:
>> Is there any way to take a domain listed with util_rb_2tld, and 
>> "un-2tld" it (similar to how you can unwhitelist stock whitelist entries 
>> if they don't work well with your mail)?
> 
> IIRC this is not possible. Well, possible, but there's just no code to
> handle it. ;)

Didn't think so, but...

>> I recently came across a "free-subsite" domain that seems to be part of 
>> a cluster of **very** similar sites which I've given up listing 
>> subdomains for locally;  instead I've added the TLDs to a local blacklist.
> 
>> For now I've just added a regular uri rule, but I'm pretty sure that 
>> won't scale, and it doesn't help with some of the automation I've been 
>> using to extract URIs not listed on any DNSBL yet from missed-spam reports.
> 
> uri rules should work. I wouldn't worry about scaling too much, because
> the number of util_rb_2tld listings is limited.
> 
> Another approach, since I understand you want to query against a local
> URI DNSBL, is simply to use wildcard DNS entries. Thus, regardless of a
> 2tld listing and the resulting DNS lookup, it would return the same
> listing for the pure TLD and a second level TLD.

Hmm.  I hadn't thought of this, I'll give it a try and see if something 
chokes.  Thanks!

-kgd