Re: Using Dig for RBL lookups.
CORRECTION OF MY PREVIOUS STATEMENTS: SBL doesn't appear to use a bitmask format as I suggested earlier. 127.0.0.6 would appear to be a valid answer for XBL only. It looks like they might use format 2 below, and SA's query implementation reflects this. Their choice of listing numbers suggests 1), but perhaps they were using that system and changed. Aaron Boyles wrote: Ahhh, so this isn't a standard format for all RBLs? Many, but not all. As I said before, each RBL has it's own formats, but *most* conform to the sendmail-style format. These are all NXDOMAIN for unlisted IPs, and 127.0.0.* for listed IPs. However, the lists generally start at 127.0.0.2, skipping the 127.0.0.1 loopback. So for most single-lists it's just a reverse-dotted-quad query for an A record and you get back NXDOMAIN or 127.0.0.2. Combined lists are a bit more complex. In general I've seen two common styles of response for combined lists. 1) using a bitmask like I thought SBL does, but it doesn't. In this style 2 = first list, 4 = second list, 6= first and second. I know multi.surbl.org's lists use this format, but that's a URIBL not a IP relay check. 2) returning multiple answers in a single response (this is valid), so the same lookup might return 127.0.0.2 and 127.0.0.3 to indicate listing in the first and second lists. combined.njabl.org and dnsbl.sorbs.net use this format. By the way, as a programmer who runs an IRC channel for a 3D Engine (TrueVision3D, Buy today!) I can say that as a rule, programmers tend to give the new guy a LOT of flack, especially when asking questions when they obviously know nothing about the subject (ie, me. Until yesterday, I didn't have the slightest clue how RBLs work.) Well, here, have some token flack :) You guys have been more than gracious, infinitely patient, and very accommodating. Most of my questions weren't even directly about SpamAssassin, but you guys have helped me through getting a very good feature added to my filter app. In appreciation, I'll be donating $50 to the ASF. Thank you very much for the hand-holding for the past two days! It's too bad more open source projects don't have such patient communities. Glad to be of help.
Using Dig for RBL lookups.
So far, so good. Everything I'm trying gives me an NXDOMAIN response, though. Anyone have a couple of IPs that are on Spamhaus that I could use for testing purposes? -Aaron Boyles ITC Applications Programmer
Re: Using Dig for RBL lookups.
... So far, so good. Everything I'm trying gives me an NXDOMAIN response, though. Anyone have a couple of IPs that are on Spamhaus that I could use for testing purposes? -Aaron Boyles ITC Applications Programmer Almost all RBLs (not RHSBLs) will respond to the test point 127.0.0.2. In fact Spamhaus added and SBL listing today with a don't complain about this text. i.e. test 2.0.0.127.RBL.tld Paul Shupak [EMAIL PROTECTED]
RE: Using Dig for RBL lookups.
-Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 4:46 PM To: SpamAssassin Subject: Using Dig for RBL lookups. So far, so good. Everything I'm trying gives me an NXDOMAIN response, though. Anyone have a couple of IPs that are on Spamhaus that I could use for testing purposes? Couple recent ones I see active are.. 63.80.30.38 64.235.225.93 Dallas
Re: Using Dig for RBL lookups.
Aaron Boyles wrote: So far, so good. Everything I'm trying gives me an NXDOMAIN response, though. Anyone have a couple of IPs that are on Spamhaus that I could use for testing purposes? -Aaron Boyles ITC Applications Programmer Try the latest 25 SBL listings off the spamhaus website: http://www.spamhaus.org/sbl/latest.lasso
RE: Using Dig for RBL lookups.
Ah, List, Matt, and Dallas, thanks all. Used all of them to get the answer I was looking for. So simply parsing the the Answer section to see if there was a 127.0.0.2 response should verify for me, it seems. I also vaguely remember reading something about .4 and .6 responses as well. Anyone care to refresh my memory as to what they mean? While I'm thinking about it, I should check our own domain and see if we got added to any of these lists when the hackers had ahold of us. :/ -Aaron -Original Message- From: Dallas L. Engelken [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 5:52 PM To: SpamAssassin Subject: RE: Using Dig for RBL lookups. -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 4:46 PM To: SpamAssassin Subject: Using Dig for RBL lookups. So far, so good. Everything I'm trying gives me an NXDOMAIN response, though. Anyone have a couple of IPs that are on Spamhaus that I could use for testing purposes? Couple recent ones I see active are.. 63.80.30.38 64.235.225.93 Dallas
Re: Using Dig for RBL lookups.
Aaron Boyles wrote: Ah, List, Matt, and Dallas, thanks all. Used all of them to get the answer I was looking for. So simply parsing the the Answer section to see if there was a 127.0.0.2 response should verify for me, it seems. I also vaguely remember reading something about .4 and .6 responses as well. Anyone care to refresh my memory as to what they mean? Assuming you are querying against sbl-xbl.spamhaus.org: 2 - SBL listed 4 - XBL listed 6 - both SBL and XBL listed http://www.spamhaus.org/sbl/howtouse.html
RE: Using Dig for RBL lookups.
Ahhh, so this isn't a standard format for all RBLs? By the way, as a programmer who runs an IRC channel for a 3D Engine (TrueVision3D, Buy today!) I can say that as a rule, programmers tend to give the new guy a LOT of flack, especially when asking questions when they obviously know nothing about the subject (ie, me. Until yesterday, I didn't have the slightest clue how RBLs work.) You guys have been more than gracious, infinitely patient, and very accommodating. Most of my questions weren't even directly about SpamAssassin, but you guys have helped me through getting a very good feature added to my filter app. In appreciation, I'll be donating $50 to the ASF. Thank you very much for the hand-holding for the past two days! It's too bad more open source projects don't have such patient communities. -Aaron Boyles -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 6:09 PM To: Aaron Boyles Cc: SpamAssassin Subject: Re: Using Dig for RBL lookups. Aaron Boyles wrote: Ah, List, Matt, and Dallas, thanks all. Used all of them to get the answer I was looking for. So simply parsing the the Answer section to see if there was a 127.0.0.2 response should verify for me, it seems. I also vaguely remember reading something about .4 and .6 responses as well. Anyone care to refresh my memory as to what they mean? Assuming you are querying against sbl-xbl.spamhaus.org: 2 - SBL listed 4 - XBL listed 6 - both SBL and XBL listed http://www.spamhaus.org/sbl/howtouse.html
RE: Using Dig for RBL lookups.
... Ah, List, Matt, and Dallas, thanks all. Used all of them to get the answer I was looking for. So simply parsing the the Answer section to see if there was a 127.0.0.2 response should verify for me, it seems. I also vaguely remember reading something about .4 and .6 responses as well. Anyone care to refresh my memory as to what they mean? While I'm thinking about it, I should check our own domain and see if we got added to any of these lists when the hackers had ahold of us. :/ -Aaron ... Different lists use different response codes for various things. Some are nicely bit mapped, others return a set of codes. Simply the code 127.0.0.2 is nearly universal - everything else means different things on different lists. Paul Shupak [EMAIL PROTECTED]
