Re: Would a consolidated greytrapping list be useful?
Bob Beck writes: > Obscuring the source of the trap just makes life more difficult for > the admins who occasionally need to deal with a host that gets > trapped. That is a very good and convincing argument against consolidating data from separate sources. Consolidating the data could certainly have that effect - making it harder to track down the source for any given entry and the reason why the host was blacklisted. Thanks for pointing this out! - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Would a consolidated greytrapping list be useful?
> -Original Message- > From: owner-m...@[...] On Behalf of Bob Beck > [...] > > Exactly what are yo consolidating here peter? If it is blacklists or > traplists from various sources, I think this may do people a > disservice. > The problem if you are aggregating the traplists is that users don't > have a clue where stuff is coming from. They know the person is > trapped because they are in the "bsdly traplist" - why the host is > there they don't know, or the key being, they don't know who actually > added them and why they get on there. > > right now, if they get on uatraps, you know (if you were downloading > it seperately) where the host was blocked and why. > > Obscuring the source of the trap just makes life more difficult for > the admins who occasionally need to deal with a host that > gets trapped. > Thx. Bob, that's the crucial point: Therefore it's probably the best to make available the own trap list, so that everybody itself can decide to use the results or not. > 2009/10/4 Peter N. M. Hansteen : > > [...] -Florian
Re: Would a consolidated greytrapping list be useful?
Exactly what are yo consolidating here peter? If it is blacklists or traplists from various sources, I think this may do people a disservice. The problem if you are aggregating the traplists is that users don't have a clue where stuff is coming from. They know the person is trapped because they are in the "bsdly traplist" - why the host is there they don't know, or the key being, they don't know who actually added them and why they get on there. right now, if they get on uatraps, you know (if you were downloading it seperately) where the host was blocked and why. Obscuring the source of the trap just makes life more difficult for the admins who occasionally need to deal with a host that gets trapped. 2009/10/4 Peter N. M. Hansteen : > I suppose everybody here knows what greytrapping is and why no spamd > setup is really complete without at least Bob Beck's uatraps in its > config. But then some of do our own local greytrapping, and I for one > have been exporting the contents of my local-greytrap once per hour to > a publicly accessible location for the benefit of anybody who wants to > use the information. > > I assume there are others out there who do their own greytrapping, and > it might be a good thing for all of us if the data generated at those > various locations was made available to others. The data would likely > overlap quite a bit with established sources such as uatraps and > nixspam, but more likely than not we would be catching a few that > would otherwise slip through the cracks. > > So I'm considering setting up a consolidated greytrap list to > supplement uatraps and others, if other greytrappers out there are > willing to share their data. > > My list is available at [1], with a the list of trap addresses and > some description at [2], with a policy statement of sorts at [3] (I > imagine I would require a similar statement from any participants), > and various field notes available at my blog (see the signature). > > Would something like this be useful? Any comments and feedback > (including why this would be a monumentally stupid idea) welcome. > > - Peter > > > [1] http://www.bsdly.net/~peter/bsdly.net.traplist > [2] http://www.bsdly.net/~peter/traplist.shtml > [3] http://www.bsdly.net/~peter/traplist_ethics.html > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Would a consolidated greytrapping list be useful?
Hi Peter, > -Original Message- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf > Of Peter N. M. Hansteen > [...] > > So I'm considering setting up a consolidated greytrap list to > supplement uatraps and others, if other greytrappers out there are > willing to share their data. > I think sharing the greytrap results is a good idea if the sources are reliable, up-to-date and stable :) > My list is available at [1], with a the list of trap addresses and > some description at [2], with a policy statement of sorts at [3] (I > imagine I would require a similar statement from any participants), > and various field notes available at my blog (see the signature). > > Would something like this be useful? Any comments and feedback > (including why this would be a monumentally stupid idea) welcome. > I've had about 2000 "hits" using your traplist here, today: [...]:~ $ grep bsdly /var/log/spamd | wc -l 2175 So I guess it's no bad idea to cross-link some more trap lists in order to get even better results. Therefore I've also published my trap list under http://degnet.de/~flo/antispam/degnet.traplist It's updated twice an hour and currently has about 35k trapped entries. - Florian
Re: Would a consolidated greytrapping list be useful?
On 2009-10-04, Peter N. M. Hansteen wrote: > I suppose everybody here knows what greytrapping is and why no spamd > setup is really complete without at least Bob Beck's uatraps in its > config. But then some of do our own local greytrapping, and I for one > have been exporting the contents of my local-greytrap once per hour to > a publicly accessible location for the benefit of anybody who wants to > use the information. > > I assume there are others out there who do their own greytrapping, and > it might be a good thing for all of us if the data generated at those > various locations was made available to others. The data would likely > overlap quite a bit with established sources such as uatraps and > nixspam, but more likely than not we would be catching a few that > would otherwise slip through the cracks. > > So I'm considering setting up a consolidated greytrap list to > supplement uatraps and others, if other greytrappers out there are > willing to share their data. > > My list is available at [1], with a the list of trap addresses and > some description at [2], with a policy statement of sorts at [3] (I > imagine I would require a similar statement from any participants), > and various field notes available at my blog (see the signature). > > Would something like this be useful? Any comments and feedback > (including why this would be a monumentally stupid idea) welcome. I definetely welcome this, I added your blacklist to my spamd.conf and I'll see how it works out. I don't do greytrapping yet but I may consider it in the future. Best regards, Jona -- Worse is better Richard P. Gabriel
Would a consolidated greytrapping list be useful?
I suppose everybody here knows what greytrapping is and why no spamd setup is really complete without at least Bob Beck's uatraps in its config. But then some of do our own local greytrapping, and I for one have been exporting the contents of my local-greytrap once per hour to a publicly accessible location for the benefit of anybody who wants to use the information. I assume there are others out there who do their own greytrapping, and it might be a good thing for all of us if the data generated at those various locations was made available to others. The data would likely overlap quite a bit with established sources such as uatraps and nixspam, but more likely than not we would be catching a few that would otherwise slip through the cracks. So I'm considering setting up a consolidated greytrap list to supplement uatraps and others, if other greytrappers out there are willing to share their data. My list is available at [1], with a the list of trap addresses and some description at [2], with a policy statement of sorts at [3] (I imagine I would require a similar statement from any participants), and various field notes available at my blog (see the signature). Would something like this be useful? Any comments and feedback (including why this would be a monumentally stupid idea) welcome. - Peter [1] http://www.bsdly.net/~peter/bsdly.net.traplist [2] http://www.bsdly.net/~peter/traplist.shtml [3] http://www.bsdly.net/~peter/traplist_ethics.html -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
