RE: Public Blacklists?
Ah, excellent! Thanks for all your help! -Aaron -Original Message- From: SM [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 4:53 PM To: SpamAssassin Subject: RE: Public Blacklists? Hi Aaron, At 12:10 22-12-2005, Aaron Boyles wrote: >:o That seems to have worked! So the next question is, how would the >RBL lookup work? And why do they have us put the nameservers in the >.conf file if we're going to reference them in the dig command? And >how many of these files that came with the dig.exe are actually >necessary to include with any http://www.ietf.org/internet-drafts/draft-church-dnsbl-harmful-01.txt has an example of a RBL lookup. You don't have to reference the name server in the command line if you have it set in the .conf file. The .dll files are necessary to use dig.exe. >app using it? And what's the air-speed velocity of a laden swallow? It's a simple question of weight ratios. See http://wiki.apache.org/spamassassin/Perceptron for the details. :-) Regards, -sm
RE: Public Blacklists?
Hi Aaron, At 12:10 22-12-2005, Aaron Boyles wrote: :o That seems to have worked! So the next question is, how would the RBL lookup work? And why do they have us put the nameservers in the .conf file if we're going to reference them in the dig command? And how many of these files that came with the dig.exe are actually necessary to include with any http://www.ietf.org/internet-drafts/draft-church-dnsbl-harmful-01.txt has an example of a RBL lookup. You don't have to reference the name server in the command line if you have it set in the .conf file. The .dll files are necessary to use dig.exe. app using it? And what's the air-speed velocity of a laden swallow? It's a simple question of weight ratios. See http://wiki.apache.org/spamassassin/Perceptron for the details. :-) Regards, -sm
RE: [Heading into OT land] Re: Public Blacklists?
Well... I don't know that! Ahh..! -Original Message- From: Jim Maul [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 4:01 PM To: Aaron Boyles Cc: SpamAssassin Subject: [Heading into OT land] Re: Public Blacklists? Aaron Boyles wrote: > :o That seems to have worked! So the next question is, how would the > RBL lookup work? And why do they have us put the nameservers in the > .conf file if we're going to reference them in the dig command? And > how many of these files that came with the dig.exe are actually > necessary to include with any app using it? And what's the air-speed > velocity of a laden swallow? > > African or european? ;) -Jim
RE: Public Blacklists?
Not to me, unfortunately... I'm just a contractor... :D -Original Message- From: Dallas L. Engelken [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 3:33 PM To: SpamAssassin Subject: RE: Public Blacklists? > -Original Message- > From: Aaron Boyles [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 22, 2005 2:11 PM > To: SM; SpamAssassin > Subject: RE: Public Blacklists? > > :o That seems to have worked! So the next question is, how > would the RBL lookup work? And why do they have us put the > nameservers in the .conf file if we're going to reference > them in the dig command? And how many of these files that > came with the dig.exe are actually necessary to include with > any app using it? And what's the air-speed velocity of a > laden swallow? > oh lord, where is our tax money going? ;) This user list is way too nice... D
[Heading into OT land] Re: Public Blacklists?
Aaron Boyles wrote: :o That seems to have worked! So the next question is, how would the RBL lookup work? And why do they have us put the nameservers in the .conf file if we're going to reference them in the dig command? And how many of these files that came with the dig.exe are actually necessary to include with any app using it? And what's the air-speed velocity of a laden swallow? African or european? ;) -Jim
RE: Public Blacklists?
> -Original Message- > From: Aaron Boyles [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 22, 2005 2:11 PM > To: SM; SpamAssassin > Subject: RE: Public Blacklists? > > :o That seems to have worked! So the next question is, how > would the RBL lookup work? And why do they have us put the > nameservers in the .conf file if we're going to reference > them in the dig command? And how many of these files that > came with the dig.exe are actually necessary to include with > any app using it? And what's the air-speed velocity of a > laden swallow? > oh lord, where is our tax money going? ;) This user list is way too nice... D
RE: Public Blacklists?
>From my 9.3.1 install... libbind9.dll libdns.dll libeay32.dll libisc.dll libisccc.dll libisccfg.dll liblwres.dll msvcr70.dll Dig.exe Host.exe Steven -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:11 PM To: SM; SpamAssassin Subject: RE: Public Blacklists? :o That seems to have worked! So the next question is, how would the RBL lookup work? And why do they have us put the nameservers in the .conf file if we're going to reference them in the dig command? And how many of these files that came with the dig.exe are actually necessary to include with any app using it? And what's the air-speed velocity of a laden swallow? -Aaron -Original Message- From: SM [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 3:05 PM To: SpamAssassin Subject: RE: Public Blacklists? Hi Aaron, At 11:24 22-12-2005, Aaron Boyles wrote: >I assumed that typing: dig www.yahoo.com >At the command prompt should have SOMETHING result. Instead, I get the >time out. dig @10.0.0.1 www.yahoo.com where 10.0.0.1 is the IP address of your name server. Regards, -sm
RE: Public Blacklists?
:o That seems to have worked! So the next question is, how would the RBL lookup work? And why do they have us put the nameservers in the .conf file if we're going to reference them in the dig command? And how many of these files that came with the dig.exe are actually necessary to include with any app using it? And what's the air-speed velocity of a laden swallow? -Aaron -Original Message- From: SM [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 3:05 PM To: SpamAssassin Subject: RE: Public Blacklists? Hi Aaron, At 11:24 22-12-2005, Aaron Boyles wrote: >I assumed that typing: dig www.yahoo.com >At the command prompt should have SOMETHING result. Instead, I get the >time out. dig @10.0.0.1 www.yahoo.com where 10.0.0.1 is the IP address of your name server. Regards, -sm
RE: Public Blacklists?
Hi Aaron, At 11:24 22-12-2005, Aaron Boyles wrote: I assumed that typing: dig www.yahoo.com At the command prompt should have SOMETHING result. Instead, I get the time out. dig @10.0.0.1 www.yahoo.com where 10.0.0.1 is the IP address of your name server. Regards, -sm
RE: Public Blacklists?
Maybe I'm not understanding how this is supposed to work. Does Bind need to be installed in order for Dig to work? And what IS Bind? -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 2:25 PM To: SpamAssassin Subject: RE: Public Blacklists? Perhaps I'm just using/configuring it wrong? I assumed that typing: dig www.yahoo.com At the command prompt should have SOMETHING result. Instead, I get the time out. -Aaron -Original Message- From: Steven Manross [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 2:12 PM To: Aaron Boyles; SpamAssassin Subject: RE: Public Blacklists? IPs or DNS names? It wants Ips in the resolve.conf. (the version that comes with BIND is tested and works on Windows). Earlier versions crapped out on Windows with various messages. Steven -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 12:01 PM To: SpamAssassin Subject: RE: Public Blacklists? Hrm. I tried it, but it crapped out. :/ I used our DCs (2K3 servers) which are our DNS servers in the .conf file, but still no dice. It times out saying "no servers could be reached." Any ideas? -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:24 PM To: SpamAssassin Subject: RE: Public Blacklists? Aaron Boyles wrote: > A number of people have mentioned that... But what is it? It's not a > command my PC recognizes. > > From: SM [mailto:[EMAIL PROTECTED] > > > > nslookup is broken. :-) Use dig instead. Dig is a very nice dns lookup program that is fairly standard now on Linux. Windows still does not provide it. You can get a version for Windows here: http://pigtail.net/LRP/dig/ -- Bowie
RE: Public Blacklists?
Perhaps I'm just using/configuring it wrong? I assumed that typing: dig www.yahoo.com At the command prompt should have SOMETHING result. Instead, I get the time out. -Aaron -Original Message- From: Steven Manross [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 2:12 PM To: Aaron Boyles; SpamAssassin Subject: RE: Public Blacklists? IPs or DNS names? It wants Ips in the resolve.conf. (the version that comes with BIND is tested and works on Windows). Earlier versions crapped out on Windows with various messages. Steven -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 12:01 PM To: SpamAssassin Subject: RE: Public Blacklists? Hrm. I tried it, but it crapped out. :/ I used our DCs (2K3 servers) which are our DNS servers in the .conf file, but still no dice. It times out saying "no servers could be reached." Any ideas? -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:24 PM To: SpamAssassin Subject: RE: Public Blacklists? Aaron Boyles wrote: > A number of people have mentioned that... But what is it? It's not a > command my PC recognizes. > > From: SM [mailto:[EMAIL PROTECTED] > > > > nslookup is broken. :-) Use dig instead. Dig is a very nice dns lookup program that is fairly standard now on Linux. Windows still does not provide it. You can get a version for Windows here: http://pigtail.net/LRP/dig/ -- Bowie
RE: Public Blacklists?
IPs or DNS names? It wants Ips in the resolve.conf. (the version that comes with BIND is tested and works on Windows). Earlier versions crapped out on Windows with various messages. Steven -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 12:01 PM To: SpamAssassin Subject: RE: Public Blacklists? Hrm. I tried it, but it crapped out. :/ I used our DCs (2K3 servers) which are our DNS servers in the .conf file, but still no dice. It times out saying "no servers could be reached." Any ideas? -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:24 PM To: SpamAssassin Subject: RE: Public Blacklists? Aaron Boyles wrote: > A number of people have mentioned that... But what is it? It's not a > command my PC recognizes. > > From: SM [mailto:[EMAIL PROTECTED] > > > > nslookup is broken. :-) Use dig instead. Dig is a very nice dns lookup program that is fairly standard now on Linux. Windows still does not provide it. You can get a version for Windows here: http://pigtail.net/LRP/dig/ -- Bowie
RE: Public Blacklists?
Hi Aaron, At 10:14 22-12-2005, Aaron Boyles wrote: A number of people have mentioned that... But what is it? It's not a command my PC recognizes. It's not part of Windows. It comes with BIND. You can download a Win32 version at ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.3.2/BIND9.3.2.zip Regards, -sm
RE: Public Blacklists?
Hrm. I tried it, but it crapped out. :/ I used our DCs (2K3 servers) which are our DNS servers in the .conf file, but still no dice. It times out saying "no servers could be reached." Any ideas? -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:24 PM To: SpamAssassin Subject: RE: Public Blacklists? Aaron Boyles wrote: > A number of people have mentioned that... But what is it? It's not a > command my PC recognizes. > > From: SM [mailto:[EMAIL PROTECTED] > > > > nslookup is broken. :-) Use dig instead. Dig is a very nice dns lookup program that is fairly standard now on Linux. Windows still does not provide it. You can get a version for Windows here: http://pigtail.net/LRP/dig/ -- Bowie
RE: Public Blacklists?
A Win32 DIG executable is provided with the latest version of bind.. I use 9.3.1 but it looks like they are on 9.3.2 now.. http://isc.org/sw/bind Steven -Original Message- From: Aaron Boyles [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 11:14 AM To: SpamAssassin Subject: RE: Public Blacklists? A number of people have mentioned that... But what is it? It's not a command my PC recognizes. -Aaron -Original Message- From: SM [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:09 PM To: SpamAssassin Subject: RE: Public Blacklists? Hi Aaron, At 13:14 21-12-2005, Aaron Boyles wrote: >understanding is that I should shell out to "nslookup >70.221.33.80.sbl-xbl.spamhaus.org" and nab the response. However, when >I attempt this, I always get the same thing in response: "Can't find >server name for address 10.0.0.1" which is our gateway. Am I doing >something nslookup is broken. :-) Use dig instead. Regards, -sm
RE: Public Blacklists?
Aaron Boyles wrote: > A number of people have mentioned that... But what is it? It's not a > command my PC recognizes. > > From: SM [mailto:[EMAIL PROTECTED] > > > > nslookup is broken. :-) Use dig instead. Dig is a very nice dns lookup program that is fairly standard now on Linux. Windows still does not provide it. You can get a version for Windows here: http://pigtail.net/LRP/dig/ -- Bowie
RE: Public Blacklists?
A number of people have mentioned that... But what is it? It's not a command my PC recognizes. -Aaron -Original Message- From: SM [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:09 PM To: SpamAssassin Subject: RE: Public Blacklists? Hi Aaron, At 13:14 21-12-2005, Aaron Boyles wrote: >understanding is that I should shell out to "nslookup >70.221.33.80.sbl-xbl.spamhaus.org" and nab the response. However, when >I attempt this, I always get the same thing in response: "Can't find >server name for address 10.0.0.1" which is our gateway. Am I doing >something nslookup is broken. :-) Use dig instead. Regards, -sm
RE: Public Blacklists?
Hi Aaron, At 13:14 21-12-2005, Aaron Boyles wrote: understanding is that I should shell out to "nslookup 70.221.33.80.sbl-xbl.spamhaus.org" and nab the response. However, when I attempt this, I always get the same thing in response: "Can't find server name for address 10.0.0.1" which is our gateway. Am I doing something nslookup is broken. :-) Use dig instead. Regards, -sm
Re: Public Blacklists?
Aaron Boyles wrote on Wed, 21 Dec 2005 15:39:07 -0500: > This sounds along the lines of what I'm looking for. Is there an RFC on > this protocol anywhere, and a list of some free servers hosting the > information? In addition to all technical that has been said in this thread and as I see from your other postings your are new to this area although a skilled programmer some warning. You have to be aware that there are *many* RBLs out there and they all have FPs (false positives) stored in their databases. You have to be very careful in which RBLs you trust and in what way you trust them (reject or just tag as possible spam). sbl+xbl was a good choice for a start and if you want to have very low FPs rates. If you look in the archives you will some discussion about that topic. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
RE: Public Blacklists?
From: Aaron Boyles [mailto:[EMAIL PROTECTED] > attempt this, I always get the same thing in response: "Can't find server > name for address 10.0.0.1" which is our gateway. It's a bug in nslookup. nslookup expects the DNS server to be authoritive for its own reverse address and blows up if isn't. The BIND developers know about this and have no plans to fix. They believe that nslookup is and always was a poor tool and you should use dig or host instead. Most folks who shell out to a program respond that the BIND developers should quit changing the output format of dig and host. The correct answer would be not to shell out to a tool, but use the tools of your development environment to do the DNS lookup - Net::DNS for Perl, gethostbyname() in others.
RE: Public Blacklists?
My guess would be "yes," though I don't have any DNS servers handy to do an external check on. -Aaron -Original Message- From: Mike Jackson [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 21, 2005 4:59 PM To: SpamAssassin Subject: Re: Public Blacklists? > Aaron Boyles wrote: >> Actually, no, I can't. I get that message with Yahoo as well. I >> vaguely remember running into this issue before, and it having >> something to do with using Windows 2K3 server behind NAT. As I >> recall at the time, it was decided that the 'solution' was far more >> work than it was worth. :/ > > Really NAT should have nothing to do with it. Your DNS resolution on > that > box is > just plain broken. > > I'd check /etc/resolv.conf and make sure only your DNS servers are > listed. I'd also make sure that all your internal IPs, especially the > DNS server, have reverse-DNS zones on them. This is just critical for > any kind of functional network. It's Windows - no /etc/resolv.conf :) Does it work if you manually list outside DNS server IPs in your network settings, rather than using DHCP-supplied addresses and/or the gateway's IP?
Re: Public Blacklists?
Aaron Boyles wrote: Actually, no, I can't. I get that message with Yahoo as well. I vaguely remember running into this issue before, and it having something to do with using Windows 2K3 server behind NAT. As I recall at the time, it was decided that the 'solution' was far more work than it was worth. :/ Really NAT should have nothing to do with it. Your DNS resolution on that box is just plain broken. I'd check /etc/resolv.conf and make sure only your DNS servers are listed. I'd also make sure that all your internal IPs, especially the DNS server, have reverse-DNS zones on them. This is just critical for any kind of functional network. It's Windows - no /etc/resolv.conf :) Does it work if you manually list outside DNS server IPs in your network settings, rather than using DHCP-supplied addresses and/or the gateway's IP?
Re: Public Blacklists?
Aaron Boyles wrote: > Actually, no, I can't. I get that message with Yahoo as well. I vaguely > remember running into this issue before, and it having something to do with > using Windows 2K3 server behind NAT. As I recall at the time, it was > decided that the 'solution' was far more work than it was worth. :/ Really NAT should have nothing to do with it. Your DNS resolution on that box is just plain broken. I'd check /etc/resolv.conf and make sure only your DNS servers are listed. I'd also make sure that all your internal IPs, especially the DNS server, have reverse-DNS zones on them. This is just critical for any kind of functional network. > Maybe there's another option? Nuke your network and start over?
RE: Public Blacklists?
Actually, no, I can't. I get that message with Yahoo as well. I vaguely remember running into this issue before, and it having something to do with using Windows 2K3 server behind NAT. As I recall at the time, it was decided that the 'solution' was far more work than it was worth. :/ Maybe there's another option? -Aaron -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 21, 2005 4:34 PM To: Aaron Boyles Cc: SpamAssassin Subject: Re: Public Blacklists? Aaron Boyles wrote: Thus, if I wanted to check IP 80.22.221.70, my > understanding is that I should shell out to "nslookup > 70.221.33.80.sbl-xbl.spamhaus.org" and nab the response. Yes, you should be able to, although on many systems the preferred commands are host and dig. However, when I > attempt this, I always get the same thing in response: "Can't find > server name for address 10.0.0.1" which is our gateway. That sounds like yor resolv.conf is screwed up. Can you nslookup normal sites like www.yahoo.com without that warning?
Re: Public Blacklists?
Aaron Boyles wrote: Thus, if I wanted to check IP 80.22.221.70, my > understanding is that I should shell out to "nslookup > 70.221.33.80.sbl-xbl.spamhaus.org" and nab the response. Yes, you should be able to, although on many systems the preferred commands are host and dig. However, when I > attempt this, I always get the same thing in response: "Can't find server > name for address 10.0.0.1" which is our gateway. That sounds like yor resolv.conf is screwed up. Can you nslookup normal sites like www.yahoo.com without that warning?
Re: Public Blacklists?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think John Levine has been working on a BCP document for the IETF regarding these. ah, here it is: http://www.ietf.org/internet-drafts/draft-irtf-asrg-dnsbl-02.txt - --j. Aaron Boyles writes: > This sounds along the lines of what I'm looking for. Is there an RFC on > this protocol anywhere, and a list of some free servers hosting the > information? > > -Aaron Boyles > ITC Applications Programmer > > > > -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 21, 2005 3:26 PM > To: Aaron Boyles > Cc: SpamAssassin > Subject: Re: Public Blacklists? > > > Aaron Boyles wrote: > > On a side note, is anyone very familiar with any protocols involving > > public blacklists? I'm looking for the ability to simply toss an IP > > at a site somewhere, and get a simple 'yes/no' response as to whether > > or not it's a spam IP? > > All the common blacklists use DNS lookups, mostly A records in ptr-record > style reverse-dotted-quad format. > > ie: if i wanted to check to see if 208.39.141.94 was listed in njabl.org I'd > do a DNS lookup of: > > 94.141.39.209.combined.njabl.org > > if you get NXDOMAIN, then it's not listed. > if you get back a 127.0.0.* IP address it is listed, and the last octet is a > bitmask of which NJABL lists the IP is in. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDqcWQMJF5cimLx9ARAkqaAJ4wmDyEJFFgedqYYj77Cs8Ikk5beACgjV2G Uk2zFHNU2xhd0l2yK6F6Kuo= =Y1sY -END PGP SIGNATURE-
RE: Public Blacklists?
Well, I've gotten as far as figuring out that you're SUPPOSED to be able to do a simple namespace lookup with the servers, and the response should give you your answer. Thus, if I wanted to check IP 80.22.221.70, my understanding is that I should shell out to "nslookup 70.221.33.80.sbl-xbl.spamhaus.org" and nab the response. However, when I attempt this, I always get the same thing in response: "Can't find server name for address 10.0.0.1" which is our gateway. Am I doing something wrong, or does this simply not work if my DNS is going through a NAT'd gateway? -Aaron Boyles ITC Applications Programmer -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 21, 2005 4:02 PM To: Aaron Boyles Cc: SpamAssassin Subject: Re: Public Blacklists? Aaron Boyles wrote: > This sounds along the lines of what I'm looking for. Is there an RFC > on this protocol anywhere, and a list of some free servers hosting the > information? > As for an RFC, none that I know of. The best you might get would be the sendmail docs, because it is sendmail's built-in IP query format that most blacklists support. As for a list of public servers, take a look at the rules in SA's 20_dnsbl_tests.cf for a list of good ones. If you want a more comprehensive list, check the "spam database lookup" on www.dnsstuff.com.
Re: Public Blacklists?
Aaron Boyles wrote: > This sounds along the lines of what I'm looking for. Is there an RFC on > this protocol anywhere, and a list of some free servers hosting the > information? > As for an RFC, none that I know of. The best you might get would be the sendmail docs, because it is sendmail's built-in IP query format that most blacklists support. As for a list of public servers, take a look at the rules in SA's 20_dnsbl_tests.cf for a list of good ones. If you want a more comprehensive list, check the "spam database lookup" on www.dnsstuff.com.
RE: Public Blacklists?
This sounds along the lines of what I'm looking for. Is there an RFC on this protocol anywhere, and a list of some free servers hosting the information? -Aaron Boyles ITC Applications Programmer -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 21, 2005 3:26 PM To: Aaron Boyles Cc: SpamAssassin Subject: Re: Public Blacklists? Aaron Boyles wrote: > On a side note, is anyone very familiar with any protocols involving > public blacklists? I'm looking for the ability to simply toss an IP > at a site somewhere, and get a simple 'yes/no' response as to whether > or not it's a spam IP? All the common blacklists use DNS lookups, mostly A records in ptr-record style reverse-dotted-quad format. ie: if i wanted to check to see if 208.39.141.94 was listed in njabl.org I'd do a DNS lookup of: 94.141.39.209.combined.njabl.org if you get NXDOMAIN, then it's not listed. if you get back a 127.0.0.* IP address it is listed, and the last octet is a bitmask of which NJABL lists the IP is in.
Re: Public Blacklists?
>... >On a side note, is anyone very familiar with any protocols involving public >blacklists? I'm looking for the ability to simply toss an IP at a site >somewhere, and get a simple 'yes/no' response as to whether or not it's a >spam IP? > >-Aaron Boyles >ITC Applications Programmer >... Far more complex than you a single site to go to: Try to start by looking at http://openrbl.org and http://www.completewhois.com/rbl_lookup.htm. That will give you some idea of how "fuzzy" the question you have asked really is (also consider that some data is indexed only by RHS - i.e. "Right Hand Side" or domain name). Paul Shupak [EMAIL PROTECTED]
Re: Public Blacklists?
Aaron Boyles wrote: > On a side note, is anyone very familiar with any protocols involving > public blacklists? I'm looking for the ability to simply toss an IP at > a site somewhere, and get a simple 'yes/no' response as to whether or > not it's a spam IP? All the common blacklists use DNS lookups, mostly A records in ptr-record style reverse-dotted-quad format. ie: if i wanted to check to see if 208.39.141.94 was listed in njabl.org I'd do a DNS lookup of: 94.141.39.209.combined.njabl.org if you get NXDOMAIN, then it's not listed. if you get back a 127.0.0.* IP address it is listed, and the last octet is a bitmask of which NJABL lists the IP is in.
