Re: Setting up my own RBL - How?
Marc Perkel wrote: So - if I wanted to set up my own RBL for others to query me, how would I do that? I'm seriously thinking about it. Alternatively, I can stream my spam to anyone else who is already doing it. I've modified my spam stream to exclude stuff already listed in several other popular block lists. (Sorry for the late answer; long weekend). I set one up using the following instructions: http://www.kloth.net/internet/dnsbl-howto.php The setup described uses bind instead of a dedicated dnsbl app. The only down side is it can create some large bind logs if you get a decent* amount of traffic. Fun note: One cool thing with using a dnsbl is that you can put interesting messages in the txt record that get passed back to the sender. Messages like: While I too am a fan of Monty Python, and do enjoy the spam sketch, I don't enjoy spam, spam, email and spam. Goodbye. *decent: more than a trickle and less than lots. HTH -- David Filion
Re: Setting up my own RBL - How?
So - if I wanted to set up my own RBL for others to query me, how would I do that? I'm seriously thinking about it. Alternatively, I can stream my spam to anyone else who is already doing it. I've modified my spam stream to exclude stuff already listed in several other popular block lists. I'm no expert by any means, but I tried setting up an internal RBL for my company using some Perl scripts (to mangle the email upon receipt) and PDNS with a MySQL backend. I saved the last hop IP address from dictionary-attack emails sent to a particular domain that we host that gets hundreds of dictionary-attack type spams per day. It worked well, except that in my case it was nearly pointless - while I could verify that lookups were working, over the course of a 48 hour period it added hundreds of IPs but didn't flag any messages, since the spambot(s) sending to this domain would never send from the same IP address twice (which I verified in the logs), nor were they sending to any of the other 100+ domains we host. We're not fighting an enemy that's entirely stupid. Anyway, the entire point of this email was to suggest the (perhaps) obvious of using a DNS daemon that can read its zone info on the fly rather than requiring a restart. That's why I used PDNS, but I'm sure there's other DNS daemons that can do the same thing and are perhaps better suited to the task.
Re: Setting up my own RBL - How?
Mike Jackson wrote: So - if I wanted to set up my own RBL for others to query me, how would I do that? I'm seriously thinking about it. Alternatively, I can stream my spam to anyone else who is already doing it. I've modified my spam stream to exclude stuff already listed in several other popular block lists. A combination of these 2 works wonders for me.. http://simple-evcorr.sf.net/ (simple event correlator) http://www.corpit.ru/mjt/rbldnsd.html (designed for serving DNSBL zones) SEC hooks onto the mailscanner logs checking for 3 spams or 2 viruses in a span of 60 seconds, this is then fed to rbldnsd, which serves it with little latency (though the latency has nothing to do with rbldnsd). - dhawal I'm no expert by any means, but I tried setting up an internal RBL for my company using some Perl scripts (to mangle the email upon receipt) and PDNS with a MySQL backend. I saved the last hop IP address from dictionary-attack emails sent to a particular domain that we host that gets hundreds of dictionary-attack type spams per day. It worked well, except that in my case it was nearly pointless - while I could verify that lookups were working, over the course of a 48 hour period it added hundreds of IPs but didn't flag any messages, since the spambot(s) sending to this domain would never send from the same IP address twice (which I verified in the logs), nor were they sending to any of the other 100+ domains we host. We're not fighting an enemy that's entirely stupid. Anyway, the entire point of this email was to suggest the (perhaps) obvious of using a DNS daemon that can read its zone info on the fly rather than requiring a restart. That's why I used PDNS, but I'm sure there's other DNS daemons that can do the same thing and are perhaps better suited to the task.
