Re: URIBL_SBL Weirdness

2005-03-10 Thread Jeff Chan 
On Wednesday, March 9, 2005, 8:20:33 AM, Jeff Chan wrote:
> What this means is that the nameserver for gov.ru is listed
> in SBL.

>   http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545

>> Ref: SBL13545
>> 
>> 213.59.0.0/23 is listed on the Spamhaus Block List (SBL)
>> 
>> 26-Feb-2005 02:47 GMT | SR01
>> 
>>   Ruslan Ibragimov / send-safe.com
>> 213.59.0.0/23 is listed on the Register Of Known Spam
>> Operations (ROKSO) database as being assigned to, under the
>> control of, or providing service to a known professional spam
>> operation run by Ruslan Ibragimov / send-safe.com. 
>> Rostelecom Corporate Mail Relays (escalation)

> It looks like Spamhaus has listed all of Rostelecom since
> it hosts send-safe.com.

Correction, this /23 is not all of Rostelecom.

Jeff C.
-- 
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/

Re: URIBL_SBL Weirdness

2005-03-09 Thread Matt Kettler 
At 10:50 AM 3/9/2005, [EMAIL PROTECTED] wrote:
Can anyone explain to me what the URIBL_SBL rule does (I.e. which list Is
used)
I have an email that this rule catches because of a email address inside it.
The SpamAssassin report lists it as :
0.6 URIBL_SBL   Contains an URL listed in the SBL blocklist
[URIs: gov.ru]

The URIBL_SBL rule checks the IPs of the nameservers listed in the NS 
record against the spamhaus SBL list.

[EMAIL PROTECTED] mail]# dig ns gov.ru
; <<>> DiG 9.2.1 <<>> ns gov.ru
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61199
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;gov.ru.IN  NS
;; ANSWER SECTION:
gov.ru. 345600  IN  NS  ns.rtcomm.ru.
gov.ru. 345600  IN  NS  ns1.gov.ru.
gov.ru. 345600  IN  NS  ns.gov.ru.
gov.ru. 345600  IN  NS  ns.relarn.ru.
host ns.rtcomm.ru
ns.rtcomm.ru has address 213.59.0.3
213.59.0.3 is listed in the SBL, in the following records:
   * SBL13545
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545

RE: URIBL_SBL Weirdness

2005-03-09 Thread Chris Santerre 
>
>> The SpamAssassin report lists it as :
>> 0.6 URIBL_SBL   Contains an URL listed in the SBL blocklist
>> [URIs: gov.ru]
>
>> But no matter what I try, I can´t find the blacklist that Is used.
>
>What this means is that the nameserver for gov.ru is listed
>in SBL.
>
>  http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545
>
>> Ref: SBL13545
>> 
>> 213.59.0.0/23 is listed on the Spamhaus Block List (SBL)
>> 
>> 26-Feb-2005 02:47 GMT | SR01
>> 
>>   Ruslan Ibragimov / send-safe.com
>> 213.59.0.0/23 is listed on the Register Of Known Spam
>> Operations (ROKSO) database as being assigned to, under the
>> control of, or providing service to a known professional spam
>> operation run by Ruslan Ibragimov / send-safe.com. 
>> Rostelecom Corporate Mail Relays (escalation)
>
>It looks like Spamhaus has listed all of Rostelecom since
>it hosts send-safe.com.
>
>Personally I don't like escalations like that, but I don't run
>Spamhaus.

Hell yeah to Spamhaus! I like escalations like that! Its the only way hosts
are going to learn to keep there own backyard clean. They have no preasure
if they don't get listed. 

Of course, an escalation like this won't happen on SURBL. There are ways of
making contributors comply, and resistence is futile

--Chris (We are SURBL...the collective...OK who left the cube door open
again? )

Re: URIBL_SBL Weirdness

2005-03-09 Thread Jeff Chan 
On Wednesday, March 9, 2005, 7:50:13 AM, Rikhardur EGILSSON wrote:
> Can anyone explain to me what the URIBL_SBL rule does (I.e. which list Is
> used)

RTFM?

uridnsbl checks a URI domain's nameserver against
sbl.spamhaus.org.

> I have an email that this rule catches because of a email address inside it.

> The SpamAssassin report lists it as :
> 0.6 URIBL_SBL   Contains an URL listed in the SBL blocklist
> [URIs: gov.ru]

> But no matter what I try, I can´t find the blacklist that Is used.

What this means is that the nameserver for gov.ru is listed
in SBL.

  http://www.spamhaus.org/sbl/sbl.lasso?query=SBL13545

> Ref: SBL13545
> 
> 213.59.0.0/23 is listed on the Spamhaus Block List (SBL)
> 
> 26-Feb-2005 02:47 GMT | SR01
> 
>   Ruslan Ibragimov / send-safe.com
> 213.59.0.0/23 is listed on the Register Of Known Spam
> Operations (ROKSO) database as being assigned to, under the
> control of, or providing service to a known professional spam
> operation run by Ruslan Ibragimov / send-safe.com. 
> Rostelecom Corporate Mail Relays (escalation)

It looks like Spamhaus has listed all of Rostelecom since
it hosts send-safe.com.

Personally I don't like escalations like that, but I don't run
Spamhaus.

Fortunately URIBL_SBL usually gets a fairly low score due to
false positives like this.  I'd say keep it low.

Jeff C.
-- 
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/

URIBL_SBL Weirdness

2005-03-09 Thread Rikhardur.EGILSSON 


Can anyone explain to me what the URIBL_SBL rule does (I.e. which list Is
used)

I have an email that this rule catches because of a email address inside it.

The SpamAssassin report lists it as :
0.6 URIBL_SBL   Contains an URL listed in the SBL blocklist
[URIs: gov.ru]

But no matter what I try, I can´t find the blacklist that Is used.

Since we are an International Organisation, this is a very inconvenient
situaton.

- Ríkharður