Re: Local DNSBL (was: Am I doing this right????)

Tue, 06 Jul 2004 05:40:42 -0700

At 10:00 PM -0500 7/5/04, Michael A. Pasek imposed structure on a stream of electrons, yielding: 
Mime-Version: 1.0
X-Sender: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Sat, 3 Jul 2004 09:48:04 -0500
To: "SIMS Discussions" <[EMAIL PROTECTED]>
From: "Michael A. Pasek" <[EMAIL PROTECTED]>
Subject: Re: Local DNSBL (was: Am I doing this right????)
Content-Type: text/plain; charset="us-ascii" ; format="flowed"

OK, so I'm a little behind on my email reading.....

On 27 Jun 2004, at 12:03, Bill Cole wrote: 
  I no longer actually use the SIMS internal blacklist because my
  local blacklist outgrew the capacity of SIMS.

Out of curiosity, how are you blacklisting outside of SIMS?

I run a local DNSBL. 

While I don't use the blacklist in SIMS (I have a firewall running sendmail
in _front_ of SIMS), I have been maintaining a blacklist that -- for all
intents and purposes -- would be the same as a SIMS blacklist:  It's just
a text file of IP addresses.

I too would like to set up a local DNSBL, and was wondering what the best
way to do this would be, as far as the zone setup goes.....

To make updates simple, it would seem that initially you'd like to set
up ALL the possible "reverse" zones, but this seems like overkill for all
the zones that would contain nothing.

A DNSBL is not really one or more 'reverse' zones, they just look that way. The active records are A's and I have TXT companions for them. Mine is all one big zone.

On the other hand, having to:
  a) define the zone (and any "sub-zones");
  b) make the zone file (and zone files for any subdomains);
  c) and THEN add the desired blacklist entry,
seems like a lot to do to add one entry.

If you don't mind sharing, Bill, what methodology did you use to
set up your DNSBL ??

I have a collection of perl and shell scripts to maintain it. The key script takes a SIMS-style blacklist (ranges with loose whitespace rules and comments trailing after semi-colons) as input and spits out one big BIND zonefile. The rest do housekeeping like adding entries and making sure that additions from multiple sources are properly serialized and batched. (I have attack detection stuff that adds to it automatically plus manual additions based on spam.)


--
Bill Cole [EMAIL PROTECTED]


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

Reply via email to