> Grayhat, > Where do you have the other settings in the DNSBL > section like max replies, max hits, max time, socket > timeout, etc.
Lemme "dump" the values... validaterbl block forcerblcache checked addrblheader checked rblmaxreplies 8 rblmaxhits 2 rblmaxweight 50 rblmaxtime 10 rblsocktime 1 rblcacheexp 4 notice that I've a DNS resolver running on the same box where ASSP is running so DNS response times are quite fast :) at any rate I avoided increasing the maxreplies too much and tuned the rblmaxtime to be "balanced" with maxreplies; by the way you may experiment a little and tune the parameters to fit your own setup; also, and if you want to experiment a little you may add the following DNSBLs virbl.dnsbl.bit.nl bhnc.njabl.org drone.abuse.ch spam.abuse.ch putting them (e.g.) at level "2" I have been using them for a while but since they got really few hits (for my setup, your may be different) I decided to remove them yet they may be worth some experimenting About DNSBL "efficiency"; the simplest way to check it is to use grep to extract the "[virus]" lines from the ASSP logs and then further process them to obtain a "hit list" for the various DNSBLs; by the way, if someone feels like having some time in his hands and would like to put together and share a perl script to generate stats then that would be interesting (and useful) :) Also, and since we're at filtering and grepping logs; another routine task on my side is grepping logs to extract IPs sending to spamtraps (automatically generated ones) I then process the resulting IP list by sorting the IPs (real IP sort) removing duplicates and using cymru and senderbase to retrieve infos about each IP (owner, CIDR range, country...) I then reprocess the "detailed list" crosschecking it with the original one (with duplicates) to add hit counts to each IP and at that point (this time manually) I use the resulting list to generate a CIDR blocks list to add to "denyalways"; this helps directly rejecting connections from known and surefire spambots and avoiding to waste resources with them ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
