Good point, Matt. I think I implemented this before SpamHaus had made some of their description more explicit, or more likely, I was just obtuse.
My interpretation of their description had led me to believe that the sbl-xbl.spamhaus.org domain was a "join" on the two dnsbl databases, ** which is wrong **, and I didn't want that anyway, because I wanted to score the two results differently. On going back to the website, I find that they have also incorporated blitzed.opm.org which is also good news, and I'm sure counts in large part to the success of my XBL-DYNA test; it also means that I was making 3 dnsbl lookups where one would have sufficed! To cover the XBL and BLITZED tests, they supply 3 different answers (127.0.0.4, 127.0.0.5, 127.0.0.6) I haven't seen any documentation on what information SpamHaus is conveying with these 3 values ... in 3 hours of testing, I haven't had any hits that returned 127.0.0.5 The reason I was using BLITZEDALL is that a given IP address can appear with multiple values, with each representing the kind of trojan/zombie for which it tested positive. But I only wanted to score once per test per IP. Blah blah blah... So that I can still score SBL as high as I prefer, and still score XBL lower, I now have something like this: SBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 12 0 XBL ip4r sbl-xbl.spamhaus.org * 8 0 Each hit will be counted by SBL and XBL, which still achieves SBL scoring 20, and XBL scoring only 8, but is misleading because when you get a hit on XBL, it might not have been a zombie, but a SBL spammer. So, that cuts 3 dnsbl lookups down to 1, but with some loss of accuracy in why an IP is in XBL; that may be over-optimizing for some people. Andrew 8) -----Original Message----- From: Matt [mailto:[EMAIL PROTECTED] Sent: Monday, April 12, 2004 11:08 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Combine BASE64 and REVDNS? Andrew, You can save an extra lookup by using the combined address: XBL ip4r sbl-xbl.spamhaus.org 127.0.0.4 8 0 SBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 20 0 Declude will only do one lookup per unique address/DNSBL and then apply the result codes to all associated tests. Both tests can return a hit for the same IP under this arrangement. Note that the impact of this one change is fairly minor, but with a lot of minor changes, I have managed to get another half cup of juice out of my current server. Matt Colbeck, Andrew wrote: >Hey, Kevin. > >I do get the usual web page when I go to the CBL homepage you listed. I see >that the last update was March-30-2004 when they stated that they had >harvested out a lot of their old records. > >I stopped using CBL on Jan-05-2004, though, because the SpamHaus XBL is a >superset of CBL, e.g.: > >XBL-DYNA ip4r xbl.spamhaus.org * 8 0 > >XBL-DYNA WARN > > >Andrew 8) > >-----Original Message----- >From: Kevin Bilbee [mailto:[EMAIL PROTECTED] >Sent: Monday, April 12, 2004 10:30 AM >To: [EMAIL PROTECTED] >Subject: RE: [Declude.JunkMail] Combine BASE64 and REVDNS? > > >http://cbl.abuseat.org/lookup.cgi?ip=24.234.0.78 > > >Is CBL still working??? When I try to go to http://cbl.abuseat.org/ it get a >page can not be displayed message/cannnot find server error message???? > > >Kevin Bilbee > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. >--- >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > > > > -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
