|
Andrew, That's the first I heard about that zone including the Blitzed tests. Their information is confusing as it appears on their site. It may be that there is no 127.0.0.5 result and the dash means that the values lie between 4 and 6 or 2 and 6. I believe that with just SBL and CBL data, they also listed it as 2-4, meaning 2 or 4 and not 2 through 4. It might be that this means that SBL is 127.0.0.2, CBL/XBL is 127.0.0.4, and Blitzed is 127.0.0.6. Please let me know the results of your findings after another day of monitoring and I'll likewise update my own tests. Thanks, Matt Colbeck, Andrew wrote: Good point, Matt. I think I implemented this before SpamHaus had made some of their description more explicit, or more likely, I was just obtuse.My interpretation of their description had led me to believe that the sbl-xbl.spamhaus.org domain was a "join" on the two dnsbl databases, ** which is wrong **, and I didn't want that anyway, because I wanted to score the two results differently. On going back to the website, I find that they have also incorporated blitzed.opm.org which is also good news, and I'm sure counts in large part to the success of my XBL-DYNA test; it also means that I was making 3 dnsbl lookups where one would have sufficed! To cover the XBL and BLITZED tests, they supply 3 different answers (127.0.0.4, 127.0.0.5, 127.0.0.6) I haven't seen any documentation on what information SpamHaus is conveying with these 3 values ... in 3 hours of testing, I haven't had any hits that returned 127.0.0.5 The reason I was using BLITZEDALL is that a given IP address can appear with multiple values, with each representing the kind of trojan/zombie for which it tested positive. But I only wanted to score once per test per IP. Blah blah blah... So that I can still score SBL as high as I prefer, and still score XBL lower, I now have something like this: SBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 12 0 XBL ip4r sbl-xbl.spamhaus.org * 8 0 Each hit will be counted by SBL and XBL, which still achieves SBL scoring 20, and XBL scoring only 8, but is misleading because when you get a hit on XBL, it might not have been a zombie, but a SBL spammer. So, that cuts 3 dnsbl lookups down to 1, but with some loss of accuracy in why an IP is in XBL; that may be over-optimizing for some people. Andrew 8) -----Original Message----- From: Matt [mailto:[EMAIL PROTECTED]] Sent: Monday, April 12, 2004 11:08 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Combine BASE64 and REVDNS? Andrew, You can save an extra lookup by using the combined address: XBL ip4r sbl-xbl.spamhaus.org 127.0.0.4 8 0 SBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 20 0 Declude will only do one lookup per unique address/DNSBL and then apply the result codes to all associated tests. Both tests can return a hit for the same IP under this arrangement. Note that the impact of this one change is fairly minor, but with a lot of minor changes, I have managed to get another half cup of juice out of my current server. Matt Colbeck, Andrew wrote: -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
- RE: [Declude.JunkMail] Combine BASE64 and REVDNS? Colbeck, Andrew
- Re: [Declude.JunkMail] Combine BASE64 and REVDNS? Matt
- [Declude.JunkMail] Country Codes John Olden
- Re: [Declude.JunkMail] Country Codes R. Scott Perry
- RE: [Declude.JunkMail] Combine BASE64 and REVDNS? Markus Gufler
- RE: [Declude.JunkMail] Combine BASE64 and REVDNS? Colbeck, Andrew
- RE: [Declude.JunkMail] Combine BASE64 and REVDNS? Colbeck, Andrew
