on 11/15/01 9:57 AM, Warren Michelsen wisely articulated: > Which of the following have high "collateral damage"? Which corresponds with > "spews"? > I think "spews" is a stand alone zone, although the website is a little ambiguous. Also from the http://relays.osirusoft.com website:
What are all these zones? * Relays.OsiruSoft.com contains all zones, except for outputs and blocktest.� Effectively, it�s the master list containing the minimum casualties subzones. * Dialups.relays.OsiruSoft.com contains only sources of direct-to-mx spam which are obviously in dynamic IP pools. * Spamsites.relays.OsiruSoft.com contains only sites from spamsites.org .� * Spamhaus.relays.OsiruSoft.com contains only sites from spamhaus.org . * Spews.relays.OsiruSoft.com contains only sites from spews.org. * Blocktest.relays.osirusoft.com is a stand-alone zone.� It�s meant to block testers from testing a site or netblock for many different reasons and has no practical value.� It�s not to be interpreted any other way than to prevent test software from testing other sites. * Outputs.relays.osirusoft.com will also be a stand-alone zone, and even though it will be created, it should only be used to warn the servers listed.� And to answer your other question about what values are returned by other lists... I use the following lists in this order: inputs.orbz.org "Open Relay, see: http://www.orbz.org/sender.php"; outputs.orbz.org "Open Relay, see: http://www.orbz.org/sender.php"; or.orbl.org "Please see <http://www.orbl.org/> for information." relays.ordb.org "Please see <http://www.ordb.org/> for more information." relays.osirusoft.com "Please see <http://relays.osirusoft.com/> for more information." All use 127.0.0.2 for positive, and from looking through my logs, all EXCEPT relays.osirusoft return ONLY 127.0.0.2. That is because all the other lists are specific in nature while relays.osirusoft has multiple zones within and they are trying to categorize based on the response [much as ORBS did] so only one lookup is required. So if all you want to bounce is open relays, check for 127.0.0.2. You want to add dialups? Use 127.0.0.2-127.0.0.3, etc. This doesn't mean ALL lists will use the same results. I use 127.0.0.2-127.0.0.4 with the above list. Most of my positives are reported from orbz and orbl. I think osirusoft's stand alone zones also return ONLY 127.0.0.2, but don't take that as a definitive answer, only osirusoft would know. I suggest contacting them for clarification. >> >> 127.0.0.2 Verified Open Relay >> A verified open relay in most cases is handled by other relay blocklist >> servers, and imported into the Zone file. >> 127.0.0.3 Dialup Spam Source >> Dialup Spam Sources are imported into the Zone file from other sources and >> some known sources are manually added to the local include file. >> 127.0.0.4 Confirmed Spam Source >> A site has been identified as a constant source of spam, and is manually >> added. Submissions for this type of spam require multiple nominations from >> multiple sites. >> 127.0.0.5 Smart Host (In progress) >> A Smart host is a site determined to be secure, but relays for those who are >> not, defeating one level of security. When this is ready, it will be >> labeled outputs.osirusoft.com . NOTE: I strongly discourage using outputs >> due to it being way too effective to be useful. 127.0.0.5 has high collateral damage, but I think it has been moved to a stand alone zone. [see above] >> 127.0.0.6 A Spamware software developer or spamvertized >> site. This information will automatically be maintained by >> www.spamsites.org shortly. >> 127.0.0.7 A list server that automatically opts users in >> without confirmation >> 127.0.0.8 An insecure formmail.cgi script. (Planned) >> 127.0.0.9 Open proxy servers I hope I have been fairly accurate in my understanding. Anyone feel free to let me know otherwise. If I haven't learned something in a day, it was a day wasted... B^) Jeff ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
