At 7:25 PM -0600 8/30/2003, LuKreme (List User Kreme) wrote:
>On Aug 30, 2003, at 12:31 PM, Global Homes Webmaster wrote:
>>On 08/30/03 at 01:35 -0400, chris opined:
>>>I'll have to try the cn-kr next and see how much more it stops.
>>
>>By itself, probably quite a bit. But there's a significant overlap with CBL
>>and other lists with other purposes (easynet, OPM, etc. -- the reason so
>>much spam gets relayed through Chinese hosts is that so many of them are
>>open proxies and/or open relays, and the Chinese don't seem to care about
>>closing them). If you're already using one or more of those lists, you
>>might not see as big a drop as you might expect.
>
>exactly, as I said, 90% of the blocked pam gets hit by cbl, and 9.5% gets hit by
>cn-kr.
>
>If I reversed the entries, cn-k would catch about 40%, but that would increase the
>overall number of DNS requests I'm using, so I list cbl first.
I've been wondering about this for some time... Does the order really affect the
number of lookups?
I'd thought that the RBL lookups went out pretty much all at once. It turns out that
they don't. I looked back through some old logs where I had stepped up logging and
found this...
17:35:26 4 SMTP-696() Got connection from [66.218.66.92:35833]
17:35:26 4 SMTP(tcp) Connection accepted from [66.218.66.92:35833], seq=35451, 8/9
17:35:26 4 SMTP-696([66.218.66.92]) Sending 220-mail.MDCCLXXVI.com Stalker Internet
Mail Server V.1.8b9d14 is ready.\r\n220 ESMTP is spoken here. You are welcome\r\n
17:35:26 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.relays.osirusoft.com
17:35:26 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.list.dsbl.org
17:35:26 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.cn-kr.blackholes.us
17:35:26 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.opm.blitzed.org
17:35:27 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.relays.visi.com
17:35:27 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.relays.orbd.org
17:35:27 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.socks.relays.osirusoft.com
looks like about a 4-second delay before looking up the next listed RBLs...
17:35:31 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.singapore.blackholes.us
17:35:31 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.malaysia.blackholes.us
17:35:31 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.nigeria.blackholes.us
17:35:31 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.dynablock.wirehub.net
17:35:32 4 SMTP-696([66.218.66.92]) Looking for 92.66.218.66.blackholes.wirehub.net
17:35:32 4 SMTP-696([66.218.66.92]) Input Line: HELO n8.grp.scd.yahoo.com\r
17:35:32 4 SMTP-696(n8.grp.scd.yahoo.com) Looking for n8.grp.scd.yahoo.com
17:35:33 4 SMTP-696(n8.grp.scd.yahoo.com) Sending 250 mail.MDCCLXXVI.com is pleased to
meet you\r\n
Whereas, in a slightly earlier instance...
17:33:45 4 SMTP-690() Got connection from [218.80.102.126:3202]
17:33:45 4 SMTP(tcp) Connection accepted from [218.80.102.126:3202], seq=35446, 3/4
17:33:45 4 SMTP-690([218.80.102.126]) Sending 220-mail.MDCCLXXVI.com Stalker Internet
Mail Server V.1.8b9d14 is ready.\r\n220 ESMTP is spoken here. You are welcome\r\n
17:33:45 4 SMTP-690([218.80.102.126]) Looking for 126.102.80.218.relays.osirusoft.com
17:33:45 4 SMTP-690([218.80.102.126]) Looking for 126.102.80.218.list.dsbl.org
17:33:45 4 SMTP-690([218.80.102.126]) Looking for 126.102.80.218.cn-kr.blackholes.us
17:33:45 1 SMTP-690([218.80.102.126]) SPAM? Host is blacklisted per RBL
cn-kr.blackholes.us with result [127.0.0.2]
The remaining lookups are not needed.
So, the question arises: what is the optimum order for the most popular RBL entries?
I'm sure there are people on this list who have put a lot of thought, and perhaps some
research and testing, into it.
Which RBLs should be listed early? Which are less productive, but still worthwhile,
and can be listed later?
--
Warren Michelsen <[EMAIL PROTECTED]>
Online Tools For Business -- <http://www.OTFB.com/>
Small Business & E-commerce web hosting
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
