On 2/2/2004 at 7:29 PM, "Rose, Bobby" <[EMAIL PROTECTED]> wrote:
> I use it but good luck with his URI blacklist. It's huge and I had slow > performance using it. > Check out the RulesDuJour script on http://www.exit0.us/index.php > -----Original Message----- > From: Jon [mailto:[EMAIL PROTECTED] > Sent: Monday, February 02, 2004 7:28 PM > To: [EMAIL PROTECTED] > Subject: Re: SA Blacklists > Here's a little more, in short: > This is a list of domains, hosts, and IP addresses used by spammers. [...] > Jon "rules du jour" kind of sums this up: the concept of centrally administering a list of fast- and ever-changing spammer resources (domains, IP ranges) in this fashion does not scale. - If your list gets too popular, your servers will be targeted with DoS attacks, whether that's by IP traffic or cease&desist letters purporting to be "permissible legal assault" does not make a difference. - Got "Slow performance" now? You expect this list to grow, don't you? For a real solution, look no further than http://bugzilla.spamassassin.org/show_bug.cgi?id=1375 , which has an experimental patch by Florian Klein that does DNSBL lookups against hostnames contained in URL/URI's. At least one comment (#7) explains the scaling issue - and also suggests creating a DNSBL that lists domains for purposes of blacklisting. I personally prefer to list by network number and/or ASN - it scales much better. I encourage people to apply the posted patch - and read the detailed discussion in the bugzilla ticket - 70% positive hit rate on incoming spam by querying SPEWS and SBL alone is probably the best single-case rule so far. bye,Kai -- "Just say No" to Spam Kai Schlichting New York, Palo Alto, You name it Sophisticated Technical Peon Kai's SpamShield <tm> is FREE! http://www.SpamShield.org | | LeasedLines-FrameRelay-IPLs-ISDN-PPP-Cisco-Consulting-VoiceFax-Data-Muxes WorldWideWebAnything-Intranets-NetAdmin-UnixAdmin-Security-ReallyHardMath
