On Mon, Jun 28, 2004 at 09:56:29AM -0400, Anne Ramey wrote: > >I recently added >#sa-blacklist: 200406241030 >#This list provided by William Stearns <[EMAIL PROTECTED]>, please send >#additions and corrections. >#The master copy is kept at: >#http://www.stearns.org/sa-blacklist/sa-blacklist.current.cf >#Some of the following may be trademarks, owned by their respective >owners. > >and it brought my system to a screeching halt. Mail barely dripped >through. There were no errors and no lost mail, it just took forever >to process mail. Has anyone else experienced this?
yeah, I recently wrote Mr Stearns an offline message about that... no matter how good rbl (or bayes) is, I think a good _current_ uri list is a good thing... here are some historical and current blacklist rule sizes. 1477667 Jun 21 18:48 /etc/spamassassin/RulesDuJour/blacklist.cf.20040623-0106 421286 Jun 21 18:49 /etc/spamassassin/RulesDuJour/blacklist-uri.cf.20040623-0106 1459329 Jun 23 00:03 /etc/spamassassin/RulesDuJour/blacklist.cf.20040624-1602 415544 Jun 23 00:04 /etc/spamassassin/RulesDuJour/blacklist-uri.cf.20040624-1602 1484137 Jun 24 15:48 /etc/spamassassin/RulesDuJour/blacklist.cf.20040627-0301 422228 Jun 24 15:49 /etc/spamassassin/RulesDuJour/blacklist-uri.cf.20040627-0301 1559813 Jun 27 02:17 /etc/spamassassin/RulesDuJour/blacklist.cf.20040628-1544 443922 Jun 27 02:18 /etc/spamassassin/RulesDuJour/blacklist-uri.cf.20040628-1544 5432965 Jun 28 15:25 /etc/spamassassin/RulesDuJour/blacklist.cf.20040628-1558 1544207 Jun 28 15:28 /etc/spamassassin/blacklist-uri.cf 7070231 Jun 28 15:54 /etc/spamassassin/blacklist.cf Are all those domains in active use? How many have not been used for 6 months? I add a 2-3 domains a day to my own blacklist, I'm sure Mr Stearns blacklist catches a lot. but some scripting could be done to maintain 'current' uri because all the uri that ever spammed will get out of hand, for some sooner others later, no doubt. Not sure of the method for generating the lists but breaking them up into time frames would allow sites to choose how old of uri they use, based on their resources and load. blacklist-under-3mos.cf blacklist-under-6mos.cf blacklist-under-9mos.cf blacklist-under-12mos.cf tables maintaining dates for each uri, kicking them down when configurations are rebuilt built for each time period. maybe a rule for the =>6mos configuration could be verbose about hits to a special file, an agent could then submit "uri current" resets to the maintainer. the uri would in turn be touched and bumped to the 3mos.cf ruleset again... PITA, yes. but ATM I won't be using the Jun 28 blacklist*cf... :-( // George -- George Georgalis, Architect and administrator, Linux services. IXOYE http://galis.org/george/ cell:646-331-2027 mailto:[EMAIL PROTECTED] Key fingerprint = 5415 2738 61CF 6AE1 E9A7 9EF0 0186 503B 9831 1631
