On Tuesday, June 29, 2004, 6:54:45 PM, George Georgalis wrote: > On Mon, Jun 28, 2004 at 09:56:29AM -0400, Anne Ramey wrote: >> >>I recently added >>#sa-blacklist: 200406241030 >>#This list provided by William Stearns <[EMAIL PROTECTED]>, please send >>#additions and corrections. >>#The master copy is kept at: >>#http://www.stearns.org/sa-blacklist/sa-blacklist.current.cf >>#Some of the following may be trademarks, owned by their respective >>owners. >> >>and it brought my system to a screeching halt. Mail barely dripped >>through. There were no errors and no lost mail, it just took forever >>to process mail. Has anyone else experienced this?
> yeah, I recently wrote Mr Stearns an offline message about that... > no matter how good rbl (or bayes) is, I think a good _current_ uri list > is a good thing... here are some historical and current blacklist rule > sizes. > 1477667 Jun 21 18:48 /etc/spamassassin/RulesDuJour/blacklist.cf.20040623-0106 > 421286 Jun 21 18:49 > /etc/spamassassin/RulesDuJour/blacklist-uri.cf.20040623-0106 > 1459329 Jun 23 00:03 /etc/spamassassin/RulesDuJour/blacklist.cf.20040624-1602 > 415544 Jun 23 00:04 > /etc/spamassassin/RulesDuJour/blacklist-uri.cf.20040624-1602 > 1484137 Jun 24 15:48 /etc/spamassassin/RulesDuJour/blacklist.cf.20040627-0301 > 422228 Jun 24 15:49 > /etc/spamassassin/RulesDuJour/blacklist-uri.cf.20040627-0301 > 1559813 Jun 27 02:17 /etc/spamassassin/RulesDuJour/blacklist.cf.20040628-1544 > 443922 Jun 27 02:18 > /etc/spamassassin/RulesDuJour/blacklist-uri.cf.20040628-1544 > 5432965 Jun 28 15:25 /etc/spamassassin/RulesDuJour/blacklist.cf.20040628-1558 > 1544207 Jun 28 15:28 /etc/spamassassin/blacklist-uri.cf > 7070231 Jun 28 15:54 /etc/spamassassin/blacklist.cf > Are all those domains in active use? How many have not been used for 6 > months? > I add a 2-3 domains a day to my own blacklist, I'm sure Mr Stearns > blacklist catches a lot. but some scripting could be done to maintain > 'current' uri because all the uri that ever spammed will get out of > hand, for some sooner others later, no doubt. Yes, that's a good point. Bill Stearns recently did some coding to get domains that no longer resolve off his lists. So that should effectively and appropriately expire some of the older entries. > but ATM I won't be using the Jun 28 blacklist*cf... :-( I think I can help explain why sa-blacklist went from 1.5 MB to 5.5 MB in size suddenly. Chris Santerre added a fairly large set of records from 6dos (6 degrees of spam) around that time in order to get the records into ws.surbl.org and sa-blacklist. Chris, Bill and I then discussed this and decided to take them back out of sa-blacklist and therefore ws.surbl.org, and put the 6dos entries into its own SURBL instead. However Bill's server experienced a hard disk problem around the same time so the entries have not come out of sa-blacklist yet. But they will come out once Chris gets access to Bill's server again. Until then, backing off to an earlier version of sa-blacklist makes perfect sense and it's what we've done for ws.surbl.org. When Chris gets in again, he will get the 6dos entries off sa-blacklist, it will come back down in size, and I'll restore live feeds of ws.surbl.org from the sa-blacklist data instead of freezing it at the older version, as it is now. Hopefully this makes some sense. If not I'll glady try to answer any questions or comments anyone has, though I'm not the original source of the changes. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
