Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

FEATURE(`anfi/rsdnsbl') - selecting DNSBL checks based on reputation/country

254 views
Skip to first unread message

Andrzej Adam Filip

unread,
Sep 2, 2007, 5:59:42 PM9/2/07
to
[1: Followup-To set to news:comp.mail.sendmail ]
[2: The code presented should be considered to be ALPHA quality ]

I would like to present FEATURE(`anfi/rsdnsbl.m4') that is supposed to
fine tune set of DNSBL checks based on originating IP address
* reputation (using e.g. l2.apews.org )
* country (using e.g. zz.countries.nerd.dk )

The FEATURE itself does not block anything - it only decides if the
remaining/further DNSBL tests [FEATURE(enhdnsbl) tests] should be
skipped or conducted.

Sample1 - user in Poland:
#v+
dnl import IP addresses used to represent countries in
dnl zz.countries.nerd.dk in form C2_*
FEATURE(`anfi/countries')dnl

dnl first batch of enhdnsbl tests

dnl skip remaning test for PL, DE, UK and FR adresses
FEATURE(`anfi/rsdnsbl',`zz.countries.nerd.dk',`whitelist',`',
C2_PL, C2_DE, C2_UK, C2_FR)dnl

dnl second batch of enhdnsbl tests

dnl do remaning test only for CN and KR, do not test on TMP problems
FEATURE(`anfi/rsdnsbl',`zz.countries.nerd.dk',`blacklist',`t',
C2_CN, C2_KR)dnl

dnl third batch of enhdnsbl tests

#v-

Sample2 - user in Finland:
#v+
dnl import IP addresses used to represent countries in
dnl zz.countries.nerd.dk in form C2_*
FEATURE(`anfi/countries')dnl

dnl first batch of enhdnsbl tests

dnl skip remaning test for FI addresses
FEATURE(`anfi/rsdnsbl',`zz.countries.nerd.dk',`whitelist',`', C2_FI)dnl

dnl second batch of enhdnsbl tests

dnl do remaning test only for addresses listed in APEWS, do not test on TMP problems
FEATURE(`anfi/rsdnsbl',`l2.apews.org',`blacklist',`t')dnl

dnl third batch of enhdnsbl tests

#v

URL(s):
* cf/feature/anfi/rsdnsbl.m4 file:
http://open-sendmail.cvs.sourceforge.net/*checkout*/open-sendmail/open-sendmail/cf/feature/anfi/rsdnsbl.m4
* cf/feature/anfi/countries.m4 file:
http://open-sendmail.cvs.sourceforge.net/*checkout*/open-sendmail/open-sendmail/cf/feature/anfi/countries.m4

P.S. Feel free to comment.

--
[pl>en: Andrew] Andrzej Adam Filip : an...@priv.onet.pl : an...@xl.wp.pl
Hating the Yankees is as American as pizza pie,
unwed mothers and cheating on your income tax.
-- Mike Royko

Scott Grayban

unread,
Sep 2, 2007, 7:58:48 PM9/2/07
to
Andrzej Adam Filip wrote:
> [1: Followup-To set to news:comp.mail.sendmail ]
> [2: The code presented should be considered to be ALPHA quality ]
>
> I would like to present FEATURE(`anfi/rsdnsbl.m4') that is supposed to
> fine tune set of DNSBL checks based on originating IP address
> * reputation (using e.g. l2.apews.org )
> * country (using e.g. zz.countries.nerd.dk )
>


I would never use apews.org -- they list large blocks and is very unreliable
as a dnsbl. They don't even offer a way to get delisted or even contact them.
They also provide no source of the spam. They just give ambiguous information.

Anyone that uses them for any reason will most likely end up being blocked
themselves.

Andrzej Filip

unread,
Sep 3, 2007, 5:26:21 AM9/3/07
to
Scott Grayban <sgray...@NOSPAM-gmail.com> wrote:
> Andrzej Adam Filip wrote:
> > [1: Followup-To set to news:comp.mail.sendmail ]
> > [2: The code presented should be considered to be ALPHA quality ]
>
> > I would like to present FEATURE(`anfi/rsdnsbl.m4') that is supposed to
> > fine tune set of DNSBL checks based on originating IP address
> > * reputation (using e.g. l2.apews.org )
> > * country (using e.g. zz.countries.nerd.dk )
>
> I would never use apews.org -- they list large blocks and is very unreliable
> as a dnsbl. They don't even offer a way to get delisted or even contact them.
> They also provide no source of the spam. They just give ambiguous information.
>
> Anyone that uses them for any reason will most likely end up being blocked
> themselves.

Can you read and *understand*? [ I doubt ]

The presented FEATURE should allow for example:
* restricting rdns checks (enforcing closed PTR-A loop) only for nets
listed in APEWS
* use more aggressive DNSBL/DUL lists only for nets listed in APEWS

E.g.I see no good reason to block DUL connections also from every very
high standards ISP merely because low standards ISPes have made DUL
ranges such a nuisance.

P.S.
I do not recommend use of l2.APEWS.org for plain binary blocking
(accept/reject) on any server significantly bigger than a "family
server" *BUT* it does not make APEWS totally useless. l2.APEWS.org
list ~50% of assigned/allocated IP address space, so it can be used to
make life harder for the worse half of the Internet ;-)

Scott Grayban

unread,
Sep 3, 2007, 11:51:58 AM9/3/07
to
Andrzej Filip wrote:
> I do not recommend use of l2.APEWS.org for plain binary blocking
> (accept/reject) on any server significantly bigger than a "family
> server" *BUT* it does not make APEWS totally useless. l2.APEWS.org
> list ~50% of assigned/allocated IP address space, so it can be used to
> make life harder for the worse half of the Internet ;-)
>

Which includes my ISP and *my business IP block* and I have never sent out
spam and that is fair how?

That is why APEWS is junk and useless -- it is run by total a$$tards.

Andrzej Filip

unread,
Sep 3, 2007, 5:15:40 PM9/3/07
to
On Sep 3, 5:51 pm, Scott Grayban <sgray...@NOSPAM-gmail.com> wrote:
> Andrzej Filip wrote:
> > I do not recommend use of l2.APEWS.org for plain binary blocking
> > (accept/reject) on any server significantly bigger than a "family
> > server" *BUT* it does not make APEWS totally useless. l2.APEWS.org
> > list ~50% of assigned/allocated IP address space, so it can be used to
> > make life harder for the worse half of the Internet ;-)
>
> Which includes my ISP and *my business IP block* and I have never sent out
> spam and that is fair how?

IF you ISP can not keep its net clean THEN *YES*
You have not claimed that your ISP net is clean.

> That is why APEWS is junk and useless -- it is run by total a$$tards.

BTW two separate news servers I use do not get/accept postings from
you/your news server.
I has ben forced to reply by google-news.
It is interesting, is not it? :-)


Scott Grayban

unread,
Sep 3, 2007, 8:55:54 PM9/3/07
to
Andrzej Filip wrote:
> BTW two separate news servers I use do not get/accept postings from
> you/your news server.
> I has ben forced to reply by google-news.
> It is interesting, is not it? :-)

Awww let me get my tiny violin out and play - Boo hoo

Res

unread,
Sep 3, 2007, 9:47:03 PM9/3/07
to


This type of lame ass comment explains why obviously, so perhaps the apews
listing for once, in your case, just might actually be justified.

--

Cheers
Res

0 new messages