 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
6 messages in net.sourceforge.lists.courier-usersRe: [courier-users] DNS lookup blacklist| From | Sent On | Attachments |
|---|---|---|
| Lisa Muir | Jan 16, 2008 1:38 pm | |
| Sam Varshavchik | Jan 16, 2008 3:27 pm | |
| Gordon Messmer | Jan 16, 2008 3:36 pm | |
| Leigh S. Jones, KR6X | Jan 16, 2008 6:57 pm | |
| Lisa Muir | Jan 16, 2008 9:59 pm | |
| Arturo 'Buanzo' Busleiman | Jan 17, 2008 2:57 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] DNS lookup blacklist | Actions... |
|---|---|---|
| From: | Lisa Muir (34.2...@gmail.com) | |
| Date: | Jan 16, 2008 9:59:54 pm | |
| List: | net.sourceforge.lists.courier-users | |
On Jan 16, 2008 11:28 PM, Sam Varshavchik <mrs...@courier-mta.com> wrote:
Lisa Muir writes:
I've been adding dns blacklists through the courier webadmin with great results. Wanted to add lashback to the list, and found this in their info:
if you wish to check whether 192.168.1.100 is listed in the UBL, you would perform a DNS lookup on 100.1.168.192.ubl.unsubscore.com
Is this how the web configured DNS blacklists work or do they simply
They all work this way.
Excellent!
make a reverse DNS lookup on the IP address? I was hoping to migrate the blacklist lookups to a localhost BIND and effectly use it as a proxy for courier to make one single rdns lookup on, but if they all operate like lashback, then thats not going to work with multiple dnsbl's
Why not? It'll work just fine. Of course, it will get slow. Once you get beyond 3-4 DNSBLs, the server will spend a noticeable amount of time waiting for remote DNS queries to come back.
Yeah, but when you've got 200 accounts getting spam from the same source, you pay the overhead for the first lookup only and then aren't pounding the remote servers. Gotta be kinder to them, its been a surprising 100% success.
The usual solution is to make arrangements with your DNSBL's operators to let your nameservers do zone transfers, rather than ad-hoc queries. This will effectively keep your DNS lookups local, and each check essentially translates to a rather fast database dip. You can't expect it to get faster than that.
Rsync has been mentioned a few times by the ones I've read. One step at a time though. Right now I have a highly successful spam block (zero hits in 24 hours, woo hoo, haven't had this in years) which puts the burden of false positives straight back on the sender and their choice of ISP, and thats a major step forward. Next up I'll reduce my load on the free lists. Then I'll look at zone transfers or how to make an rsync work with with Bind.
For those who are interested, the strategy was to use the blacklists that were pre-loaded into the webadmin system, then look at messages that got through, put the source ip address into http://www.mxtoolbox.com/blacklists.aspx to find a dnsbl that would have caught it, and tweak the setup from that.
Thanks guys,
Lisa.