Mailing List SIMS@mail.stalker.com Message #13430
From: Global Homes Webmaster <webmaster@globalhomes.com>
Subject: Re: DNSRBLs - How do I figure out response IPs?
Date: Tue, 26 Aug 2003 10:03:18 -0700
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Mailsmith 2.0.1 (Blindsider)
On 08/26/03 at 11:32 -0500, Ron Johnson opined:

> Here's the most recent RBL list I've culled from all the recent
> discussion on the list.  I realize, and someone correct me if I'm
> wrong, that I can delete the last 3 entries.

Per recent threads, relays.osirusoft.com is currently displaying flakiness
to a degree that you probably should not be using it. I'd definitely keep
cn-kr.blackholes.us, though, as China and Korea are probably the two
biggest loci for spam relaying (although Brazil is a strong contender). You
should be able to drop korea.services.net and not miss it too much, but as
Bill Cole pointed out, it does contain some ARIN-assigned blocks that are
not in cn-kr.blackholes.us.

> cbl.abuseat.org
> singapore.blackholes.us
> nigeria.blackholes.us
> malaysia.blackholes.us
> brazil.blackholes.us
> sbl.spamhaus.org
>   relays.ordb.org
> opm.blitzed.org
> blackholes.easynet.nl
> ;wanadoo-fr.blackholes.us
> ;bl.spamcop.net
> cn-kr.blackholes.us
> korea.services.net
> relays.osirusoft.com
>
> I understand that these names have to go in the DNSRBL list in the
> SMTP settings, but my real problem is, how do I determine what are
> the appropriate response IP addresses for each one?  I set Tim busy,
> this morning, gathering up these addresses, so we could plug them
> into our server -- problem is, he was confronted with listings of
> literally thousands of IPs!  Could someone on here please explain to
> us how to figure this out?  I'm sure, once we've done it a time or
> two, it'll get easier, and make sense.  Barring that, if someone
> would like to eMail me, off-list if necessary,  with the proper
> response ranges for each of these, I'd *greatly* appreciate it too.
> Also, I'm curious...  A couple of the entries on this list had
> semicolons in front of them, even in the original eMail from whence
> they came.  I presume they're *not* supposed to be there???

With, I think, only two exceptions, all of the above lists return
127.0.0.2. The exceptions are cn-kr.blackholes.us, which uses 127.0.0.2 and
127.0.0.3 to distinguish Chinese and Korean IPs, and opm.blitzed.org, which
returns addresses in the range 127.1.0.1-127.1.0.31. The address returned
by OPM tells you what kinds of proxies are open on the host in question
(see <http://opm.blitzed.org/info>). At any rate, if you put in your SIMS
blacklist:

127.0.0.2-127.0.0.255
127.1.0.1-127.1.0.31

You'll be covered for 99.99% of the existing DNSbls. (If you're not using
the Osirusoft composite list, you don't need to punch a hole in the first
range to avoid the problematic sub-lists.)

--
                   Christopher Bort | cbort@globalhomes.com
            Webmaster, Global Homes | webmaster@globalhomes.com
                      <http://www.globalhomes.com/>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster