Mailing List SIMS@mail.stalker.com Message #9673
From: Bill Cole <listbill@scconsult.com>
Subject: Re: RBL list
Date: Thu, 15 Nov 2001 22:08:48 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 10:21 AM -0800 11/15/01, Charles L. Martin  imposed structure on a stream of electrons, yielding:
Bill,

I don't understand this. Specifically, I don't understand "use a current SIMS which can differentiate between return values and choose your blocking that way." I am using 1.8b8. Is that new enough?

Yes.  1.8b8 or one of the later dev versions is required. Earlier versions (like the 1.7 release) can only use a single blacklist entry and do not differentiate between return values.


 Is there some setup I have to do in the Router (or elsewhere) to do as you recommend?

Yes. For any RBL-like list to work with 1.8b8 or later, you need to have the  return values that you want to reject in the local blacklist. If you have a big chunk of 127.* in your blacklist now, switching to a consolidated zone like relays.osirusoft.com of the MAPS RBL+ makes it imperative that you revisit your blacklist unless you are willing to risk the problems that qa lot of people recently had when the openlists list was added to relays.osirusoft.com. That list has a lot of very big ISP's on it and a number of list service providers who happen to host some unconfirmed lists along with a lot of confirmed lists.

Note that I responded as I did because I think there is a real risk in simply replacing one list with another without taking a serious look at what each specific list carries and how they carry it. The relays.osirusoft.com zone is a unification of multiple independently managed lists into a single zone with different return values, and it will probably get more lists added to it over time. I'm a bit surprised to see that Joe Jared removed a list from it just because of the collateral damage, but i suppose I can see the logic: not everyone runs an MTA that *can* differentiate between the values returned from a DNSBL, so leaving a super-high collateral damage list in was probably untenable. SPEWS also has more than I'd put up with, but the blocked innocents of SPEWS are generally less well known and less obvious than the careless but too-big-to-block parties hit by openlists.




Chuck

On Thursday, November 15, 2001, at 08:05 AM, (Bill Cole) wrote:

If you're using relays.ordb.org, you might as well also use
relays.osirusoft.com (between those two they catch most open
relays), and if you use relays.osirusoft.com you don't need to use
the sub-zones dialups, spamhaus or spews, as they're incorporated in
relays.osirusoft.com


Beware: there is also massive collateral damage in the other lists
rolled into the top-level zone. Despite the name, the 'relays' zone
is far more than just relays and Joe has recently added the
'Openlists' list to it, causing *huge* collateral damage. If you use
that zone, it is ESSENTIAL that you use a current SIMS which can
differentiate between return values and choose your blocking that
way. Joe could well add other new lists into the zone without notice
and if you have 127.* in your blacklist you would automatically use
those.
--
Bill Cole

Charles L. Martin
123 N. McDonough Street
Decatur, GA 30030
404-373-3116
FAX 801-881-1246
clmartin@theombudsman.com
http://www.theombudsman.com


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <SIMS@mail.stalker.com>.
To unsubscribe, E-mail to: <SIMS-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <SIMS-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <SIMS-index@mail.stalker.com>
Send administrative queries to  <SIMS-request@mail.stalker.com>


--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster