Yeah, probably time to retire spews, they aren't going
to fix it.
Aside from my traplist (which I'll add) anyone have
any suggestions for useful addtions when I commit this? I seldom
use exernally maintained blacklists anymore :)
-Bob
* Josh Grosse <[EMAIL PROTECTED]> [2007-02-01 10:01]:
> 1) According to www.spews.org, the text files for SPEWS level 1 and 2 have
> not been updated since August, 2006.
>
> 2) There has been much discussion of this in both
> news.admin.net-abuse.blocklisting, and in news.admin.net-abuse.email.
>
> 3) As of today, SORBS is no longer mirroring the SPEWS DNSbl, according to
> Matthew Sullivan who posted in news.admin.net-abuse.blocklisting:
>
> "...I have emptied all live blocks out of the SPEWS zonefiles I hold locally
> and disabled the download and update script from overwriting the empty
> zones....I will keep the zones configured and emptied for another 6 months,
> and will drop the zones from there should SPEWS never update them again..."
>
> ref: <[EMAIL PROTECTED]>
>
> ----
>
> Based on the general consensus that SPEWS may be dead, if not dormant,
> it *might* be time to remove references to SPEWS from /etc/spamd.conf and
> from spamd.conf(5).
>
> Below are example diffs for src/etc/spamd.conf and
> src/share/man/man5/spamd.conf.5, as well as for www/spamd/index.html.
>
> The web mirrors compressed SPEWS level-1 and level-2 text files in the
> ../files directory, but neither that directory nor the mirroring scripts
> are part of the www tree.
>
> ----
>
> --- src/etc/spamd.conf.orig Tue Jul 11 01:40:33 2006
> +++ src/etc/spamd.conf Thu Feb 1 11:18:06 2007
> @@ -23,23 +23,7 @@
> # www.openbsd.org with, for instance, to www.de.openbsd.org
>
> all:\
> - :spews1:china:korea:
> -
> -# Mirrored from http://www.spews.org/spews_list_level1.txt
> -spews1:\
> - :black:\
> - :msg="SPAM. Your address %A is in the spews level 1 database\n\
> - See http://www.spews.org/ask.cgi?x=%A for more details":\
> - :method=http:\
> - :file=www.openbsd.org/spamd/spews_list_level1.txt.gz:
> -
> -# Mirrored from http://www.spews.org/spews_list_level2.txt
> -spews2:\
> - :black:\
> - :msg="SPAM. Your address %A is in the spews level 2 database\n\
> - See http://www.spews.org/ask.cgi?x=%A for more details":\
> - :method=http:\
> - :file=www.openbsd.org/spamd/spews_list_level2.txt.gz:
> + :china:korea:
>
> # Mirrored from http://www.okean.com/chinacidr.txt
> china:\
>
> ----
>
> --- spamd.conf.5.orig Thu Jan 29 12:44:29 2004
> +++ spamd.conf.5 Thu Feb 1 11:15:22 2007
> @@ -50,15 +50,16 @@
> Example:
> .Bd -literal -offset indent
> all:\e
> - :spews1:white:myblack:
> + :korea:white:myblack:
>
> -spews1:\e
> +korea:\e
> :black:\e
> - :msg="SPAM. Your address \&%A is in the spews\e
> - level 1 database\ensee http://www.spews.org/ask.cgi?x=\&%A\en":\e
> - :method=http:\e
> - :file=www.spews.org/spews_list_level1.txt:
> + :msg="SPAM. Your address \&%A appears to be from Korea\\n
> + See http://www.okean.com/asianspamblocks.html":\\
> + :method=http:\\
> + :file=www.openbsd.org/spamd/koreacidr.txt.gz:
>
> +
> white:\e
> :white:\e
> :method=file:\e
> @@ -77,13 +78,13 @@
> are to be applied.
> The addresses in a whitelist are removed from the preceding blacklist.
> In the above example, if the address was present in all three lists,
> blacklists
> -.Ar spews1
> +.Ar korea
> and
> .Ar myblack ,
> as well as whitelist
> .Ar white ,
> the address would be removed from blacklist
> -.Ar spews1
> +.Ar korea
> by the subsequent
> .Ar white
> whitelist.
>
> ----
>
> --- www/spamd/index.html.orig Tue Jul 11 01:42:06 2006
> +++ www/spamd/index.html Thu Feb 1 11:27:45 2007
> @@ -42,51 +42,6 @@
> <p>
>
> <ul>
> -<li><a href="http://www.spews.org";>Spews Level 1</a><br>
> -<font color="#a00000">"SPEWS publishes two lists. The majority of the Level
> 1 list
> -is made up of netblocks owned by the spammers or spam support
> -operations themselves, with few or no other legitimate customers
> -detected. We don't even try and educate these types as any past
> -attempts at education have failed. If a known spammer buys a
> -new netblock but hasn't started spamming from it yet, it is still
> -eligible to be listed here. If used, this list should have close to
> -zero inadvertent blocking."</font> (from their web page)
> -<p>
> -Original source location:
> -<a href="http://www.spews.org/spews_list_level1.txt";>
> -http://www.spews.org/spews_list_level1.txt</a>
> -<br>
> -OpenBSD mirror location:
> -<a href="http://www.openbsd.org/spamd/spews_list_level1.txt.gz";>
> -http://www.openbsd.org/spamd/spews_list_level1.txt.gz</a>
> -<p>
> -
> -<li><a href="http://www.spews.org";>Spews Level 2</a><br>
> -<font color="#a00000">
> -"This includes all of Level 1, plus anyone who is
> -spam-friendly, supporting spammers, or highly suspicious, but not
> -blatant enough to be included in the Level 1 list yet. If it becomes
> -obvious that someone at Level 2 has become a real problem, they
> -will be escalated to Level 1 after some attempt at education. The
> -Level 2 list will have some inadvertent blocking (non-spammer IP
> -addresses listed), but can still be used by small ISPs or
> -individuals who want a stricter level of blocking/filtering. By
> -having a two tiered list, you can make the hardcore spamfighters
> -happy; those who want to block first and ask questions later.
> -Also, a listing in the Level 2 list may exert a bit of pressure on
> -spam friendly sites and may keep them from turning totally bad -
> -but that is not really the point, stopping spam is. (note: a Level
> -value of "0" means that area is not listed)"</font> (from their web page)
> -<p>
> -Original source location:
> -<a href="http://www.spews.org/spews_list_level2.txt";>
> -http://www.spews.org/spews_list_level2.txt</a>
> -<br>
> -OpenBSD mirror location:
> -<a href="http://www.openbsd.org/spamd/spews_list_level2.txt.gz";>
> -http://www.openbsd.org/spamd/spews_list_level2.txt.gz</a>
> -<p>
> -
> <li><a href="http://www.okean.com/asianspamblocks.html";>China CIDR</a><br>
> <font color="#a00000">
> "Because these two countries have the chronic and pervasive practice
> iD8DBQFFwhjJYi5wNVWLbsURAjozAJ9cZyaoGmmcbh+6GEA+MRORQKPvxQCdH8Oc
> umSV+sGBIyBdIIzvulJldT8=
> =I3ad
> -----END PGP SIGNATURE-----
>
--
#!/usr/bin/perl
if ((not 0 && not 1) != (! 0 && ! 1)) {
print "Larry and Tom must smoke some really primo stuff...\n";
}
