Stan Hoeppner wrote:
I was going by information I received from another list. I don't use
the data feed service. Does this include the CBL data set within Zen?
Yes; CBL is a subset of XBL. It's not provided separately, at least
not by Spamhaus. XBL alone is at least ~50x the size (on-disk) of the
other Zen subcomponents (PBL being the next largest).
I would make an educated guess that the size of the CBL data set would
be over 100MB alone. 25 million 32bit IP addresses (4 bytes) would be
100MB, if my math is correct. 25 million bot infected hosts around the
world seems like a very conservative estimate.
Since Spamhaus ZEN is intended to be used as a no-FP blocklist, it's
probably a lot less aggressive about listing these than some other lists
might be.
Yeah, running the Spamhaus zones on local rbldnsd instances on each MX
would require some distribution magic, as you state. Never done this
myself. I'd be more inclined to go the route you've taken, if I were
ever in a position to manage such a thing.
The "magic" amounts to a couple of crontab entries:
*/5 * * * * root rsync /path/to/spamhaus-in resolver1::rbldns
*/5 * * * * root rsync /path/to/spamhaus-in resolver2::rbldns
(I set up a script to only copy the actual zone data files - the inbound
Spamhaus sync sometimes leaves extra files lying around, I have to build
the local blacklist zone data from the database, and it's always nice to
trap errors of various kinds. But it's trivial enough any ISP sysadmin
should be able to hack out a similar wrapper in an hour or two.)
-kgd
