Re: df.uribl.com

Sat, 02 Mar 2019 11:23:46 -0800 

On 3/2/19 7:35 PM, John Hardin wrote:

On Sat, 2 Mar 2019, John Schmerold wrote:
I subscribed to uribl's datafeed service and have read their usage documentation on http://uribl.com/usage.shtml
I think I understand how it works, but I am confused by how things work with the default 25_uribl.cf file if I want to change the rhsbl_zone to _CUSTID.df.uribl.com
We don't want the URIBL rules in 25_uribl and my custom rules to fire because that would cause 2x the lookup causing inefficient resource utilization.  If I use local.cf to set: 
score URIBL_*            0.00
Will this stop the URIBL rules from firing?
OR, using BLACK as an example, if I put this in local.cf , will it over-ride 25_uribl.cf: 
urirhssub       URIBL_BLACK     _CUSTID.df.uribl.com. A   2
body            URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe        URIBL_BLACK     Contains an URL listed in the URIBL blacklist 
tflags          URIBL_BLACK     net
score           URIBL_BLACK     6.00
reuse           URIBL_BLACK

OR: is there some better solution?


Try addressing it at the DNS resolver level.
Your MTA and SA should be using a locally-controlled resolver, they should not be going directly to a public resolver. (You're getting the datafeed so you obviously already know this...)
Configure your local resolver as authoritative for multi.uribl.com and point it at your datafeed. No changes needed in MTA/SA at all.
Pointing it at your datafeed if you're getting a RSYNC feed (which doesn't look to be your case) would just be using the data file URIBL provides you; pointing it at a URIBL-hosted client domain would probably involve a DNAME record in your local faux-master multi.uribl.com zone. 

https://www.rfc-editor.org/rfc/rfc6672.txt

http://www.informit.com/articles/article.aspx?p=19798


John,
Your suggestions don't apply to this user's case.
He's using the so called "Datafeed over DNS" and not a local rsync'd version. 

--Axb

"Datafeed over DNS
Allows end users to continue to utilize the public DNS system for URIBL resolution. This will allow high volume end users to continue to query URIBL without making any changes, or having to maintain additional hardware which is necessary for Datafeed of RSYNC. As its priced by queries per day, even small end users can benefit from Datafeed over DNS, as it provides access over DNS to Gold zone data, as well as the extra datasets (black_a, black_ns, black_nsip)."

Reply via email to