On Sat, 2 Mar 2019, Axb wrote:
On 3/2/19 7:35 PM, John Hardin wrote:
On Sat, 2 Mar 2019, John Schmerold wrote:
I subscribed to uribl's datafeed service and have read their usage
documentation on http://uribl.com/usage.shtml
I think I understand how it works, but I am confused by how things work
with the default 25_uribl.cf file if I want to change the rhsbl_zone to
_CUSTID.df.uribl.com
We don't want the URIBL rules in 25_uribl and my custom rules to fire
because that would cause 2x the lookup causing inefficient resource
utilization. If I use local.cf to set:
score URIBL_* 0.00
Will this stop the URIBL rules from firing?
OR, using BLACK as an example, if I put this in local.cf , will it
over-ride 25_uribl.cf:
urirhssub URIBL_BLACK _CUSTID.df.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL
blacklist
tflags URIBL_BLACK net
score URIBL_BLACK 6.00
reuse URIBL_BLACK
OR: is there some better solution?
Try addressing it at the DNS resolver level.
Your MTA and SA should be using a locally-controlled resolver, they should
not be going directly to a public resolver. (You're getting the datafeed so
you obviously already know this...)
Configure your local resolver as authoritative for multi.uribl.com and
point it at your datafeed. No changes needed in MTA/SA at all.
Pointing it at your datafeed if you're getting a RSYNC feed (which doesn't
look to be your case) would just be using the data file URIBL provides you;
pointing it at a URIBL-hosted client domain would probably involve a DNAME
record in your local faux-master multi.uribl.com zone.
https://www.rfc-editor.org/rfc/rfc6672.txt
http://www.informit.com/articles/article.aspx?p=19798
John,
Your suggestions don't apply to this user's case.
He's using the so called "Datafeed over DNS" and not a local rsync'd version.
I covered both possibilities:
pointing it at a URIBL-hosted client domain would probably involve a
DNAME record in your local faux-master multi.uribl.com zone.
His local MTA/SA DNS resolver would be configured to claim it is
authoritative for multi.uribl.com, and would publish a DNAME record
redirecting queries to _CUSTID.df.uribl.com (using the appropriate
customer ID, of course).
That local DNS resolver must not answer queries from (or ideally not even
be visible to) the Internet, of course.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Win95: Where do you want to go today?
Vista: Where will Microsoft allow you to go today?
-----------------------------------------------------------------------
11 days until Albert Einstein's 140th Birthday
