CORRECTION OF MY PREVIOUS STATEMENTS: SBL doesn't appear to use a bitmask format as I suggested earlier. 127.0.0.6 would appear to be a valid answer for XBL only. It looks like they might use format 2 below, and SA's query implementation reflects this. Their choice of listing numbers suggests 1), but perhaps they were using that system and changed.
Aaron Boyles wrote: > Ahhh, so this isn't a standard format for all RBLs? Many, but not all. As I said before, each RBL has it's own formats, but *most* conform to the sendmail-style format. These are all NXDOMAIN for unlisted IPs, and 127.0.0.* for listed IPs. However, the lists generally start at 127.0.0.2, skipping the 127.0.0.1 loopback. So for most single-lists it's just a reverse-dotted-quad query for an A record and you get back NXDOMAIN or 127.0.0.2. Combined lists are a bit more complex. In general I've seen two common styles of response for combined lists. 1) using a bitmask like I thought SBL does, but it doesn't. In this style 2 = first list, 4 = second list, 6= first and second. I know multi.surbl.org's lists use this format, but that's a URIBL not a IP relay check. 2) returning multiple answers in a single response (this is valid), so the same lookup might return 127.0.0.2 and 127.0.0.3 to indicate listing in the first and second lists. combined.njabl.org and dnsbl.sorbs.net use this format. > > By the way, as a programmer who runs an IRC channel for a 3D Engine > (TrueVision3D, Buy today!) I can say that as a rule, programmers tend to > give the new guy a LOT of flack, especially when asking questions when they > obviously know nothing about the subject (ie, me. Until yesterday, I didn't > have the slightest clue how RBLs work.) Well, here, have some token flack :) > You guys have been more than > gracious, infinitely patient, and very accommodating. Most of my questions > weren't even directly about SpamAssassin, but you guys have helped me > through getting a very good feature added to my filter app. In > appreciation, I'll be donating $50 to the ASF. Thank you very much for the > hand-holding for the past two days! It's too bad more open source projects > don't have such patient communities. Glad to be of help.
