So - if I wanted to set up my own RBL for others to query me, how would I
do that? I'm seriously thinking about it. Alternatively, I can stream my
spam to anyone else who is already doing it. I've modified my spam stream
to exclude stuff already listed in several other popular block lists.
I'm no expert by any means, but I tried setting up an internal RBL for my
company using some Perl scripts (to mangle the email upon receipt) and PDNS
with a MySQL backend. I saved the last hop IP address from dictionary-attack
emails sent to a particular domain that we host that gets hundreds of
dictionary-attack type spams per day. It worked well, except that in my case
it was nearly pointless - while I could verify that lookups were working,
over the course of a 48 hour period it added hundreds of IPs but didn't flag
any messages, since the spambot(s) sending to this domain would never send
from the same IP address twice (which I verified in the logs), nor were they
sending to any of the other 100+ domains we host. We're not fighting an
enemy that's entirely stupid.
Anyway, the entire point of this email was to suggest the (perhaps) obvious
of using a DNS daemon that can read its zone info on the fly rather than
requiring a restart. That's why I used PDNS, but I'm sure there's other DNS
daemons that can do the same thing and are perhaps better suited to the
task.
- Re: Setting up my own RBL - How? Mike Jackson
-
