Re: Alternative to red.uribl.com?

Thu, 05 Apr 2007 22:24:17 -0700 

On Wed, 2007-04-04 at 08:11 -0700, Bill Landry wrote:
> ram wrote the following on 4/4/2007 12:56 AM -0800:
> > On Tue, 2007-04-03 at 13:15 -0700, Bill Landry wrote:
> >   
> >> Dave Pooser wrote the following on 4/3/2007 11:19 AM -0800:
> >>     
> >>> I'm seeing a bunch of spam using URLs from domains created on the same day
> >>> or in the past day or two. I don't know how red.uribl.com works, but I
> >>> imagine it missed the same-day stuff because its automated process needs
> >>> time to work. Is there a better way to handle this-- possibly pulling the
> >>> information from whois during mail processing? (Although that would be
> >>> resource-intensive and would probably run afoul of their prohibition on
> >>> high-volume querying, so that's probably a lose.)
> >>>   
> >>>       
> >> Maybe have a look at using "The Day Old Bread List" DNSRBL?  More info 
> >> at http://support-intelligence.com/dob/
> >>
> >>     
> >
> > This seems to be a intelligent idea. Can I subscribe to their DOB lists
> > alone. 
> >
> > What are the zones to query ? 
> >   
> No subscription necessary to use the DNSRBL service.  Here is how I've 
> been using their list with SA:
> 
> header __RCVD_IN_DOB    eval:check_rbl('dob', 
> 'dob.sibl.support-intelligence.net.', '255')
> describe __RCVD_IN_DOB  Received via relay in new domain (Day Old Bread)
> tflags __RCVD_IN_DOB    net
> score __RCVD_IN_DOB     0
> 
> header RCVD_IN_DOB      eval:check_rbl_sub('dob', '127.0.0.2')
> describe RCVD_IN_DOB    Received via relay in new domain (Day Old Bread)
> tflags RCVD_IN_DOB      net
> score RCVD_IN_DOB       1.667
> 
> header DNS_FROM_DOB     
> eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
> describe DNS_FROM_DOB   Sender from new domain (Day Old Bread)
> tflags DNS_FROM_DOB     net
> score DNS_FROM_DOB      1.334
> 
> urirhssub URIBL_RHS_DOB dob.sibl.support-intelligence.net  A  127.0.0.2
> body URIBL_RHS_DOB      eval:check_uridnsbl('URIBL_RHS_DOB')
> describe URIBL_RHS_DOB  Contains an URI of a new domain (Day Old Bread)
> tflags URIBL_RHS_DOB    net
> score URIBL_RHS_DOB     2.75
> 




Is this zone alive ?? 

I put this is my local.cf since yesterday. Havent seen a single hit

urirhssub URIBL_RHS_DOB         dob.sibl.support-intelligence.net  A   2
body URIBL_RHS_DOB              eval:check_uridnsbl('URIBL_RHS_DOB')
describe URIBL_RHS_DOB          Contains an URI of a new domain (Day Old Bread)
score URIBL_RHS_DOB  1.0 


Thanks
Ram

Reply via email to