ram wrote the following on 4/5/2007 10:23 PM -0800: > On Wed, 2007-04-04 at 08:11 -0700, Bill Landry wrote: > >> ram wrote the following on 4/4/2007 12:56 AM -0800: >> >>> On Tue, 2007-04-03 at 13:15 -0700, Bill Landry wrote: >>> >>> >>>> Dave Pooser wrote the following on 4/3/2007 11:19 AM -0800: >>>> >>>> >>>>> I'm seeing a bunch of spam using URLs from domains created on the same day >>>>> or in the past day or two. I don't know how red.uribl.com works, but I >>>>> imagine it missed the same-day stuff because its automated process needs >>>>> time to work. Is there a better way to handle this-- possibly pulling the >>>>> information from whois during mail processing? (Although that would be >>>>> resource-intensive and would probably run afoul of their prohibition on >>>>> high-volume querying, so that's probably a lose.) >>>>> >>>>> >>>>> >>>> Maybe have a look at using "The Day Old Bread List" DNSRBL? More info >>>> at http://support-intelligence.com/dob/ >>>> >>>> >>>> >>> This seems to be a intelligent idea. Can I subscribe to their DOB lists >>> alone. >>> >>> What are the zones to query ? >>> >>> >> No subscription necessary to use the DNSRBL service. Here is how I've >> been using their list with SA: >> >> header __RCVD_IN_DOB eval:check_rbl('dob', >> 'dob.sibl.support-intelligence.net.', '255') >> describe __RCVD_IN_DOB Received via relay in new domain (Day Old Bread) >> tflags __RCVD_IN_DOB net >> score __RCVD_IN_DOB 0 >> >> header RCVD_IN_DOB eval:check_rbl_sub('dob', '127.0.0.2') >> describe RCVD_IN_DOB Received via relay in new domain (Day Old Bread) >> tflags RCVD_IN_DOB net >> score RCVD_IN_DOB 1.667 >> >> header DNS_FROM_DOB >> eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.') >> describe DNS_FROM_DOB Sender from new domain (Day Old Bread) >> tflags DNS_FROM_DOB net >> score DNS_FROM_DOB 1.334 >> >> urirhssub URIBL_RHS_DOB dob.sibl.support-intelligence.net A 127.0.0.2 >> body URIBL_RHS_DOB eval:check_uridnsbl('URIBL_RHS_DOB') >> describe URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) >> tflags URIBL_RHS_DOB net >> score URIBL_RHS_DOB 2.75 >> >> > > Is this zone alive ?? > > I put this is my local.cf since yesterday. Havent seen a single hit > > urirhssub URIBL_RHS_DOB dob.sibl.support-intelligence.net A 2 > body URIBL_RHS_DOB eval:check_uridnsbl('URIBL_RHS_DOB') > describe URIBL_RHS_DOB Contains an URI of a new domain (Day Old > Bread) > score URIBL_RHS_DOB 1.0 > > > Thanks > Ram
Yep, it's alive. I got 56 hits on URIBL_RHS_DOB on one of my servers today. Try copying what I originally sent to the list instead of your modified version. Bill
