DNS Blacklist

Tornevall · 2009-07-19 8:34 pm

We have now initiated a "bridge" between Stop Forum Spam and a DNS-blacklist located at http://dnsbl.tornevall.org/ , called RemoteSubmit. If someone wants to test this service, you are welcome to do so!

The DNS loads, from SFS submitted data, four times per day, with all ip's submitted. All daily updates will also be distributed by list at http://forum.tornevall.net/forumdisplay.php?f=373 , if anyone wants to see if everything works properly!

diabolic.bg · 2009-07-20 4:40 pm

Excellent! Can I use your Black list in dnsbl.tornevall.org to check addresses in my personal mail server?

Last edited by diabolic.bg (2009-07-20 4:41 pm)

Russ · 2009-07-20 7:30 pm

This is a big step for the project and I hope the developers who maintain plugins will eventually move to querying the DNSBL instead of our database directly - it'll help with the load on the server and increase reliability.

Tornevall · 2009-07-20 8:32 pm

diabolic.bg wrote:

Excellent! Can I use your Black list in dnsbl.tornevall.org to check addresses in my personal mail server?

Absolutely! Hopefully we may stop some mail-spammers too.

Some plugins and scripts are by the way distributed from http://dnsbl.tornevall.org/?do=download on how to use it on webservers, with full caching (that is almost necessary to not overload resolvers).

Edit: A comma in the link removed

Last edited by Tornevall (2009-07-21 8:58 am)

MysteryFCM · 2009-07-20 9:07 pm

Integrated it into the SBST

diabolic.bg · 2009-07-21 4:51 pm

TMM wrote:

diabolic.bg wrote:
Excellent! Can I use your Black list in dnsbl.tornevall.org to check addresses in my personal mail server?
Absolutely! Hopefully we may stop some mail-spammers too.
Some plugins and scripts are by the way distributed from http://dnsbl.tornevall.org/?do=download on how to use it on webservers, with full caching (that is almost necessary to not overload resolvers).

Edit: A comma in the link removed

My server have a DNSBL check and I only must add new addresses. For now I use 7-8 as bl.spamcop.net, b.barracudacentral.org, zen.spamhaus.org and some others.
Every day I add spammers here and in Spamcop where I have account. The pests must be fight.

davert · 2009-07-22 9:22 pm

So just to confirm, if I use the API, any mail spam will show up? Or is this only for manual searches?

Tornevall · 2009-07-31 10:52 am

davert wrote:

So just to confirm, if I use the API, any mail spam will show up? Or is this only for manual searches?

The DNSBL is totally automated and uses DNS-resolving to check blacklisted hosts. Are you planning to use it in a spamfilter, see if the spamfilter has support for RBL's.

Tornevall · 2009-08-19 11:37 am

Statistics?

13270 hosts has been reported since the beginning of this project!

pedigree · 2009-08-24 10:04 am

I have a perl daemon running doing this for IP numbers and usernames (via encoding) but due to limitations on dns length, it only ever worked with IP addresses. encoding UTF names into a string in order to query DNS can be used to bypass testing due to the length required

Tornevall · 2009-08-24 10:50 am

pedigree wrote:

I have a perl daemon running doing this for IP numbers and usernames (via encoding) but due to limitations on dns length, it only ever worked with IP addresses. encoding UTF names into a string in order to query DNS can be used to bypass testing due to the length required

Doing tests on usernames sound a bit risky, I think it's better to only do it on ip's. And since that is possible without the encoding, I guess that makes the tests more secure?

pedigree · 2009-08-24 4:47 pm

TMM wrote:

pedigree wrote:
I have a perl daemon running doing this for IP numbers and usernames (via encoding) but due to limitations on dns length, it only ever worked with IP addresses. encoding UTF names into a string in order to query DNS can be used to bypass testing due to the length required
Doing tests on usernames sound a bit risky, I think it's better to only do it on ip's. And since that is possible without the encoding, I guess that makes the tests more secure?

Exactly. The source that I have here was all ready to roll out but the host of the api/website etc, already runs dns on port 53 and we didnt have a virtual ip available to be dedicated to the daemon

Tornevall · 2009-10-21 7:47 pm

pedigree wrote:

TMM wrote:
pedigree wrote:
I have a perl daemon running doing this for IP numbers and usernames (via encoding) but due to limitations on dns length, it only ever worked with IP addresses. encoding UTF names into a string in order to query DNS can be used to bypass testing due to the length required
Doing tests on usernames sound a bit risky, I think it's better to only do it on ip's. And since that is possible without the encoding, I guess that makes the tests more secure?
Exactly. The source that I have here was all ready to roll out but the host of the api/website etc, already runs dns on port 53 and we didnt have a virtual ip available to be dedicated to the daemon

It should be enough if your website can resolve hosts in some way. Isn't that possible?

By the way, currently we have 26072 hosts added to the dnsbl, since the project has started, and we have a total of 213002 hosts. It's currently have a very fast growth

pedigree · 2009-10-21 9:12 pm

This website is on a shared box, we dont have root access to run a port 53 daemon

#1 2009-07-19 8:34 pm

DNS Blacklist

#2 2009-07-20 4:40 pm

Re: DNS Blacklist

#3 2009-07-20 7:30 pm

Re: DNS Blacklist

#4 2009-07-20 8:32 pm

Re: DNS Blacklist

#5 2009-07-20 9:07 pm

Re: DNS Blacklist

#6 2009-07-21 4:51 pm

Re: DNS Blacklist

#7 2009-07-22 9:22 pm

Re: DNS Blacklist

#8 2009-07-31 10:52 am

Re: DNS Blacklist

#9 2009-08-19 11:37 am

Re: DNS Blacklist

#10 2009-08-24 10:04 am

Re: DNS Blacklist

#11 2009-08-24 10:50 am

Re: DNS Blacklist

#12 2009-08-24 4:47 pm

Re: DNS Blacklist

#13 2009-10-21 7:47 pm

Re: DNS Blacklist

#14 2009-10-21 9:12 pm

Re: DNS Blacklist

Board footer