Jump to content

[Resolved] Replacement for cn.rbl.cluecentral.net


localhost

Recommended Posts

cn.rbl.cluecentral.net blacklist has been replaced bij this one: cn.ascc.dnsbl.bit.nl

Is spamcop going to change their configuration so we will be able to configure this blacklist?

39399[/snapback]

I get the odd shot through Chinese IP's lately? SCBL stopping the rest?

You are right though rbl.cluecentral.net THIS RBL STOPPED ON NOVEMBER THE 1ST, 2005

Yet WebMail has it listed as our Chinese Blocklist?

I cannot see why JT cannot "hotwire" spam tolerant/ignorant countries IP's himself (Sometime ago he mentioned he was?) Instead of relying on external networks

Link to comment
Share on other sites

I get the odd shot through Chinese IP's lately? SCBL stopping the rest?

You are right though rbl.cluecentral.net THIS RBL STOPPED ON NOVEMBER THE 1ST, 2005

Yet WebMail has it listed as our Chinese Blocklist?

I cannot see why JT cannot "hotwire" spam tolerant/ignorant countries IP's himself (Sometime ago he mentioned he was?) Instead of relying on external networks

39416[/snapback]

This is one of those getting through a defunct blocklist!

http://www.spamcop.net/sc?id=z864241564zbe88e35c95ed12c1899cd06b6fb9d607z

Offending IP

220.162.38.63

Block

Ip Range

220.162.36.0

to

220.162.39.255

CHINA

BEIJING

CHINANET FUJIAN PROVINCE NETWORK

Link to comment
Share on other sites

traffic off-line basically boils down to .... what's a good replacment?

Seen here, seen in the newsgroups thus far are the basic hard-coded text file set-ups that are not the desired way to go. Looking at the blackholes.us site, where they are still begging for secondaries, sending a ton load of more queries their way doesn't quite seem prudent ....

Link to comment
Share on other sites

traffic off-line basically boils down to .... what's a good replacment?

Seen here, seen in the newsgroups thus far are the basic hard-coded text file set-ups that are not the desired way to go.  Looking at the blackholes.us site, where they are still begging for secondaries, sending a ton load of more queries their way doesn't quite seem prudent ....

39702[/snapback]

http://noc.bit.nl/dnsbl/ascc/

Not that I can understand what is wrong with hard coding? The above URL is the replacement

Link to comment
Share on other sites

  • 2 weeks later...
Maintenance, accuracy, freshness .. all that stuff ... thanks, data passed on ...

39707[/snapback]

Any reply?

Another passing through a defunct Chinese Blocklist

http://www.spamcop.net/sc?id=z868921108z80384db54f468837da351a7fa4ec4a86z

IP 60.20.51.236

CHINA

CNCGROUP LIAONING PROVINCE NETWORK

Block

60.20.36.0

60.20.51.255

Link to comment
Share on other sites

  • 2 weeks later...

Yeah, this is a problem.

I actually run my own mail server for business, as well as have a spamcop address for personal stuff.

My business server just has china blocked and auto tarpitted. It would be nice to have a wider array of RBL's to select from for personal accounts. www.moensted.dk/spam is where I got some of my business block lists. I know it isn't practical to add all of them as an option to block, but all this china stuff leaking through is pretty annoying.

Link to comment
Share on other sites

Yeah, this is a problem. 

but all this china stuff leaking through is pretty annoying.

40503[/snapback]

and it is not necessary nor is the silence as to what or why

Link to comment
Share on other sites

  • 8 months later...

I think this "feature request" has languished long enough! I just made this post:

http://forum.spamcop.net/forums/index.php?...ost&p=49512

in the long-running topic in the SC email forum. Wazoo...the ball is in your court. When you get a chance, please alert JT that this is a problem for his *paying* customers and needs his attention, tout de suite, s'il vous plait.

DT

Link to comment
Share on other sites

http://noc.bit.nl/dnsbl/ascc/

Not that I can understand what is wrong with hard coding? The above URL is the replacement

Been all over the referenced site, but beyond the statement "provided to the public" ... I never did see where to actually 'get' the files listed. E-mail sent there has yet to receive a reply.

But what I see seems to be pretty close to 'hard coding' .... sucking down a 10-million+ line file once a week, having to make the assumption that the download is golden, move this file on top of the previous, or do some manipulations to make a backup of the previous, change some pointers, then match on with doing the 'local' lookups ....

Link to comment
Share on other sites

Wazoo,

I wasn't lobbying for any specific replacement, including the one you quoted. My primary point is that our SC email accounts are all configured with a "dead" BL...the one from Cluecentral, and that should at leat be removed. However, when doing so, it does make sense to try to replace the lost functionality of the former BL, and it would appear that others have mentioned that here in other dormant topics. Here's one:

"Add comcast.blackholes.us to the list of, blocklists" (the China problem, and a replacement are mentioned)

http://forum.spamcop.net/forums/index.php?showtopic=5192

I think you might have missed that topic...no "Wazoo" posts there....maybe a year ago you were thinking that SC Admins might actually be reading the "Feature Request" forum?

In any case, a little googling also brings up a China-Korea option at "blackholes.us" -- SC email accounts are already (supposedly) using the Nigeria, Argentina, and Brazil lists from blackholes.us, so my point stands, that we'd like for you to "go to bat" with JT on our behalf on this issue, please. :-)

DT

Link to comment
Share on other sites

I like to also provide soutions when I fire up a problem .... I'm still having problems with the solution sude of this ... still waiting for something from the .nl folks ... been crawling arounf blackholes.us and .... not much seems to have been changed / annouced sinnce the data I saw there hack in Linear post #6 here ... The Mailman Archive hasn't been touched since October 2005 .... the 'fornt page' still references an e-mail "received today" .. yet that also dates back to October 2005 ....

Yes, some of the stuff still works, but the question back then and remains now, how useful / up-to-date is any of the data there today?

There is no date on the rbdbnsd web-page listing that I noted ...

For the fun of sucking down various text files and creating a 'local' copy and actually using it, there's an extremely 'fun' page seen at http://wiki.openrbl.org/wiki/DNSBL_aggrega...ter_and_rbldnsd (noting that this also dates back to about a year ago ..???)

I have no idea how he's got things set up, and from that point of ignorance, it does seem odd that yet another country specific line couldn't be added .... but I'm really stuck on the "current" status of that data, which was part of the discussion from a so long ago ...

That said (and really burning out from trying to get myself educated) I will kick out something in a bit to bring this back up again ....

Link to comment
Share on other sites

OK, did worse than e-mail ... just got off the phone with him ... (bad part was that I made the call while waiting for this server to come back up ... another story)

We are in agreement on a number of things .... he can do external and internal DNS lookups. The internal data ha to be in the rblnsf format .. which is exactly where the issue lies. For an internal look-up, that table needs to be created and kept up to date. The assumption is that, as I pointed out in my last, it's that the blackholes.us data hasn't been updated in so long that has allowed the issue that Petzl and others have ran across with all the 'new' unblocked IP addresses .... so it's not that it isn't working, it's that CHina keeps getting/assigning more IP addresses ....

Based on the description at http://noc.bit.nl/dnsbl/ascc/ .. this may be the best solution for a new data source (mentioned here anyway) ... but that data file may need some major touching to do what's required ... and again, I've not heard back from them ...

Link to comment
Share on other sites

been crawling around blackholes.us and .... not much seems to have been changed / annouced sinnce the data I saw there hack in Linear post #6 here ... The Mailman Archive hasn't been touched since October 2005 .... the 'fornt page' still references an e-mail "received today" .. yet that also dates back to October 2005 ....

Yes, I noticed all of that when visiting the site, and thought it odd. It's possible that the country lists continue to be updated but not the website, but I wasn't sure how to determine that.

If that's *not* the case, then we're pretty screwed in that JT is currently using three of the countries.blackholes.us lists in the list of BLs for the SC email accounts. Perhaps you could ask him about that, if you didn't do that already?

During my searching, I've seen multiple mentions of this BL:

DNSBL countries.nerd.dk

Why isn't that one being considered instead of the NL one? Wazoo, you actually posted a reply in another topic at the end of August containing a link to that one. I'm thinkin that your use of "rblnsf" is a typo, in that it doesn't Google at all. The Danish DNSBL has an "rsync" site available, if that helps.

DT

Link to comment
Share on other sites

From: "WazoO"

To: "SpamCop Support - JT"

Subject: China IPA blocking

Date: Mon, 23 Oct 2006 06:07:12 -0500

http://countries.nerd.dk/more.html seems to offer a

multiple set of connections/data-dumps ... not sure

which would actually be easier for you ....

http://noc.bit.nl/dnsbl/ascc/ seems to be the most

current (based on their write-up) but I still haven't

received a reply from them as to how to actually

snag the files. I do believe I once found an rsync

listing somewhere a few days back, but couldn't

find it again last night.

https://webmail.spamcop.net/horde/imp/spamcop/blacklists.php

still lists cn.rbl.cluecentral.net as an option ... but as

posted on their web-site;

"The DNS-blacklist rbl.cluecentral.net has ceased to exist in november 2005.

This has been announced on the NANOG-mailinglist and in the anti-spam

workgroup at RIPE. The kind folks at BIT have adopted the list into their

own version, email noc[at]bit.nl for more information"

The other option identified was to simply add the

china.blackholes.us to the list, but I can't see where

the blackholes.us site has been touched since the

last entries back in October 2005.

Link to comment
Share on other sites

Date: Mon, 23 Oct 2006 22:56:36 -0400

From: SpamCop Support

To: WazoO

Subject: Re: China IPA blocking

OK, cn.countries.nerd.dk is now active. All existing users of the CN

blacklist have been moved over to the new zone.

Thanks for running this down.

Jeff

Tagging this Topic as Resolved, though noting that in truth, it'll have to be the results of the chaged list that matter ... yet that discussion is actually occurring in the E-Mail Account Forum section .....

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...