Discuss

discuss@lists.surbl.org

2 participants
1873 discussions

Improved name server status page
by Jeff Chan 24 Aug '04

24 Aug '04

I've set up a better SURBL name server status page at: http://www.surbl.org/nameservers-output.html which is also linked from the main page. It shows some latency in zone file propagation, and it also shows one of the name servers down. (Bjorn is that coming back eventually?) We may want to ask all the public name servers to rsync every 10 minutes.... Would that be OK Raymond? Currently I have the DNS timeout set to 10 seconds with two retries. What kind of values are more typical or standard for resolvers? I will use the scripts that generate the page to send notifications (probably to myself at first) once things stabilize. Since events don't happen very often, it's probably not necessary to show a history on the page. Comments? Jeff C.

2 3

Add Vanuatu (.vu) to countries?
by John Lundin 24 Aug '04

24 Aug '04

Using SpamCopURI, ws.surbl.org FP'ed some mail from Fedora-List. http://dirk-wendland.deMUNGED.vu/ (a personal webpage in a sig). WS contains deMUNGED.vu. But they're a registrar. (.vu is Vanuatu.) So perhaps SURBL should whitelist de.vu and check at third level? -- lundin(a)fini.net "Not only did we get you an apple with a mouse like you asked, we also got you a banana with a lizard."

4 5

WS & DS FP?
by Bill Landry 24 Aug '04

24 Aug '04

Included in an "IT World" newsletter (www.itworld.com) is the content below that included clickaction.MUNGEDnet: ========== <! ATTENTION!> <! You are reading this message because your mail reader cannot display HTML.> <! If you would prefer to receive text messages from now on,> <! click the link below or copy it into a web browser.> <! https://secure.clickaction.MUNGEDnet/ClickAction?func=S_TurnOffHtml&partnam… ========== It was tagged by both WS and DS. Should this domain be whitelisted and/or removed from these SURBLs? Bill

3 3

[SURBL-Discuss] Geturi 1.4 released! (The SURBL URI classification helper)
by Ryan Thompson 24 Aug '04

24 Aug '04

Finally. I've been taunting you poor folks for weeks, now. :-) Here it is: http://ry.ca/geturi/ -- geturi v1.4 >From the DESCRIPTION: geturi is designed to process a directory containing a list of RFC822 messages (one message per file). It analyses each message, attempts to strip out as many unclickable URIs as possible, and then compiles the list of found URIs, putting HTML output on STDOUT. What I'd *like* to see are a bunch of people using this, and some suggestions for improvement (I already have quite a few, some of which are in the TODO section of the documentation). I'd call this alpha code at the moment, for want of testers, but I don't know of any huge bugs. Feedback more than welcome! - Ryan -- Ryan Thompson <ryan(a)sasknow.com> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America

2 2

whitelist rm04.net and rm02.net?
by Jeff Chan 24 Aug '04

24 Aug '04

We've had a request to whitelist rm04.net and rm02.net. Does anyone know anything about them? They seem to belong to: > SilverPOP Systems > (DOM-151479) > 200 Galleria Parkway > Suite 750 Atlanta > GA > 30339 US And reportedly appeared in a newsletter belonging to: Altiris http://www.altiris.com Comments? Jeff C.

1 1

Phish via "previewmysite.com"
by David B Funk 23 Aug '04

23 Aug '04

Found a citibank phish that used a redirect thru go.msn.com to 'zach.com.previewmysite.com' (see attached message). Is previewmysite.com guilty or an innocent open site that is being exploited? -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{

1 0

Gee Whiz to support SURBL
by Chris Santerre 23 Aug '04

23 Aug '04

I kind of keep tabs on these guys from time to time. Since they had started using SARE rules in their commercial product. Looks like their new version will support SURBL. Jeff you might want to drop them a "Hey there!" email. http://www.omni-ts.com/Forum/ShowPost.aspx?PostID=2913 Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

2 1

Fwd: fps
by Jeff Chan 23 Aug '04

23 Aug '04

Got some more FPs from someone who wanted to be anonymous. These are on WS: Date: Saturday, August 21, 2004, 12:37:45 PM Subject: fps bridgetrack.com (used by nytimes.com) elabs.com (EASTERN LABORATORIES INC.) mfcreative.com (ancestry.com/myfamily.com/rootsweb.com, Genealogy ad) secureserver.net (in message containing godaddy.com) dnews.com (Moscow-Pullman Daily News) spinpalace.com (appeared in xe.com currency update mailing list) I'd like some help deciding on these, though they look legtimate to me. We may need to develop a more formal procedure for handling FP reports.... Any suggestions or implementations would be welcomed. Maybe something like a trouble ticket system would be useful. Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

4 6

FP help please
by Jeff Chan 23 Aug '04

23 Aug '04

Can I get some research help in deciding which of the following FPs to whitelist? > Date: Sat, 21 Aug 2004 10:06:57 -0400 > From: John Lundin <lundin(a)cavtel.net> > To: SURBL Discussion list <discuss(a)lists.surbl.org> > Subject: [SURBL-Discuss] more possible FPs (2 OB, 4 WS and 2 DS) > Eight possible FPs. These were taken from items reported as non-spam. > The "nanas" number is raw matches on the domain from google groups. > Use your own judgement... > > OB: www.mercenariesthegameMUNGED.com (nanas 0) > mentioned in a lucasarts review > > OB: www.jmiequityMUNGED.com (nanas 0) > mentioned in a Dow Jones newsletter > The original wasn't caught by OB, but it shows up now. > > WS: Wireless.VentureReporterMUNGED.net (nanas 9) A stock newsletter. > I checked back: it really had been subscribed to. > > WS: nmailerMUNGED.com (nanas 36) Design center newsletter. > http://ellington.nmailerMUNGED.com/mailman/listinfo/dtgnews > > WS: www.imakenewsMUNGED.com (nanas 42) organization newsletter. > http://www.imakenewsMUNGED.com/cabf/ (+ cleaned user tracking) > imakenews makes me nervous... intrusive html. > > WS: ntcrMUNGED.us (nanas 43, some similar) Jupitermedia Web Events. > (origin of mailing list -- appearance in unsubscribe disclaimer) > (Site won't display for me, insufficiently motivated to find out why > it said "Your Web browser must have cookies enabled" regardless.) (DS hits ignored) > Date: Saturday, August 21, 2004, 12:37:45 PM > Subject: fps > > bridgetrack.com (used by nytimes.com) > elabs.com (EASTERN LABORATORIES INC.) > mfcreative.com (ancestry.com/myfamily.com/rootsweb.com, Genealogy ad) > secureserver.net (in message containing godaddy.com) > dnews.com (Moscow-Pullman Daily News) > > spinpalace.com (appeared in xe.com currency update mailing list) Jeff C.

2 3

FP on WS?
by Bill Landry 23 Aug '04

23 Aug '04

Several of our customers subscribe to a newsletter from www.golfonline.com. This last one contained a link to www.bullysports.com, which is listed on WS. Seems like a legit site, so I just wanted to pass it by all of you to see if it should be whitelisted and/or removed from WS. Bill

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss