On Fri, 28 Jun 2002, patrick grantham wrote:
> My original post translated into English:
>
> I am interested in obtaining a list of known sources of spam (a blacklist of
> domains, IP's, email addresses.) I would add to these to the list that my
> (own) mail server already rejects.
ahhh ... obviously a simple listing of open relay IP's would
be very useful to a person seeking to send wholesale email
without invitation. As such it is unusual to be able to
simply transfer all the IPs of open relays straight away.
(It is possible to get bulk transfers-- bulk transfers are
useful for statistical post-analysis. I am active with DSBL
from day one, and I sample and test DSBL results
systematically, as the third 'trusted' tester. Before that
for the former ORBZ, I did a 100% accuracy and rDNS
post-analysis which took 8 days, running flat out on one host
in fast bandwidth, for QA purposes.).
Rather, the RBL -- realtime black list -- DNS based
distribution method is used. Ask an IP, of a listing server,
and it will tell you if it is an open relay.
I also package, and have updated a one-off tester for such at:
ftp.owlriver.com in /pub/local/ORC/rblcheck/
for anon. FTP retrieval. In honor of this thread, I have
updated the RBL list, and release: rblcheck-1.4-8rh
Here are my last 10 rejects:
[root@swampfox log]# grep -i eject maillog | grep -v connect | \
awk {'print $10'} | grep -v reje | tr -d '][\,' | tail
24.234.50.12
206.46.170.103
210.243.135.85
206.169.62.171
64.5.201.242
200.23.246.162
200.171.128.31
64.214.162.30
64.37.207.36
24.232.154.184
(I enclose a HERE document, a do loop, and a backtick
expansion on a single logical command line for Smitty)
[root@swampfox mail]# for i in `cat - << END
24.234.50.12
206.46.170.103
210.243.135.85
206.169.62.171
64.5.201.242
200.23.246.162
200.171.128.31
64.214.162.30
64.37.207.36
24.232.154.184
END
` ; do echo "-- $i " ; rblcheck $i | grep -v ^not ; host $i ; \
echo " " ; done
Yields:
(Note that Verizon mailserver from earlier today is listed in
Spamcop, and ORDB as well as DSBL. Looks like these is an
issue there)
RBL filtered by relays.ordb.org
RBL filtered by relays.osirusoft.com
12.50.234.24.in-addr.arpa. domain name pointer
cm012.50.234.24.lvcm.com.
-- 206.46.170.103
RBL filtered by relays.ordb.org
RBL filtered by list.dsbl.org
RBL filtered by unconfirmed.dsbl.org
RBL filtered by bl.spamcop.net
103.170.46.206.in-addr.arpa. domain name pointer
out003pub.verizon.net.
-- 210.243.135.85
RBL filtered by orbs.dorkslayers.com
RBL filtered by list.dsbl.org
RBL filtered by multihop.dsbl.org
RBL filtered by unconfirmed.dsbl.org
RBL filtered by relays.osirusoft.com
85.135.243.210.in-addr.arpa. domain name pointer
h85-210-243-135.yuanlih.com.tw.
-- 206.169.62.171
RBL filtered by bl.spamcop.net
171.62.169.206.in-addr.arpa. domain name pointer
solo.newengineroom.biz.
-- 64.5.201.242
RBL filtered by relays.osirusoft.com
242.201.5.64.in-addr.arpa. domain name pointer
offerchkmail21.offercheck.com.
-- 200.23.246.162
RBL filtered by relays.osirusoft.com
RBL filtered by bl.spamcop.net
RBL filtered by ipwhois.rfc-ignorant.org
162.246.23.200.in-addr.arpa. domain name pointer
customer-200-23-246-162.uninet.net.mx.
-- 200.171.128.31
RBL filtered by list.dsbl.org
RBL filtered by unconfirmed.dsbl.org
RBL filtered by relays.osirusoft.com
RBL filtered by bl.spamcop.net
31.128.171.200.in-addr.arpa. domain name pointer
200-171-128-31.dsl.telesp.net.br.
-- 64.214.162.30
RBL filtered by bl.spamcop.net
30.162.214.64.in-addr.arpa. domain name pointer
sender0006z.lodo.exactis.com.
-- 64.37.207.36
RBL filtered by relays.osirusoft.com
RBL filtered by bl.spamcop.net
36.207.37.64.in-addr.arpa. domain name pointer
solo9.yesmail.net.
-- 24.232.154.184
RBL filtered by list.dsbl.org
RBL filtered by unconfirmed.dsbl.org
RBL filtered by relays.osirusoft.com
RBL filtered by bl.spamcop.net
184.154.232.24.in-addr.arpa. domain name pointer
OL184-154.fibertel.com.ar.
[root@swampfox mail]#
That set of reject accuracy post analysis looks pretty
reliable to me.
-- Russ Herrold
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:08:16 EDT