Can anyone confirm that this actually works? I setup my config file as per
below and although I'm not sure what I'm looking for in the logs, a tcpdump
for any traffic from or to rabl.nuclearelephant.com shows zero traffic. Is
there a way to manually test the blacklist?
Does a blacklist hit generate a unique log entry in the system or user logs?
Thanks
-Aaron
On 12/11/05, Bob Dodds <cto@xqme.com> wrote:
>
> David Wolfgang-Kimball wrote:
> > Is this up..? I get no response.
> >
> > On Aug 1, 2005, at 5:46 PM, Jonathan Zdziarski wrote:
> >
> >> The world's first fully machine-automated statistical blackhole list
> >> (yes, we existed before the WPBL) is now live. The Reactive
> >> Autonomous Blackhole List (RABL, or "rabble") is a statistically
> >> automated list designed to measure spam and virii based on network
> >> penetration (how widespread a particular sender ip has affected
> >> networks across the world). At the moment, there are only a few
> >> writer accounts on the system, so the catch rate is minimal, but I
> >> hope to have many more getting on board in the coming weeks. Please
> >> check it out at http://rabl.nuclearelephant.com. DSPAM integrates
> >> into the RABL both reading and writing, so it will be very simple to
> >> get on board. Just contact me if you're interested in a write
> >> account. My only requirement at the moment is that I have to know
> >> you (or someone who knows you) and can verify you're not a spammer.
> >> larger systems would be ideal.
> >>
> >> Jonathan
> Use rabl.nuclearelephant.com like this:
>
> # /etc/dspam/dspam.conf
> Lookup "rabl.nuclearelephant.com"
>
> Web Browser: http://www.nuclearelephant.com/projects/rabl/
>
> rabl items in /etc/dspam/dspam.conf
>
> # Lookup: Perform lookups on streamlined blackhole list servers (see
> # http://www.nuclearelephant.com/projects/sbl/). The streamlined blacklist
> # server is machine-automated, unsupervised blacklisting system designed
> to
> # provide real-time and highly accurate blacklisting based on network
> spread.
> # When performing a lookup, DSPAM will automatically learn the inbound
> message
> # as spam if the source IP is listed. Until an official public RABL
> server is
> # available, this feature is only useful if you are running your own
> # streamlined blackhole list server for internal reporting among
> multiple mail
> # servers. Provide the name of the lookup zone below to use.
> #
> # This function performs standard reverse-octet.domain lookups, and while
> it
> # will function with many RBLs, it's strongly discouraged to use those
> # maintained by humans as they're often inaccurate and could hurt filter
> # learning and accuracy.
> #
> Lookup "rabl.nuclearelephant.com"
>
> #
> # RBLInoculate: If you want to inoculate the user from RBL'd messages it
> would
> # have otherwise missed, set this to on.
> #
> RBLInoculate on
>
> # TrackSources: specify which (if any) source addresses to track and
> report
> # them to syslog (mail.info). This is useful if you're running a firewall
> or
> # blacklist and would like to use this information. Spam reporting also
> drops
> # RABL blacklist files (see http://www.nuclearelephant.com/projects/rabl/
> ).
> #
> TrackSources spam
>
> # RABLQueue: Touch files in the RABL queue
> # If you are a reporting streamlined blackhole list participant, you can
> # touch ip addresses within the directory the rabl_client process is
> watching.
> #
> # cvs -d :pserver:cvs@cvs.nuclearelephant.com:/usr/local/cvsroot login
> # cvs -d :pserver:cvs@cvs.nuclearelephant.com:/usr/local/cvsroot co
> rabl_server
> #
> #RABLQueue /var/spool/rabl
>
>
>
>
Received on Tue Dec 13 09:25:15 2005
This archive was generated by hypermail 2.1.8 : Wed Dec 14 2005 - 00:00:01 EST