Re: [dspam-users] RABL Now LIVE!

rabl is not online at the moment. i need to update the page. nobody's
really shown much interest in becoming a writer.

Jonathan

On Dec 13, 2005, at 9:23 AM, Aaron Wolfe wrote:

> Can anyone confirm that this actually works? I setup my config
> file as per below and although I'm not sure what I'm looking for in
> the logs, a tcpdump for any traffic from or to
> rabl.nuclearelephant.com shows zero traffic. Is there a way to
> manually test the blacklist?
> Does a blacklist hit generate a unique log entry in the system or
> user logs?
> Thanks
> -Aaron
>
> On 12/11/05, Bob Dodds <cto@xqme.com> wrote:
> David Wolfgang-Kimball wrote:
> > Is this up..? I get no response.
> >
> > On Aug 1, 2005, at 5:46 PM, Jonathan Zdziarski wrote:
> >
> >> The world's first fully machine-automated statistical blackhole
> list
> >> (yes, we existed before the WPBL) is now live. The Reactive
> >> Autonomous Blackhole List (RABL, or "rabble") is a statistically
> >> automated list designed to measure spam and virii based on network
> >> penetration (how widespread a particular sender ip has affected
> >> networks across the world). At the moment, there are only a few
> >> writer accounts on the system, so the catch rate is minimal, but I
> >> hope to have many more getting on board in the coming weeks. Please
> >> check it out at http://rabl.nuclearelephant.com. DSPAM integrates
> >> into the RABL both reading and writing, so it will be very
> simple to
> >> get on board. Just contact me if you're interested in a write
> >> account. My only requirement at the moment is that I have to know
> >> you (or someone who knows you) and can verify you're not a spammer.
> >> larger systems would be ideal.
> >>
> >> Jonathan
> Use rabl.nuclearelephant.com like this:
>
> # /etc/dspam/dspam.conf
> Lookup " rabl.nuclearelephant.com"
>
> Web Browser: http://www.nuclearelephant.com/projects/rabl/
>
> rabl items in /etc/dspam/dspam.conf
>
> # Lookup: Perform lookups on streamlined blackhole list servers (see
> # http://www.nuclearelephant.com/projects/sbl/). The streamlined
> blacklist
> # server is machine-automated, unsupervised blacklisting system
> designed to
> # provide real-time and highly accurate blacklisting based on network
> spread.
> # When performing a lookup, DSPAM will automatically learn the inbound
> message
> # as spam if the source IP is listed. Until an official public RABL
> server is
> # available, this feature is only useful if you are running your own
> # streamlined blackhole list server for internal reporting among
> multiple mail
> # servers. Provide the name of the lookup zone below to use.
> #
> # This function performs standard reverse-octet.domain lookups, and
> while it
> # will function with many RBLs, it's strongly discouraged to use those
> # maintained by humans as they're often inaccurate and could hurt
> filter
> # learning and accuracy.
> #
> Lookup "rabl.nuclearelephant.com"
>
> #
> # RBLInoculate: If you want to inoculate the user from RBL'd
> messages it
> would
> # have otherwise missed, set this to on.
> #
> RBLInoculate on
>
> # TrackSources: specify which (if any) source addresses to track
> and report
> # them to syslog (mail.info). This is useful if you're running a
> firewall or
> # blacklist and would like to use this information. Spam reporting
> also
> drops
> # RABL blacklist files (see http://www.nuclearelephant.com/projects/
> rabl/ ).
> #
> TrackSources spam
>
> # RABLQueue: Touch files in the RABL queue
> # If you are a reporting streamlined blackhole list participant,
> you can
> # touch ip addresses within the directory the rabl_client process is
> watching.
> #
> # cvs -d :pserver:cvs@cvs.nuclearelephant.com:/usr/local/cvsroot login
> # cvs -d :pserver:cvs@cvs.nuclearelephant.com:/usr/local/cvsroot co
> rabl_server
> #
> #RABLQueue /var/spool/rabl
>
>
>
>
Received on Tue Dec 13 09:26:06 2005