DNSBL score.senderscore.com

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

DNSBL score.senderscore.com

Andy Knuts
The RBL score.senderscore.com returns 127.0.4.X where X is a score from 0 to 100.
I want to block scores 0->30.
So 127.0.4.0 -> 127.0.4.30.

Does ASSP support some regexp or something to match for these return values? Or how am I supposed to configure this correctly.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: DNSBL score.senderscore.com

Thomas Eckardt/eck
>I want to block scores 0->30.

30 will be difficult - use 31 instead. ASSP supports only qualified
definitions or bitmask definitions - both with or without wildcards.
You should read carefully the GUI for 'RBLServiceProvider'.

all values from 32 to 100 have set bit 6 (32) and/or bit 7 (64) - which
makes it possible to use bitmasks

score.senderscore.com=>127.0.4.M128=>0   - to make sure only value from 0
to 31 are scored - if 100 is the highest returned value, skip this line
score.senderscore.com=>127.0.4.M64=>0
score.senderscore.com=>127.0.4.M32=>0
score.senderscore.com=>127.0.4.*=>XXX  -  value high enough to block for 0
to 31

This results in    3 x 128 + 1   or    2 x 128 + 1    RBL entries.

you may also define the reverse logic using all values from 0 to 30 with
some wildcards but without expensive bitmasks

score.senderscore.com=>127.0.4.0=>xxx
score.senderscore.com=>127.0.4.1=>xxx
score.senderscore.com=>127.0.4.2=>xxx
score.senderscore.com=>127.0.4.3=>xxx
score.senderscore.com=>127.0.4.4=>xxx
score.senderscore.com=>127.0.4.5=>xxx
score.senderscore.com=>127.0.4.6=>xxx
score.senderscore.com=>127.0.4.7=>xxx
score.senderscore.com=>127.0.4.8=>xxx
score.senderscore.com=>127.0.4.9=>xxx
score.senderscore.com=>127.0.4.1?=>xxx
score.senderscore.com=>127.0.4.2?=>xxx
score.senderscore.com=>127.0.4.30=>xxx

These are only 13 RBL entries - much better for assp, a little more work
for you.


Thomas




Von:    "Andy Knuts" <[hidden email]>
An:     [hidden email]
Datum:  18.07.2016 13:26
Betreff:        [Assp-user] DNSBL score.senderscore.com



The RBL score.senderscore.com returns 127.0.4.X where X is a score from 0
to 100.
I want to block scores 0->30.
So 127.0.4.0 -> 127.0.4.30.

Does ASSP support some regexp or something to match for these return
values? Or how am I supposed to configure this correctly.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: DNSBL score.senderscore.com

Andy Knuts
In reply to this post by Andy Knuts
I will try the 13 RBL entries later today. But I already tried this before, which didn't work:

score.senderscore.com=>127.0.4.?=>1
score.senderscore.com=>127.0.4.1?=>1
score.senderscore.com=>127.0.4.2?=>1
score.senderscore.com=>127.0.4.30=>1

It seemed to match 127.0.4.* but the gui says '?' is used to replace a single char and '*' for multiple.
You used 10 entries instead. Why can't we use 127.0.4.? instead?

If '?' is supposed to replace a single char, shouldn't it match 127.0.4.0 -> 127.0.4.9 only?


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 14:42:58
+0100
Subject: Re: [Assp-user] DNSBL score.senderscore.com


> >I want to block scores 0->30.
>
> 30 will be difficult - use 31 instead. ASSP supports only qualified
> definitions or bitmask definitions - both with or without wildcards.
> You should read carefully the GUI for 'RBLServiceProvider'.
>
> all values from 32 to 100 have set bit 6 (32) and/or bit 7 (64) - which
> makes it possible to use bitmasks
>
> score.senderscore.com=>127.0.4.M128=>0   - to make sure only value from 0
> to 31 are scored - if 100 is the highest returned value, skip this line
> score.senderscore.com=>127.0.4.M64=>0
> score.senderscore.com=>127.0.4.M32=>0
> score.senderscore.com=>127.0.4.*=>XXX  -  value high enough to block for 0
> to 31
>
> This results in    3 x 128 + 1   or    2 x 128 + 1    RBL entries.
>
> you may also define the reverse logic using all values from 0 to 30 with
> some wildcards but without expensive bitmasks
>
> score.senderscore.com=>127.0.4.0=>xxx
> score.senderscore.com=>127.0.4.1=>xxx
> score.senderscore.com=>127.0.4.2=>xxx
> score.senderscore.com=>127.0.4.3=>xxx
> score.senderscore.com=>127.0.4.4=>xxx
> score.senderscore.com=>127.0.4.5=>xxx
> score.senderscore.com=>127.0.4.6=>xxx
> score.senderscore.com=>127.0.4.7=>xxx
> score.senderscore.com=>127.0.4.8=>xxx
> score.senderscore.com=>127.0.4.9=>xxx
> score.senderscore.com=>127.0.4.1?=>xxx
> score.senderscore.com=>127.0.4.2?=>xxx
> score.senderscore.com=>127.0.4.30=>xxx
>
> These are only 13 RBL entries - much better for assp, a little more work
> for you.
>
>
> Thomas
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  18.07.2016 13:26
> Betreff:        [Assp-user] DNSBL score.senderscore.com
>
>
>
> The RBL score.senderscore.com returns 127.0.4.X where X is a score from 0
> to 100.
> I want to block scores 0->30.
> So 127.0.4.0 -> 127.0.4.30.
>
> Does ASSP support some regexp or something to match for these return
> values? Or how am I supposed to configure this correctly.
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: DNSBL score.senderscore.com

Andy Knuts
In reply to this post by Andy Knuts
Hi Thomas,

The solution you provided for senderscore didn't work either.

I used the 13 lines to block 0->30 but in the logs I see things like:

Jul-20-16 10:19:48 [Worker_2] RBL: stored <127.0.4.99> for score.senderscore.com in results
Jul-20-16 10:19:52 [Worker_2] Got 8 answers, 8 replies and 1 hits after 4 seconds for RBL checks on '91.211.240.170'  
Jul-20-16 10:19:52 [Worker_2] Got OK replies from (psbl.surriel.com bl.scientificspam.net bl.spamcop.net b.barracudacentral.org zen.spamhaus.org cidr.bl.mcafee.com dnsbl.justspam.org) - NOTOK replies from (score.senderscore.com) for RBL on '91.211.240.170'


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 14:42:58
+0100
Subject: Re: [Assp-user] DNSBL score.senderscore.com


> >I want to block scores 0->30.
>
> 30 will be difficult - use 31 instead. ASSP supports only qualified
> definitions or bitmask definitions - both with or without wildcards.
> You should read carefully the GUI for 'RBLServiceProvider'.
>
> all values from 32 to 100 have set bit 6 (32) and/or bit 7 (64) - which
> makes it possible to use bitmasks
>
> score.senderscore.com=>127.0.4.M128=>0   - to make sure only value from 0
> to 31 are scored - if 100 is the highest returned value, skip this line
> score.senderscore.com=>127.0.4.M64=>0
> score.senderscore.com=>127.0.4.M32=>0
> score.senderscore.com=>127.0.4.*=>XXX  -  value high enough to block for 0
> to 31
>
> This results in    3 x 128 + 1   or    2 x 128 + 1    RBL entries.
>
> you may also define the reverse logic using all values from 0 to 30 with
> some wildcards but without expensive bitmasks
>
> score.senderscore.com=>127.0.4.0=>xxx
> score.senderscore.com=>127.0.4.1=>xxx
> score.senderscore.com=>127.0.4.2=>xxx
> score.senderscore.com=>127.0.4.3=>xxx
> score.senderscore.com=>127.0.4.4=>xxx
> score.senderscore.com=>127.0.4.5=>xxx
> score.senderscore.com=>127.0.4.6=>xxx
> score.senderscore.com=>127.0.4.7=>xxx
> score.senderscore.com=>127.0.4.8=>xxx
> score.senderscore.com=>127.0.4.9=>xxx
> score.senderscore.com=>127.0.4.1?=>xxx
> score.senderscore.com=>127.0.4.2?=>xxx
> score.senderscore.com=>127.0.4.30=>xxx
>
> These are only 13 RBL entries - much better for assp, a little more work
> for you.
>
>
> Thomas
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  18.07.2016 13:26
> Betreff:        [Assp-user] DNSBL score.senderscore.com
>
>
>
> The RBL score.senderscore.com returns 127.0.4.X where X is a score from 0
> to 100.
> I want to block scores 0->30.
> So 127.0.4.0 -> 127.0.4.30.
>
> Does ASSP support some regexp or something to match for these return
> values? Or how am I supposed to configure this correctly.
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: DNSBL score.senderscore.com

Thomas Eckardt/eck
What else did you expext than

RBL: stored <127.0.4.99> for score.senderscore.com in results
Got 8 answers, 8 replies and 1 hits after 4 seconds for RBL checks on
'91.211.240.170'
NOTOK replies from (score.senderscore.com) for RBL on '91.211.240.170'

the answer was 127.0.4.99 - which is a good value
this is one hit
this is per default NOT OK
but 99 is weighted as good - no action

Thomas




Von:    "Andy Knuts" <[hidden email]>
An:     "For Users of ASSP" <[hidden email]>
Datum:  20.07.2016 10:28
Betreff:        Re: [Assp-user] DNSBL score.senderscore.com



Hi Thomas,

The solution you provided for senderscore didn't work either.

I used the 13 lines to block 0->30 but in the logs I see things like:

Jul-20-16 10:19:48 [Worker_2] RBL: stored <127.0.4.99> for
score.senderscore.com in results
Jul-20-16 10:19:52 [Worker_2] Got 8 answers, 8 replies and 1 hits after 4
seconds for RBL checks on '91.211.240.170'
Jul-20-16 10:19:52 [Worker_2] Got OK replies from (psbl.surriel.com
bl.scientificspam.net bl.spamcop.net b.barracudacentral.org
zen.spamhaus.org cidr.bl.mcafee.com dnsbl.justspam.org) - NOTOK replies
from (score.senderscore.com) for RBL on '91.211.240.170'


----- Original Message -----
From: Thomas Eckardt
[mailto:[hidden email]]
To: For Users of ASSP
[mailto:[hidden email]]
Sent: Mon, 18 Jul 2016 14:42:58
+0100
Subject: Re: [Assp-user] DNSBL score.senderscore.com


> >I want to block scores 0->30.
>
> 30 will be difficult - use 31 instead. ASSP supports only qualified
> definitions or bitmask definitions - both with or without wildcards.
> You should read carefully the GUI for 'RBLServiceProvider'.
>
> all values from 32 to 100 have set bit 6 (32) and/or bit 7 (64) - which
> makes it possible to use bitmasks
>
> score.senderscore.com=>127.0.4.M128=>0   - to make sure only value from
0
> to 31 are scored - if 100 is the highest returned value, skip this line
> score.senderscore.com=>127.0.4.M64=>0
> score.senderscore.com=>127.0.4.M32=>0
> score.senderscore.com=>127.0.4.*=>XXX  -  value high enough to block for
0
> to 31
>
> This results in    3 x 128 + 1   or    2 x 128 + 1    RBL entries.
>
> you may also define the reverse logic using all values from 0 to 30 with

> some wildcards but without expensive bitmasks
>
> score.senderscore.com=>127.0.4.0=>xxx
> score.senderscore.com=>127.0.4.1=>xxx
> score.senderscore.com=>127.0.4.2=>xxx
> score.senderscore.com=>127.0.4.3=>xxx
> score.senderscore.com=>127.0.4.4=>xxx
> score.senderscore.com=>127.0.4.5=>xxx
> score.senderscore.com=>127.0.4.6=>xxx
> score.senderscore.com=>127.0.4.7=>xxx
> score.senderscore.com=>127.0.4.8=>xxx
> score.senderscore.com=>127.0.4.9=>xxx
> score.senderscore.com=>127.0.4.1?=>xxx
> score.senderscore.com=>127.0.4.2?=>xxx
> score.senderscore.com=>127.0.4.30=>xxx
>
> These are only 13 RBL entries - much better for assp, a little more work

> for you.
>
>
> Thomas
>
>
>
>
> Von:    "Andy Knuts" <[hidden email]>
> An:     [hidden email]
> Datum:  18.07.2016 13:26
> Betreff:        [Assp-user] DNSBL score.senderscore.com
>
>
>
> The RBL score.senderscore.com returns 127.0.4.X where X is a score from
0
> to 100.
> I want to block scores 0->30.
> So 127.0.4.0 -> 127.0.4.30.
>
> Does ASSP support some regexp or something to match for these return
> values? Or how am I supposed to configure this correctly.
>
>
------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols

> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,

> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning
> reports.http://sdm.link/zohodev2dev
> _______________________________________________
> Assp-user mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and
traffic
patterns at an interface-level. Reveals which users, apps, and protocols
are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user