Fwd: [spamtools] Decomissioning a DNS anti-spam list {Scanned}

Chris Sweeney csweeney at OSUBUCKS.ORG
Sat Mar 20 03:01:59 GMT 2004


Why not just remove the DNS entries from his server so people won't be using
his system.  IE remove *.relays.monkeys.com from his DNS so it just doesn't
resolve?



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
Behalf Of Eagle Net Support
Sent: Friday, March 19, 2004 4:53 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Fwd: [spamtools] Decomissioning a DNS anti-spam list
{Scanned}


Here's where he should have started in the first place.

I couldn't help but notice what the first response to his request for help
found
it necessary to ask.

*************pasted
Are you looking to block the queries, or do something destructive to the
machines that are querying you?
*************end paste

joe

hermit921 wrote:

> For people who don't follow the spamtools list, a posting (with some lines
> deleted for brevity) from the former InfiniteMonkeys owner:
>
> >[deleted] As some of you may know, up until last September, I ran a
couple of
> >DNS-based anti-spam lists.  As some of you may also know, I ceased
> >doing that back in September, because I was DDoS'd by what I can only
> >assume must have been spammers.
> >
> >Anyway, I posted (in various places) an announcement back in September
> >that I was shutting down my lists, and I posted a final ``end of life''
> >announcement for the lists also about a month and a half ago.
> >
> >Now, finally, I am _really_ trying to perform a final decommissioning of
> >my former anti-spam DNS lists.  (But as the old saying goes, ``No good
> >deed goes unpunished.'')
> >
> >The problem is that no matter what I do, I cannot seem to stop the
> >ongoing torrent of queries against the zones, which are coming from
> >literally thousands of different sites:
> >
> >XX /140.105.16.62/51.30.135.194.proxies.relays.monkeys.com/A/IN/E
> >XX /206.13.30.10/68.200.213.209.proxies.relays.monkeys.com/A/IN/E
> >XX /216.17.138.239/219.206.32.204.proxies.monkeys.com/PTR/IN/E
> >XX /212.101.192.70/10.215.3.217.proxies.relays.monkeys.com/A/IN/E
> >XX /206.13.30.27/68.200.213.209.proxies.relays.monkeys.com/A/IN/E
> >XX /206.222.1.3/214.133.43.217.formmail.relays.monkeys.com/A/IN/E
> >XX /206.222.1.3/214.133.43.217.proxies.relays.monkeys.com/A/IN/E
> >XX /140.239.96.4/216.213.229.217.proxies.relays.monkeys.com/A/IN/E
> >XX /168.243.42.248/23.255.102.194.proxies.relays.monkeys.com/A/IN
> >XX /168.243.42.248/23.255.102.194.proxies.relays.monkeys.com/A/IN
> >XX /68.156.116.28/246.66.98.24.proxies.monkeys.com/PTR/IN/E
> >XX /213.131.64.2/82.170.67.66.formmail.relays.monkeys.com/A/IN/E
> >XX /213.131.64.2/82.170.67.66.proxies.relays.monkeys.com/A/IN/E
> >XX /198.216.32.3/237.168.92.67.proxies.relays.monkeys.com/A/IN
> >XX /140.239.96.4/53.43.174.200.proxies.relays.monkeys.com/A/IN/E
> >XX /200.21.139.9/204.78.41.213.proxies.relays.monkeys.com/A/IN/E
> >[deleted]
> >
> >...
> >and on and on, ad infinitum.
> >
> >I have _very little_ bandwidth at my disposal, and now I need to reclaim
> >that bandwidth for other purposes.  But these ongoing queries are sucking
> >up more than half of the meager bandwidth that I have.
> >
> >I have tried everything that I can think of to stop this flood of
> >bogus queries already, and nothing has worked.  Nothing I have tried
> >has even had any noticable effect.  I've tried setting the relevant
> >NS records to point into oblivion (specifically into the 224/8 space).
> >I have also tried pointing the NS records back to the very same name
> >servers elsewhere that are the most frequent ongoing troublemakers,
> >i.e. most frequent queriers of my defunct anti-spam zones.  Now I am
> >trying the following NS record:
> >
> >*.relays.monkeys.com.   IN      NS      localhost.monkeys.com.
> >
> >where `localhost.monkeys.com' resolves to 127.0.0.1 (in the hopes that
> >those name servers that are annoying me now will end up just querying
> >themselves, instead of me) but so far even this doesn't seem to be
> >working very well.
> >
> >Oh!  And I should mention that I also tried this:
> >
> >*.relays.monkeys.com.   IN      A       127.0.0.2
> >                         IN      TXT     "See
http://www.monkeys.com/dnsbl/"
> >
> >i.e. ``blacklist the Universe'', but even that only produced very limited
> >success in terms of getting people to stop sending queries here for the
> >dead and defunct anti-spam zones.
> >
> >So can anybody help me with this?  There has GOT to be some way of de-
> >commissioning a zone such that further queries against the zone will not
> >be a huge burden on _my_ bandwidth.
> >[deleted]
>
> --
> This message has been scanned for viruses and
> dangerous content, and is believed to be clean.


--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list