[These notes came from Rick Macdougall of nougen.com on 4 May 2004. Thanks Rick!]

FAQ for rbldnsd and dnscache

  1. Install rbldnsd as per instructions. If you are running FreeBSD you may use the ports collection to do this.
  2. Choose a directory to contain the rbl data you will be downloading or rsyncing from various servers. In our case I choose to use /usr/local/rbldnsd .
  3. Set up and get working your rsync of the data and make sure it works correctly. A working cron job for surbl data is: 
    		{value 0 - 59} * * * *       root /usr/local/scripts/rsyncrbldnsd.sh
    Where the OS is FreeBSD and you are editing the /etc/crontab file. If you are using crontab -e root, please omit the root word in the above line.

    Please replace {value 0 - 59} with a number between 0 and 59, and to minimize the load on the surbl server, try not to use the same number on different servers.

    Where rsyncrbldnsd.sh contains:

    		#!/bin/sh

/usr/local/bin/rsync -t some_rsync_server::surbl/*.rbldnsd /usr/local/rbldnsd
    Note: The above is all on one line, and you'll replace some_rsync_server with the actual rsync server name provided when you are granted access. (To get rsync access to the SURBL zone files, please fill out our rsync access form, and let us know the IP address you will be rsyncing from and the approximate number of incoming messages processed per day.)
  4. Get rbldnsd up and running. We run it under daemon tools. Create a new directory in /root (or wherever) called rbldnsd. In the rbldnsd directory, create a file called run with the following information: 
    		#!/bin/sh
  
  exec /usr/local/sbin/rbldnsd -n -l +- -b  
     ws.surbl.org:dnset:/usr/local/rbldnsd/ws.surbl.org.rbldnsd 
     be.surbl.org:dnset:/usr/local/rbldnsd/be.surbl.org.rbldnsd 
     sc.surbl.org:dnset:/usr/local/rbldnsd/sc.surbl.org.rbldnsd
    Save and exit, then make the file executable: 
    		chmod 755 run
    Then make a subdirectory called log inside /root/rbldnsd and edit a file called run, add the following information to it: 
    		#!/bin/sh
  exec /usr/local/bin/multilog t s5000000 n10 /var/log/rbldnsd
    Save and exit, then make the shell script executable: 
    		chmod 755 run
    Now cd to /root 
    		mv rbldnsd /service
    Your rbldnsd should now start within 5 seconds.

    Verify it is running with:

    		sleep 5; svstat /service/rbldnsd/
  5. Get it working with dnscache. Here is the fun stuff: 
    		cd /etc/dnscache/root/servers
  vi be.surbl.org
    Add your IP that your rbldnsd server is running on to the file. The IP should match the IP added to /service/rbldnsd/run file in step 4

    Save and exit.

    		cp be.surbl.org sc.surbl.org
cp be.surbl.org ws.surbl.org

svc -t /service/dnscache
    (or restart dnscache if you are not using daemontools).

You should now be running dnscache with it looking at your rbldnsd for the data of be, sc, and ws.surbl.org and looking at the root servers for all other data.

Editor's Notes:

  1. rbldnsd is much faster and more memory efficient than BIND. Therefore you will likely improve your mail processing performance by using rbldnsd to serve all of your RBL zone files. Many RBLs will grant rsync access to rbldnsd versions of their zones by request.
  2. It's no longer necessary to manually reload rbldnsd since by default it will automatically check for and load any changed zone files every 60 seconds. This can be adjusted with the -c command line argument.
  3. Like any name server, log files for rbldnsd queries can get quite large if generated. Be sure to use a log rotation method like the one above or by configuring newsyslog if you choose to keep logs.

[These notes came from Rick Macdougall of nougen.com on 4 May 2004. Thanks Rick!]

FAQ for rbldnsd and dnscache

  1. Install rbldnsd as per instructions. If you are running FreeBSD you may use the ports collection to do this.
  2. Choose a directory to contain the rbl data you will be downloading or rsyncing from various servers. In our case I choose to use /usr/local/rbldnsd .
  3. Set up and get working your rsync of the data and make sure it works correctly. A working cron job for surbl data is: 
    		{value 0 - 59} * * * *       root /usr/local/scripts/rsyncrbldnsd.sh
    Where the OS is FreeBSD and you are editing the /etc/crontab file. If you are using crontab -e root, please omit the root word in the above line.

    Please replace {value 0 - 59} with a number between 0 and 59, and to minimize the load on the surbl server, try not to use the same number on different servers.

    Where rsyncrbldnsd.sh contains:

    		#!/bin/sh

  /usr/local/bin/rsync -t some_rsync_server::surbl/*.rbldnsd /usr/local/rbldnsd
    Note: The above is all on one line, and you'll replace some_rsync_server with the actual rsync server name provided when you are granted access. (To get rsync access to the SURBL zone files, please fill out our rsync access form, and let us know the IP address you will be rsyncing from and the approximate number of incoming messages processed per day.)
  4. Get rbldnsd up and running. We run it under daemon tools. Create a new directory in /root (or wherever) called rbldnsd. In the rbldnsd directory, create a file called run with the following information: 
    		#!/bin/sh
  
  exec /usr/local/sbin/rbldnsd -n -l +- -b  
     ws.surbl.org:dnset:/usr/local/rbldnsd/ws.surbl.org.rbldnsd 
     be.surbl.org:dnset:/usr/local/rbldnsd/be.surbl.org.rbldnsd 
     sc.surbl.org:dnset:/usr/local/rbldnsd/sc.surbl.org.rbldnsd
    Save and exit, then make the file executable: 
    		chmod 755 run
    Then make a subdirectory called log inside /root/rbldnsd and edit a file called run, add the following information to it: 
    		#!/bin/sh
  exec /usr/local/bin/multilog t s5000000 n10 /var/log/rbldnsd
    Save and exit, then make the shell script executable: 
    		chmod 755 run
    Now cd to /root 
    		mv rbldnsd /service
    Your rbldnsd should now start within 5 seconds.

    Verify it is running with:

    		sleep 5; svstat /service/rbldnsd/
  5. Get it working with dnscache. Here is the fun stuff: 
    		cd /etc/dnscache/root/servers
  vi be.surbl.org
    Add your IP that your rbldnsd server is running on to the file. The IP should match the IP added to /service/rbldnsd/run file in step 4

    Save and exit.

    		cp be.surbl.org sc.surbl.org
cp be.surbl.org ws.surbl.org

svc -t /service/dnscache
    (or restart dnscache if you are not using daemontools).

You should now be running dnscache with it looking at your rbldnsd for the data of be, sc, and ws.surbl.org and looking at the root servers for all other data.

Editor's Notes:

  1. rbldnsd is much faster and more memory efficient than BIND. Therefore you will likely improve your mail processing performance by using rbldnsd to serve all of your RBL zone files. Many RBLs will grant rsync access to rbldnsd versions of their zones by request.
  2. It's no longer necessary to manually reload rbldnsd since by default it will automatically check for and load any changed zone files every 60 seconds. This can be adjusted with the -c command line argument.
  3. Like any name server, log files for rbldnsd queries can get quite large if generated. Be sure to use a log rotation method like the one above or by configuring newsyslog if you choose to keep logs.

[These notes came from Rick Macdougall of nougen.com on 4 May 2004. Thanks Rick!]

FAQ for rbldnsd and dnscache

  1. Install rbldnsd as per instructions. If you are running FreeBSD you may use the ports collection to do this.
  2. Choose a directory to contain the rbl data you will be downloading or rsyncing from various servers. In our case I choose to use /usr/local/rbldnsd .
  3. Set up and get working your rsync of the data and make sure it works correctly. A working cron job for surbl data is: 
    		{value 0 - 59} * * * *       root /usr/local/scripts/rsyncrbldnsd.sh
    Where the OS is FreeBSD and you are editing the /etc/crontab file. If you are using crontab -e root, please omit the root word in the above line.

    Please replace {value 0 - 59} with a number between 0 and 59, and to minimize the load on the surbl server, try not to use the same number on different servers.

    Where rsyncrbldnsd.sh contains:

    		#!/bin/sh

  /usr/local/bin/rsync -t some_rsync_server::surbl/*.rbldnsd /usr/local/rbldnsd
    Note: The above is all on one line, and you'll replace some_rsync_server with the actual rsync server name provided when you are granted access. (To get rsync access to the SURBL zone files, please fill out our rsync access form, and let us know the IP address you will be rsyncing from and the approximate number of incoming messages processed per day.)
  4. Get rbldnsd up and running. We run it under daemon tools. Create a new directory in /root (or wherever) called rbldnsd. In the rbldnsd directory, create a file called run with the following information: 
    		#!/bin/sh
  
  exec /usr/local/sbin/rbldnsd -n -l +- -b  
     ws.surbl.org:dnset:/usr/local/rbldnsd/ws.surbl.org.rbldnsd 
     be.surbl.org:dnset:/usr/local/rbldnsd/be.surbl.org.rbldnsd 
     sc.surbl.org:dnset:/usr/local/rbldnsd/sc.surbl.org.rbldnsd
    Save and exit, then make the file executable: 
    		chmod 755 run
    Then make a subdirectory called log inside /root/rbldnsd and edit a file called run, add the following information to it: 
    		#!/bin/sh
  exec /usr/local/bin/multilog t s5000000 n10 /var/log/rbldnsd
    Save and exit, then make the shell script executable: 
    		chmod 755 run
    Now cd to /root 
    		mv rbldnsd /service
    Your rbldnsd should now start within 5 seconds.

    Verify it is running with:

    		sleep 5; svstat /service/rbldnsd/
  5. Get it working with dnscache. Here is the fun stuff: 
    		cd /etc/dnscache/root/servers
  vi be.surbl.org
    Add your IP that your rbldnsd server is running on to the file. The IP should match the IP added to /service/rbldnsd/run file in step 4

    Save and exit.

    		cp be.surbl.org sc.surbl.org
cp be.surbl.org ws.surbl.org

svc -t /service/dnscache
    (or restart dnscache if you are not using daemontools).

You should now be running dnscache with it looking at your rbldnsd for the data of be, sc, and ws.surbl.org and looking at the root servers for all other data.

Editor's Notes:

  1. rbldnsd is much faster and more memory efficient than BIND. Therefore you will likely improve your mail processing performance by using rbldnsd to serve all of your RBL zone files. Many RBLs will grant rsync access to rbldnsd versions of their zones by request.
  2. It's no longer necessary to manually reload rbldnsd since by default it will automatically check for and load any changed zone files every 60 seconds. This can be adjusted with the -c command line argument.
  3. Like any name server, log files for rbldnsd queries can get quite large if generated. Be sure to use a log rotation method like the one above or by configuring newsyslog if you choose to keep logs.

[These notes came from Rick Macdougall of nougen.com on 4 May 2004. Thanks Rick!]

FAQ for rbldnsd and dnscache

  1. Install rbldnsd as per instructions. If you are running FreeBSD you may use the ports collection to do this.
  2. Choose a directory to contain the rbl data you will be downloading or rsyncing from various servers. In our case I choose to use /usr/local/rbldnsd .
  3. Set up and get working your rsync of the data and make sure it works correctly. A working cron job for surbl data is: 
    		{value 0 - 59} * * * *       root /usr/local/scripts/rsyncrbldnsd.sh
    Where the OS is FreeBSD and you are editing the /etc/crontab file. If you are using crontab -e root, please omit the root word in the above line.

    Please replace {value 0 - 59} with a number between 0 and 59, and to minimize the load on the surbl server, try not to use the same number on different servers.

    Where rsyncrbldnsd.sh contains:

    		#!/bin/sh

  /usr/local/bin/rsync -t some_rsync_server::surbl/*.rbldnsd /usr/local/rbldnsd
    Note: The above is all on one line, and you'll replace some_rsync_server with the actual rsync server name provided when you are granted access. (To get rsync access to the SURBL zone files, please fill out our rsync access form, and let us know the IP address you will be rsyncing from and the approximate number of incoming messages processed per day.)
  4. Get rbldnsd up and running. We run it under daemon tools. Create a new directory in /root (or wherever) called rbldnsd. In the rbldnsd directory, create a file called run with the following information: 
    		#!/bin/sh
  
  exec /usr/local/sbin/rbldnsd -n -l +- -b  
     ws.surbl.org:dnset:/usr/local/rbldnsd/ws.surbl.org.rbldnsd 
     be.surbl.org:dnset:/usr/local/rbldnsd/be.surbl.org.rbldnsd 
     sc.surbl.org:dnset:/usr/local/rbldnsd/sc.surbl.org.rbldnsd
    Save and exit, then make the file executable: 
    		chmod 755 run
    Then make a subdirectory called log inside /root/rbldnsd and edit a file called run, add the following information to it: 
    		#!/bin/sh
  exec /usr/local/bin/multilog t s5000000 n10 /var/log/rbldnsd
    Save and exit, then make the shell script executable: 
    		chmod 755 run
    Now cd to /root 
    		mv rbldnsd /service
    Your rbldnsd should now start within 5 seconds.

    Verify it is running with:

    		sleep 5; svstat /service/rbldnsd/
  5. Get it working with dnscache. Here is the fun stuff: 
    		cd /etc/dnscache/root/servers
  vi be.surbl.org
    Add your IP that your rbldnsd server is running on to the file. The IP should match the IP added to /service/rbldnsd/run file in step 4

    Save and exit.

    		cp be.surbl.org sc.surbl.org
cp be.surbl.org ws.surbl.org

svc -t /service/dnscache
    (or restart dnscache if you are not using daemontools).

You should now be running dnscache with it looking at your rbldnsd for the data of be, sc, and ws.surbl.org and looking at the root servers for all other data.

Editor's Notes:

  1. rbldnsd is much faster and more memory efficient than BIND. Therefore you will likely improve your mail processing performance by using rbldnsd to serve all of your RBL zone files. Many RBLs will grant rsync access to rbldnsd versions of their zones by request.
  2. It's no longer necessary to manually reload rbldnsd since by default it will automatically check for and load any changed zone files every 60 seconds. This can be adjusted with the -c command line argument.
  3. Like any name server, log files for rbldnsd queries can get quite large if generated. Be sure to use a log rotation method like the one above or by configuring newsyslog if you choose to keep logs.

[These notes came from Rick Macdougall of nougen.com on 4 May 2004. Thanks Rick!]

FAQ for rbldnsd and dnscache

  1. Install rbldnsd as per instructions. If you are running FreeBSD you may use the ports collection to do this.
  2. Choose a directory to contain the rbl data you will be downloading or rsyncing from various servers. In our case I choose to use /usr/local/rbldnsd .
  3. Set up and get working your rsync of the data and make sure it works correctly. A working cron job for surbl data is: 
    		{value 0 - 59} * * * *       root /usr/local/scripts/rsyncrbldnsd.sh
    Where the OS is FreeBSD and you are editing the /etc/crontab file. If you are using crontab -e root, please omit the root word in the above line.

    Please replace {value 0 - 59} with a number between 0 and 59, and to minimize the load on the surbl server, try not to use the same number on different servers.

    Where rsyncrbldnsd.sh contains:

    		#!/bin/sh

  /usr/local/bin/rsync -t some_rsync_server::surbl/*.rbldnsd /usr/local/rbldnsd
    Note: The above is all on one line, and you'll replace some_rsync_server with the actual rsync server name provided when you are granted access. (To get rsync access to the SURBL zone files, please fill out our rsync access form, and let us know the IP address you will be rsyncing from and the approximate number of incoming messages processed per day.)
  4. Get rbldnsd up and running. We run it under daemon tools. Create a new directory in /root (or wherever) called rbldnsd. In the rbldnsd directory, create a file called run with the following information: 
    		#!/bin/sh
  
  exec /usr/local/sbin/rbldnsd -n -l +- -b  
     ws.surbl.org:dnset:/usr/local/rbldnsd/ws.surbl.org.rbldnsd 
     be.surbl.org:dnset:/usr/local/rbldnsd/be.surbl.org.rbldnsd 
     sc.surbl.org:dnset:/usr/local/rbldnsd/sc.surbl.org.rbldnsd
    Save and exit, then make the file executable: 
    		chmod 755 run
    Then make a subdirectory called log inside /root/rbldnsd and edit a file called run, add the following information to it: 
    		#!/bin/sh
  exec /usr/local/bin/multilog t s5000000 n10 /var/log/rbldnsd
    Save and exit, then make the shell script executable: 
    		chmod 755 run
    Now cd to /root 
    		mv rbldnsd /service
    Your rbldnsd should now start within 5 seconds.

    Verify it is running with:

    		sleep 5; svstat /service/rbldnsd/
  5. Get it working with dnscache. Here is the fun stuff: 
    		cd /etc/dnscache/root/servers
  vi be.surbl.org
    Add your IP that your rbldnsd server is running on to the file. The IP should match the IP added to /service/rbldnsd/run file in step 4

    Save and exit.

    		cp be.surbl.org sc.surbl.org
cp be.surbl.org ws.surbl.org

svc -t /service/dnscache
    (or restart dnscache if you are not using daemontools).

You should now be running dnscache with it looking at your rbldnsd for the data of be, sc, and ws.surbl.org and looking at the root servers for all other data.

Editor's Notes:

  1. rbldnsd is much faster and more memory efficient than BIND. Therefore you will likely improve your mail processing performance by using rbldnsd to serve all of your RBL zone files. Many RBLs will grant rsync access to rbldnsd versions of their zones by request.
  2. It's no longer necessary to manually reload rbldnsd since by default it will automatically check for and load any changed zone files every 60 seconds. This can be adjusted with the -c command line argument.
  3. Like any name server, log files for rbldnsd queries can get quite large if generated. Be sure to use a log rotation method like the one above or by configuring newsyslog if you choose to keep logs.

[These notes came from Rick Macdougall of nougen.com on 4 May 2004. Thanks Rick!]

FAQ for rbldnsd and dnscache

  1. Install rbldnsd as per instructions. If you are running FreeBSD you may use the ports collection to do this.
  2. Choose a directory to contain the rbl data you will be downloading or rsyncing from various servers. In our case I choose to use /usr/local/rbldnsd .
  3. Set up and get working your rsync of the data and make sure it works correctly. A working cron job for surbl data is: 
    		{value 0 - 59} * * * *       root /usr/local/scripts/rsyncrbldnsd.sh
    Where the OS is FreeBSD and you are editing the /etc/crontab file. If you are using crontab -e root, please omit the root word in the above line.

    Please replace {value 0 - 59} with a number between 0 and 59, and to minimize the load on the surbl server, try not to use the same number on different servers.

    Where rsyncrbldnsd.sh contains:

    		#!/bin/sh

  /usr/local/bin/rsync -t some_rsync_server::surbl/*.rbldnsd /usr/local/rbldnsd
    Note: The above is all on one line, and you'll replace some_rsync_server with the actual rsync server name provided when you are granted access. (To get rsync access to the SURBL zone files, please fill out our rsync access form, and let us know the IP address you will be rsyncing from and the approximate number of incoming messages processed per day.)
  4. Get rbldnsd up and running. We run it under daemon tools. Create a new directory in /root (or wherever) called rbldnsd. In the rbldnsd directory, create a file called run with the following information: 
    		#!/bin/sh
  
  exec /usr/local/sbin/rbldnsd -n -l +- -b  
     ws.surbl.org:dnset:/usr/local/rbldnsd/ws.surbl.org.rbldnsd 
     be.surbl.org:dnset:/usr/local/rbldnsd/be.surbl.org.rbldnsd 
     sc.surbl.org:dnset:/usr/local/rbldnsd/sc.surbl.org.rbldnsd
    Save and exit, then make the file executable: 
    		chmod 755 run
    Then make a subdirectory called log inside /root/rbldnsd and edit a file called run, add the following information to it: 
    		#!/bin/sh
  exec /usr/local/bin/multilog t s5000000 n10 /var/log/rbldnsd
    Save and exit, then make the shell script executable: 
    		chmod 755 run
    Now cd to /root 
    		mv rbldnsd /service
    Your rbldnsd should now start within 5 seconds.

    Verify it is running with:

    		sleep 5; svstat /service/rbldnsd/
  5. Get it working with dnscache. Here is the fun stuff: 
    		cd /etc/dnscache/root/servers
  vi be.surbl.org
    Add your IP that your rbldnsd server is running on to the file. The IP should match the IP added to /service/rbldnsd/run file in step 4

    Save and exit.

    		cp be.surbl.org sc.surbl.org
cp be.surbl.org ws.surbl.org

svc -t /service/dnscache
    (or restart dnscache if you are not using daemontools).

You should now be running dnscache with it looking at your rbldnsd for the data of be, sc, and ws.surbl.org and looking at the root servers for all other data.

Editor's Notes:

  1. rbldnsd is much faster and more memory efficient than BIND. Therefore you will likely improve your mail processing performance by using rbldnsd to serve all of your RBL zone files. Many RBLs will grant rsync access to rbldnsd versions of their zones by request.
  2. It's no longer necessary to manually reload rbldnsd since by default it will automatically check for and load any changed zone files every 60 seconds. This can be adjusted with the -c command line argument.
  3. Like any name server, log files for rbldnsd queries can get quite large if generated. Be sure to use a log rotation method like the one above or by configuring newsyslog if you choose to keep logs.

SURBL Data Feed Request

SURBL Data Feeds offer higher performance for professional users through faster updates and resulting fresher data. Freshness matters since the threat behavior is often highly dynamic, so Data Feed users can expect higher detection rates and lower false negatives.

The main data set is available in different formats:

  • rsync (Sponsored Data Service - SDS)
  • DNS (Private Query Service - PQS)
  • RPZ (DNS Response Policy Zones)
  • CSV (Comma Separated Values)

Rsync and DNS are typically used for mail filtering and RPZ for web filtering. High-volume systems and non-filter uses such as security research should use rsync.

For more information, please contact your SURBL reseller or see the references in Links.

Sign up for SURBL Data Feed Access.

  • Sign up for data feed access

    Direct data feed access offers better filtering performance with fresher data than is available on the public mirrors. Sign up for SURBL Data Feed Access.

  • Applications supporting SURBL

    • Apache SpamAssassin - #1 Open-Source Spam Filter
    • milter-link - filter for Sendmail and Postfix
    • More...

  • Learn about SURBL lists

    • AB - Abuse and spam sites
    • PH - Phishing sites
    • MW - Malware sites
    • More...