Would like to add another lookup - ORF Forums

Would like to add another lookup RSS Back to forum


I am debating trying to add the below for another DNS blacklist. They seem to be the first ones catching shoeshoe and recent spam IP's.

I know they are an RSYNC setup... but how would I add the query to Fusion?


by steve.mills 4 years ago

@steve.mills: They do not support direct queries. As a workaround, you may setup a local server to receive the data via rsync (using a software like Wrbldnsd https://www.itefix.net/wrbldnsd), and then you could query the local server from ORF, just like external DNSBLs.

(their site is quite confusing, at one time they say "Direct DNS queries are not allowed.", on another page they say "Currently, we offer a free trial subscription for 15 days of rsync access. (10-day trial if doing direct queries)", so I'm not sure...)

by Krisztián Fekete (Vamsoft) 4 years ago
(in reply to this post)


@Krisztián Fekete (Vamsoft): Thanks for the reply - It looks like they allow direct for small shops with less than 1k emails or so. I emailed them for info and am waiting to hear back.

It appears from reading about them they are a small shop - but have a focus on catching snowshoe spam. So I am curious to see how they work.

Snowshoe is getting annoying and although we have slowed it down - we are still getting some thru.

Interesting enough - when I check a fresh email thatgets thru they seem to already have it on their list. So either they are good at detecting this type of email ... or they are the ones causing the problem. LOL

Lets hope it is not the latter.


by steve.mills 4 years ago
(in reply to this post)


@steve.mills: Steve, please let us know how well invaluement works for you. Snowshoe is spam is becoming a big deal for us too and I was looking around at other RBL options. I was cautious about invaluement as they may have a rep for being too aggressive which would translate into false positives. Sharing your experience would be helpful.

by Sam Russo 4 years ago
(in reply to this post)


@Sam Russo: I looked at my notes but I could not find any reference about false positives and invaluement so I'll retract that statement.

To their credit, they have a lookup page that you can use to spot check problematic IPs for your site and when they may have been listed on invalument. You can use this to check to see how effective this could be for your specific spammers.

For me, there were some spam hits that invaluement could have helped with but I also did not need to look to hard to find examples where they would not have helped us at all so I don't think it would work for us:

IP First seen here Listed in IVMSIP 11/11 11:53:16AM 11/11 11:53:36PM (close but too late for us) 11/11 12:11 11/11 17:39PM (too late for us) 11/10 10:57 not listed 11/10 16:38 not listed 11/3 16:04 not listed

Maybe these would have been picked up on the/24 list but I did not see a way to check that on the lookup page.

To see if it works for you The Invaluement lookup page is:

Good luck and if you try it please let us know how it works out.

by Sam Russo 4 years ago
(in reply to this post)


@Sam Russo: Well we are in the trial 10 day with Invaluement. They are last in our blacklist check to see how they do with Snowshoe specifically (and the random stuff that gets by) - We will report back.

Keep in mind we are a small shop and this is OUR Exchange system - but either way I will report back the statistics.


by steve.mills 4 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2