> I'm the author of a set of scripts that will expand the DD-WRT
> router to become a full linux box (OTRW). People are constantly
> downloading scripts from my site and whenever there's a problem
> I immediately get mailed. No-one complained and my logs indicate
> a constant flow of good connections. I have no idea why you get a
> 404 whilst others don't.
All I can say is that I tried fetching that file from a box sitting
a proxy and got a 404, retried it from another box with a direct
connection and it succeeded; in both cases I just used a
wget -nd ....
to fetch the file, so I suspect that the proxy may be the issue here
I've no infos about the real source of the problem but I'm wondering
if the script blocking the file-fetch from browsers may be somewhat
misbehaving when it sees the proxy header in the get request... at
any rate ...
> I work for an ISP that allow their customers to send mail themselves.
Hm... I hope you don't mean sending "direct-to-MX" that would in
most cases fail and, worse, cause the IP to get into some DNSBL
> Sometimes there's an ill behaving client among them.
> We can already detect spammers that send large quantities
Well... ASSP has a built-in "rate limiter" to deal with that, if you set
the LocalFrequencyInt, LocalFrequencyNumRcpt and the
NoLocalFrequency (for MLs and any authorized mass-sender)
along with a well crafted NotifyRe, ASSP will issue a tempfail
in case someone goes over the rate-limit and will also alert
you (ok... the admins) with an email this helps detecting mass
senders (and in most cases infected machines or people which
thinks that spamming is good :P) and quickly "remediate" :)
> Above the line which holds my domain there's a hyperlink to
> another list. It's that list which holds 96 DNSBL's.
Saw it but didn't try fetching that list, yet I think that a lot
of DNSBLs sitting inside that file are unneeded, either
because they're overlapping (e.g. "zen.spamhaus.org"
includes other spamhaus lists) or because they're either
unreliable or too aggressive to be used in real world so
if some IP gets listed by one of the latter I won't even
consider it an issue :)
As for detecting spamming/infected hosts sitting on your
network, I think you may give http://www.bothunter.net/ a
spin, if you never tried it, I think you'll be surprised at the
results and... no, it's not the same as running (say) a
vanilla snort, the critter uses a quite cool "correlation
engine" which allows it to play some ... magic :)