DNSBL 5.0.5 – Introducing advanced whitelisting

In DNBL v5.0.5 (API release) an advanced whitelisting system is introduced. At first, this whitelist system was implemented in a leaf-application (the honeypot system) but since it’s better to implement it directly at the blacklist entry, this has been done instead.

For example, if we’d like to whitelist Telia mailservers in the DNSBL, we could simply add their SPF inclusions in the system. By adding _spf-a.telia.net, _spf-b.telia.net, etc the DNSBL will check each added ip address if it matches against either a IPv4/IPv6 address that belongs to the SPF pointer or if it is located within a CIDR-based range in the pointers. So if we whitelist _spf-a.telia.net and a blacklist request contains an address in the range of 81.236.57.10/32, that address will be considered whitelisted and throw an exception.

In the primary whitelist the only SPF-exceptions is _spf.tornevall.net and _spf.tornevall.se. Other addresses that also will be whitelisted is the following (that will prevent internal server blacklistings):

127.0.0.0/8
172.16.0.0/12
10.0.0.0/8
192.168.0.0/16

Important patch for DNSBL

The prior weekend our mail server was moved to a completely new place, so we also decided to shut down the old mailserver.

However, the old server contained important files that handled the blacklist functions (methods that automatically updates and changes the zone data in the zone tornevall.org). As this service has been shut down, an update for the DNSBL API has been deployed since we have been unable to rewrite zone data since then.

This also means that all removals from the removal interface should be instant if everything goes as planned (tests has been successful) – and not hourly.

Just remember that even if removals are instant, your blacklisted IP may still be present in caches around the workd, and won’t be updated instantly.

 

Reshaping the community portal.

I know! It may be a bit excessive to both run a WordPress-info-portal AND a community forum-portal in the same time, as WordPress have quite ok tools for running forum-ish stuff from there. However, I’m not entirely pleased with that, especially since I like the old community-threaded non-Facebook-forum form. vBulletin 5 left this concept for a few years ago, but it really is possible to reorganize things and make them work quite well. And this is what I’ve done the last day.

Once upon a time, there was “Tornis”. It was a realityshow based forum that had Big Brother Sweden as the primary target. However, when Facebook took control over forums with the group-concept many forums went into a graveyard of dead forums. Some of “us” (me) still appreciate the simple overview of threads instead of the compact Facebook view where everything is mixed up in 2 sublevels of comments and all text exposed in the same place. So the decision to reorganize this place have been there for several years. I still feel there might needs of some other kind of privacy than Facebook monitoring all your information. Besides, you still can be reported for practically nothing and get banned.

The purpose over time has therefore changed. There are ongoing projects that has been planned to be placed in this forum. The first problem to fight was to clean up the forum without being forced to delete everything. This is now finished. There is a Facebook-group mirrored to this portal (Making internet a better place), where I was supposed to support and update information about the API that should have been making internet a better place. This project has been delayed for a long time now, but since the reorganization FINALLY have taken place, the future might be a bit more brighter. However, there’s a few things left to do before we can go all in on it…

https://www.tornevall.net/portal/articles/1062744-reshaping-the-community-portal

Establishing WordPress Portal

To make life a bit easier in the Tornevallverse, a new portal for creating WordPress sites is currently taking form.

You can find out more, what you can do with it at https://wordpress.tornevall.net/. Currently user registration are available, but not the site itself (since it requires an automation of building and linking domain names properly). The two primary portals (this site and TorneAUTH) is not going to be migrated into that service yet.

DNSBL Slave DNS offering

Do you feel that the DNSBL resolvers are too slow for your requests? In cases where this happens, you might want to apply for an own DNS slave server. You can do this by sending a mail to support@tornevall.net – you can also send a mail if you would like to contribute with more slave servers to extend the reachability of the services. If you think the service is worth donating to, so that it can be extended furthermore, take a look here.

The current DNS servers are located in following countries:

  • Stockholm/Sweden
  • Scania/Sweden
  • Tokyo/Japan

Reaching milestones for SpamAssassin and DNS editor

There are several side projects going on right now. One of the completed “milestones” is the SpamAssassin configurator that was finalized today. For a few hours ago, we’ve started to work on a DNS editor, that makes it possible to update entries into two of our master DNS-servers. This is another milestone as much of the changes today are being made manually with regular zone files. We’ll still go that way, but in a near future, it will be possible to update records live. This work might speed up our DNS Blacklist a bit, which might give us a chance to live update both the primary master server and the second backup without hourly reloading. The DNS API was besides of this not even planned – it was “just a test” to see if it was possible and suddenly, there was an almost complete interface for it in the API.

Any plugins?

Yes, there was recently a minor release of the DNSBL WordPress-plugin also (not a milestone), but the release was too small to set up a whole post for it. But here goes, 2.0.6 gave us one minor update, as we had problems with blacklisted users requesting for delisting in the delisting-page comment fields. Those fields are less checked than the support mailbox, so the patch was based on removing comment abilities in the removal page as an option in the admin configuration.

  • [DNSBLWP-49] – comments_open has a problem that might open for comments again, if other plugins has it disabled

DNSBL for WordPress 2.0.5/2.0.6 CHANGELOG

This also includes 2.0.3 and 2.0.4 as they only contained minor fixes

2.0.6

Minor fix for open/closed comments on delisting page

2.0.5

  • [DNSBLWP-42] – duplicate () in link (readme.txt)
  • [DNSBLWP-47] – Ability to disable comments on removal page
  • [DNSBLWP-48] – Make notice on “comments disabled”-page, that admins are blacklisted (if they are)

2.0.4

Translation update (text domain fixed)

2.0.3

Text and translation

“Help us survive”-page is back

Our donation-page “help us survive” is back on track again.

As this site is not owned by any company or organization, our finances for it is also zero and handled completely privately on spare time – and time is something that we do not have much of.

Would you like to give us financial support, by donations? Check out the alternatives here!