missconfigurations and contact addresses

Hi there,

in the last weeks we received a couple of complains from users
of different networks about getting banned due to listing in our
Tor DNSBL. Nearly all networks used a slightly "bad" configuration
for their bopm which also killed people who where connecting from
networks containing a tor node. So i'd like to clearify it a bit:
We have two types of listings in our dnsbl:
1. a tor node itself and
2. a subnet (class c) containing a tor node.
The first one is what most of you want to use but the second is
mostly useless for killing ppl. When we started the list, we noticed
a few tor nodes where not listed. After some investigations we found
this was because of the possibility to have multiple IPs on a node.
For that reason we listed also the network which contains a tor node
(it was requested by some networks, too). But the usage of this is
for notifying your admins/opers, not for killing ppl. BOPM allows
you to define multiple dnsbls and, most important, different reply
types. This can be used to get a global oper message when someone
within a tor network connects and to kill ppl directly from a tor
node. A sample config for killing users from direct tor nodes is
shown on our page (http://www.sectoor.de/tor.php):
blacklist {
   name = "tor.dnsbl.sectoor.de";
   type = "A record reply";
   reply {
      1 = "Tor exit server";
   };
   ban_unknown = no;
   kline = "KLINE *@%h :Tor exit server detected.";
};

Most important in this example: reply 1 is the only one used because
of ban_unknown = no. Some networks just forgot the ban_unknown, others
also defined reply 2 = "Tor Subnet" (or similar) and killed legit users.
When we receive complaints about that, we try to solve the problem
for the user (some of you already got contacted ;-) and this brings
me to reason number two for the todays mail:

- Contact addresses
When we receive complaints from users, we contact the networks etc.
and try to solve the problem for the user (if he was banned in case
of an error etc., not if he really runs a node and just shout "remove
me!!!" ;). This takes some time because some networks don't have
"good" contact ways. We had networks with unresponding admins, wrong
contact emails in /admin or /motd and stuff like that. So i'd like
to ask you about your preferred way to get contacted. Please drop
us a mail with contact data we should use to get in contact to you
in case of some problems. Would be nice if you put your network
name in the subject of the mail to make it easier to get things
sorted.

So, thats it for today. Thanks for using our dnsbls! If you have
any question, feel free to ask. We could also open a list for "talking"
about the lists and the usage etc. if enough ppl have a need for?

Regards,
Sven Michels
-- 
sectoor GmbH - Sven Michels  <*>  eMail: smichels(at)sectoor.de
Geschaeftsfuehrer            <*>  Web  :  http://www.sectoor.de
Huehnerweg 18                <*>  Tel  :    +49 (0)69 9637 6000
D - 60599 Frankfurt am Main  <*>  Fax  :    +49 (0)69 9637 6006