On 5/24/13, Chris White <phreaks@gmail.com> wrote: [snip]
I also like the DNSBL idea but I see the latency issues as possibly becoming a deterrent if using one single/multiple lists in itself much less if its down. Maybe DALnet could run its own as possibly support others?
How about generalize it to an "external policy deny mechanism"; basically a mechanism for IRCD to connect to a specified IP:PORT, report a connection attempt, and receive an answer in the form of either "OK" / "NOT OK", or a "spam score", combined with a refusal reason, if the client is deemed not OK by the policy service. When a client connects, the IP address is sent at registration, before reverse DNS lookup begins, to give the policy daemon time to begin preparing its response, possibly a USER line may be sent, during registration, to enable blacklisting based on resolve host, username, or real name fields. The Yes/No decision occurs at the USER line. This way you probably avoid additional latency, because there is already a delay involved in the reverse DNS lookup that IRCD already performs. A policy daemon being external to IRCD could implement any desired blacklisting mechanism. This could be a local database instead of a DNS query, in large environments. Or a server admin could run a number of policy servers for their IRC network, on separate dedicated hardware. A policy service like that could also be used as an alternative to the K:Line mechanism and other ways of banning users. If an IRC network runs their own policy servers, they could have custom code to check a centralized database specific to known abusers of their IRC network and ban reasons, before going out to poll the list of selected RBLs or RBL feeds. In this manner, providing an "external decision mechanism" adds a lot more flexibility than just including code in IRCD itself for one specific blacklist. So I see "external decision mechanism", plus maybe some bundled example program to check against a few common blacklists, as providing administrators with the greatest level of flexibility :)
Chris White/phreakshow -- -JH