From owner-freebsd-questions@FreeBSD.ORG  Thu Oct 26 03:36:04 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E634A16A417
	for <freebsd-questions@freebsd.org>;
	Thu, 26 Oct 2006 03:36:04 +0000 (UTC)
	(envelope-from wblock@wonkity.com)
Received: from wonkity.com (wonkity.com [67.158.26.137])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4F43843D6A
	for <freebsd-questions@freebsd.org>;
	Thu, 26 Oct 2006 03:36:04 +0000 (GMT)
	(envelope-from wblock@wonkity.com)
Received: from wonkity.com (localhost [127.0.0.1])
	by wonkity.com (8.13.8/8.13.8) with ESMTP id k9Q3ZxWa019339;
	Wed, 25 Oct 2006 21:35:59 -0600 (MDT)
	(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
	by wonkity.com (8.13.8/8.13.8/Submit) with ESMTP id k9Q3ZtqF019336;
	Wed, 25 Oct 2006 21:35:55 -0600 (MDT)
	(envelope-from wblock@wonkity.com)
Date: Wed, 25 Oct 2006 21:35:55 -0600 (MDT)
From: Warren Block <wblock@wonkity.com>
To: Jack Stone <antennex@hotmail.com>
In-Reply-To: <BAY106-F3222330AF276AB9714149FCC060@phx.gbl>
Message-ID: <20061025213046.I19297@wonkity.com>
References: <BAY106-F3222330AF276AB9714149FCC060@phx.gbl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2
	(wonkity.com [127.0.0.1]); Wed, 25 Oct 2006 21:35:59 -0600 (MDT)
Cc: freebsd-questions@freebsd.org
Subject: Re: Shell question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Oct 2006 03:36:05 -0000

On Wed, 25 Oct 2006, Jack Stone wrote:

> Folks:
> I have managed to piece together a shell script that is able to retrieve the 
> domains from the spams of the day and summarize those in a special file that 
> can then be added to the sendmail's rejects in the access.db. But, first I 
> have to eyeball the list and remove any obvious good-guy domains.
>
> I would like to create another list of those same good guys that can be added 
> to each day as they show up, then compare it to the above main list and 
> delete the good guy domains before adding to the access.db.

Greylisting will be much more effective than this approach, and is 
easier to implement.  Combine that with sbl-xbl and maybe a few other 
DNSBLs, add greet_pause of five or ten seconds, and you have much more 
effectiveness with less false positives and much less maintenance. 
Adding clamav rounds out the whole thing.  I wrote an article that 
covers some of this:

http://www.wonkity.com/~wblock/greylist.pdf

-Warren Block * Rapid City, South Dakota USA