Date: Thu, 26 Oct 2006 20:05:50 +0300 From: Jordan Gordeev <jgordeev@dir.bg> To: freebsd-questions@freebsd.org Subject: Re: Shell question Message-ID: <4540EAEE.509@dir.bg> In-Reply-To: <BAY125-F125A4299ABAC329A64499BCC070@phx.gbl> References: <20061025213046.I19297@wonkity.com> <BAY125-F125A4299ABAC329A64499BCC070@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
Jack Stone wrote: >> From: Warren Block <wblock@wonkity.com> >> To: Jack Stone <antennex@hotmail.com> >> CC: freebsd-questions@freebsd.org >> Subject: Re: Shell question >> Date: Wed, 25 Oct 2006 21:35:55 -0600 (MDT) >> >> On Wed, 25 Oct 2006, Jack Stone wrote: >> >>> Folks: >>> I have managed to piece together a shell script that is able to >>> retrieve the domains from the spams of the day and summarize those in >>> a special file that can then be added to the sendmail's rejects in >>> the access.db. But, first I have to eyeball the list and remove any >>> obvious good-guy domains. >>> >>> I would like to create another list of those same good guys that can >>> be added to each day as they show up, then compare it to the above >>> main list and delete the good guy domains before adding to the >>> access.db. >> >> >> Greylisting will be much more effective than this approach, and is >> easier to implement. Combine that with sbl-xbl and maybe a few other >> DNSBLs, add greet_pause of five or ten seconds, and you have much more >> effectiveness with less false positives and much less maintenance. >> Adding clamav rounds out the whole thing. I wrote an article that >> covers some of this: >> >> http://www.wonkity.com/~wblock/greylist.pdf >> >> -Warren Block * Rapid City, South Dakota USA > > > This shell script is just icing on the cake -- In addition to the > DNSBLs, I have had all of those other filters running for years plus > milter-regex in the front line, then greylist, then clamav, SA. > > It's the SA (SpamAssassin) that provides me the list of bad-guy domains. > It's a very short list so I can always still eyeball it and remove any > obvious good ones. It's just sometimes I have made a mistake and let in > a good guy, say, like one of my own domains. If I had a "good-guy list" > to watch over my shoulder and check the bad-guy list before adding to > the access-reject, then those would never happen again. Those bad guys > are pretty obvious by their names. > > Even if the domains are "throw-aways", I can stop a few more this way > although I have to purge the sendmail access DB ever so often. My users > might get 1 or 2 spams a month with my line of defenses. Takes a lot of > my time, but worth the results. This shell would be a big help tho. > > Would appreciate any more tips on how to have my daily bad-guy list > checked against the good-guy list. Both are flat files with the domains > listed in a single column. > > Thanks guys! > > Jack > See comm(1).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4540EAEE.509>