From owner-freebsd-questions@FreeBSD.ORG Thu Oct 26 17:01:29 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B93A616A407 for ; Thu, 26 Oct 2006 17:01:29 +0000 (UTC) (envelope-from jgordeev@dir.bg) Received: from dir.bg (mail.dir.bg [194.145.63.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1523443D67 for ; Thu, 26 Oct 2006 17:01:27 +0000 (GMT) (envelope-from jgordeev@dir.bg) Received: from [87.118.128.195] (account jgordeev HELO [10.102.9.40]) by dir.bg (CommuniGate Pro SMTP 4.2.10) with ESMTP-TLS id 22483515 for freebsd-questions@freebsd.org; Thu, 26 Oct 2006 20:01:43 +0300 Message-ID: <4540EAEE.509@dir.bg> Date: Thu, 26 Oct 2006 20:05:50 +0300 From: Jordan Gordeev User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7) Gecko/20060627 X-Accept-Language: bg, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20061025213046.I19297@wonkity.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Shell question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Oct 2006 17:01:29 -0000 Jack Stone wrote: >> From: Warren Block >> To: Jack Stone >> CC: freebsd-questions@freebsd.org >> Subject: Re: Shell question >> Date: Wed, 25 Oct 2006 21:35:55 -0600 (MDT) >> >> On Wed, 25 Oct 2006, Jack Stone wrote: >> >>> Folks: >>> I have managed to piece together a shell script that is able to >>> retrieve the domains from the spams of the day and summarize those in >>> a special file that can then be added to the sendmail's rejects in >>> the access.db. But, first I have to eyeball the list and remove any >>> obvious good-guy domains. >>> >>> I would like to create another list of those same good guys that can >>> be added to each day as they show up, then compare it to the above >>> main list and delete the good guy domains before adding to the >>> access.db. >> >> >> Greylisting will be much more effective than this approach, and is >> easier to implement. Combine that with sbl-xbl and maybe a few other >> DNSBLs, add greet_pause of five or ten seconds, and you have much more >> effectiveness with less false positives and much less maintenance. >> Adding clamav rounds out the whole thing. I wrote an article that >> covers some of this: >> >> http://www.wonkity.com/~wblock/greylist.pdf >> >> -Warren Block * Rapid City, South Dakota USA > > > This shell script is just icing on the cake -- In addition to the > DNSBLs, I have had all of those other filters running for years plus > milter-regex in the front line, then greylist, then clamav, SA. > > It's the SA (SpamAssassin) that provides me the list of bad-guy domains. > It's a very short list so I can always still eyeball it and remove any > obvious good ones. It's just sometimes I have made a mistake and let in > a good guy, say, like one of my own domains. If I had a "good-guy list" > to watch over my shoulder and check the bad-guy list before adding to > the access-reject, then those would never happen again. Those bad guys > are pretty obvious by their names. > > Even if the domains are "throw-aways", I can stop a few more this way > although I have to purge the sendmail access DB ever so often. My users > might get 1 or 2 spams a month with my line of defenses. Takes a lot of > my time, but worth the results. This shell would be a big help tho. > > Would appreciate any more tips on how to have my daily bad-guy list > checked against the good-guy list. Both are flat files with the domains > listed in a single column. > > Thanks guys! > > Jack > See comm(1).