Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Oct 2006 13:21:20 -0500
From:      "Jack Stone" <antennex@hotmail.com>
To:        jgordeev@dir.bg, freebsd-questions@freebsd.org
Subject:   Re: Shell question
Message-ID:  <BAY125-F25B491F7707FC65618F7C1CC070@phx.gbl>
In-Reply-To: <4540EAEE.509@dir.bg>

next in thread | previous in thread | raw e-mail | index | archive | help



>From: Jordan Gordeev <jgordeev@dir.bg>
>To: freebsd-questions@freebsd.org
>Subject: Re: Shell question
>Date: Thu, 26 Oct 2006 20:05:50 +0300
>
>Jack Stone wrote:
>>>From: Warren Block <wblock@wonkity.com>
>>>To: Jack Stone <antennex@hotmail.com>
>>>CC: freebsd-questions@freebsd.org
>>>Subject: Re: Shell question
>>>Date: Wed, 25 Oct 2006 21:35:55 -0600 (MDT)
>>>
>>>On Wed, 25 Oct 2006, Jack Stone wrote:
>>>
>>>>Folks:
>>>>I have managed to piece together a shell script that is able to retrieve 
>>>>the domains from the spams of the day and summarize those in a special 
>>>>file that can then be added to the sendmail's rejects in the access.db. 
>>>>But, first I have to eyeball the list and remove any obvious good-guy 
>>>>domains.
>>>>
>>>>I would like to create another list of those same good guys that can be 
>>>>added to each day as they show up, then compare it to the above main 
>>>>list and delete the good guy domains before adding to the access.db.
>>>
>>>
>>>Greylisting will be much more effective than this approach, and is easier 
>>>to implement.  Combine that with sbl-xbl and maybe a few other DNSBLs, 
>>>add greet_pause of five or ten seconds, and you have much more 
>>>effectiveness with less false positives and much less maintenance. Adding 
>>>clamav rounds out the whole thing.  I wrote an article that covers some 
>>>of this:
>>>
>>>http://www.wonkity.com/~wblock/greylist.pdf
>>>
>>>-Warren Block * Rapid City, South Dakota USA
>>
>>
>>This shell script is just icing on the cake -- In addition to the DNSBLs, 
>>I have had all of those other filters running for years plus milter-regex 
>>in the front line, then greylist, then clamav, SA.
>>
>>It's the SA (SpamAssassin) that provides me the list of bad-guy domains. 
>>It's a very short list so I can always still eyeball it and remove any 
>>obvious good ones. It's just sometimes I have made a mistake and let in a 
>>good guy, say, like one of my own domains. If I had a "good-guy list" to 
>>watch over my shoulder and check the bad-guy list before adding to the 
>>access-reject, then those would never happen again. Those bad guys are 
>>pretty obvious by their names.
>>
>>Even if the domains are "throw-aways", I can stop a few more this way 
>>although I have to purge the sendmail access DB ever so often. My users 
>>might get 1 or 2 spams a month with my line of defenses. Takes a lot of my 
>>time, but worth the results. This shell would be a big help tho.
>>
>>Would appreciate any more tips on how to have my daily bad-guy list 
>>checked against the good-guy list. Both are flat files with the domains 
>>listed in a single column.
>>
>>Thanks guys!
>>
>>Jack
>>
>
>See comm(1).
>_______________________________________________

Yep, that's it....!!

Thanks,

Jack

_________________________________________________________________
Stay in touch with old friends and meet new ones with Windows Live Spaces 
http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY125-F25B491F7707FC65618F7C1CC070>