From owner-freebsd-questions@FreeBSD.ORG  Sat Aug  5 10:52:38 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 340EA16A4DE
	for <freebsd-questions@freebsd.org>;
	Sat,  5 Aug 2006 10:52:38 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk
	[81.187.76.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3918943D4C
	for <freebsd-questions@freebsd.org>;
	Sat,  5 Aug 2006 10:52:36 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from [IPv6:::1] (localhost [IPv6:::1])
	by smtp.infracaninophile.co.uk (8.13.6/8.13.6) with ESMTP id
	k75Aq73k009500; Sat, 5 Aug 2006 11:52:07 +0100 (BST)
	(envelope-from m.seaman@infracaninophile.co.uk)
Authentication-Results: smtp.infracaninophile.co.uk
	from=m.seaman@infracaninophile.co.uk; sender-id=softfail;
	spf=softfail
X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk
	k75Aq73k009500
Message-ID: <44D47850.5020705@infracaninophile.co.uk>
Date: Sat, 05 Aug 2006 11:52:00 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Thunderbird 1.5.0.5 (X11/20060801)
MIME-Version: 1.0
To: Chris Maness <chris@chrismaness.com>
References: <44D3ACE0.7050202@chrismaness.com>
In-Reply-To: <44D3ACE0.7050202@chrismaness.com>
X-Enigmail-Version: 0.94.0.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enigBEA51CB0AC730F4815F65D64"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2
	(smtp.infracaninophile.co.uk [IPv6:::1]);
	Sat, 05 Aug 2006 11:52:27 +0100 (BST)
X-Virus-Scanned: ClamAV 0.88.3/1635/Fri Aug 4 14:00:11 2006 on
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS 
	autolearn=ham version=3.1.3
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on 
	happy-idiot-talk.infracaninophile.co.uk
Cc: freebsd-questions@freebsd.org
Subject: Re: DNS Blacklist Script?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2006 10:52:38 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBEA51CB0AC730F4815F65D64
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Chris Maness wrote:
> Does anyone know of a script (or application) to automagically add a
> host to a dns blacklist?  It would be very convenient to blacklist all
> the e-mails sent from a spammer to a honeypot address, or to blacklist
> all senders that thunderbird moves into the spam sub-folder.

You need to be very careful implementing something like this.  Most
Spam nowadays is bot-generated and uses forged 'From' addresses culled
from the address books on infected machines.  Unless you're careful,
you're going to end up blocking a lot of completely innocent people,
or worse, blocking your own legitimate e-mail users.

Having said that, consider SpamAssassin's 'Auto white list' feature.
It also works as a black list, but it's not a binary on-off.  Instead,
anyone who sends e-mail to your server gets a spam score depending on
the ratings of their previous e-mails to you.  That's added to the
spam score for the e-mail being processed.  So someone who continually
sends you spammy e-mails won't get the benefit of the doubt on a marginal=

e-mail, but someone else who sends a lot of ham will.

Also included in SpamAssassin is a client for the Vipul's Razor project.
That's a database of checksums of spam e-mails that is updated live.
Spammer starts sending a few million spam e-mails, but after the first
few, there's a mail signature in the Razor DB so that the rest of the
world can reject those spams straight away. (Port: mail/razor-agents, WWW=
:
http://razor.sourceforge.net/)

Integrating SpamAssassin into a mailing system can be done in many ways
depending on what mail software is in use and so forth.  Ask again here
with details of your mail setup if you're interested in doing that.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW


--------------enigBEA51CB0AC730F4815F65D64
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE1HhW8Mjk52CukIwRCMFgAJ9WCxXLY222FO0QJpPbWBhH5vR6tACfbeyZ
N/SciO7IUYfXr4XdbFjJwyc=
=2Byj
-----END PGP SIGNATURE-----

--------------enigBEA51CB0AC730F4815F65D64--