Date: Sat, 05 Aug 2006 11:52:00 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Chris Maness <chris@chrismaness.com> Cc: freebsd-questions@freebsd.org Subject: Re: DNS Blacklist Script? Message-ID: <44D47850.5020705@infracaninophile.co.uk> In-Reply-To: <44D3ACE0.7050202@chrismaness.com> References: <44D3ACE0.7050202@chrismaness.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBEA51CB0AC730F4815F65D64 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Chris Maness wrote: > Does anyone know of a script (or application) to automagically add a > host to a dns blacklist? It would be very convenient to blacklist all > the e-mails sent from a spammer to a honeypot address, or to blacklist > all senders that thunderbird moves into the spam sub-folder. You need to be very careful implementing something like this. Most Spam nowadays is bot-generated and uses forged 'From' addresses culled from the address books on infected machines. Unless you're careful, you're going to end up blocking a lot of completely innocent people, or worse, blocking your own legitimate e-mail users. Having said that, consider SpamAssassin's 'Auto white list' feature. It also works as a black list, but it's not a binary on-off. Instead, anyone who sends e-mail to your server gets a spam score depending on the ratings of their previous e-mails to you. That's added to the spam score for the e-mail being processed. So someone who continually sends you spammy e-mails won't get the benefit of the doubt on a marginal= e-mail, but someone else who sends a lot of ham will. Also included in SpamAssassin is a client for the Vipul's Razor project. That's a database of checksums of spam e-mails that is updated live. Spammer starts sending a few million spam e-mails, but after the first few, there's a mail signature in the Razor DB so that the rest of the world can reject those spams straight away. (Port: mail/razor-agents, WWW= : http://razor.sourceforge.net/) Integrating SpamAssassin into a mailing system can be done in many ways depending on what mail software is in use and so forth. Ask again here with details of your mail setup if you're interested in doing that. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enigBEA51CB0AC730F4815F65D64 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE1HhW8Mjk52CukIwRCMFgAJ9WCxXLY222FO0QJpPbWBhH5vR6tACfbeyZ N/SciO7IUYfXr4XdbFjJwyc= =2Byj -----END PGP SIGNATURE----- --------------enigBEA51CB0AC730F4815F65D64--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44D47850.5020705>