From owner-freebsd-questions@FreeBSD.ORG Fri Aug 11 15:45:09 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 662E616A4DD for ; Fri, 11 Aug 2006 15:45:09 +0000 (UTC) (envelope-from chris@chrismaness.com) Received: from ylpvm01.prodigy.net (ylpvm01-ext.prodigy.net [207.115.57.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAC1643D45 for ; Fri, 11 Aug 2006 15:45:06 +0000 (GMT) (envelope-from chris@chrismaness.com) X-ORBL: [75.19.0.61] Received: from [192.168.4.2] (adsl-75-19-0-61.dsl.irvnca.sbcglobal.net [75.19.0.61]) by ylpvm01.prodigy.net (8.13.7 out spool5000 dk/8.13.7) with ESMTP id k7BFiZ08017590; Fri, 11 Aug 2006 11:44:36 -0400 Message-ID: <44DCA600.4080809@chrismaness.com> Date: Fri, 11 Aug 2006 08:45:04 -0700 From: Chris Maness User-Agent: Thunderbird 1.5.0.5 (X11/20060801) MIME-Version: 1.0 To: Matthew Seaman References: <44D3ACE0.7050202@chrismaness.com> <44D47850.5020705@infracaninophile.co.uk> In-Reply-To: <44D47850.5020705@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: DNS Blacklist Script? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 15:45:09 -0000 Matthew Seaman wrote: > Chris Maness wrote: > >> Does anyone know of a script (or application) to automagically add a >> host to a dns blacklist? It would be very convenient to blacklist all >> the e-mails sent from a spammer to a honeypot address, or to blacklist >> all senders that thunderbird moves into the spam sub-folder. >> > > You need to be very careful implementing something like this. Most > Spam nowadays is bot-generated and uses forged 'From' addresses culled > from the address books on infected machines. Unless you're careful, > you're going to end up blocking a lot of completely innocent people, > or worse, blocking your own legitimate e-mail users. > > Having said that, consider SpamAssassin's 'Auto white list' feature. > It also works as a black list, but it's not a binary on-off. Instead, > anyone who sends e-mail to your server gets a spam score depending on > the ratings of their previous e-mails to you. That's added to the > spam score for the e-mail being processed. So someone who continually > sends you spammy e-mails won't get the benefit of the doubt on a marginal > e-mail, but someone else who sends a lot of ham will. > > Also included in SpamAssassin is a client for the Vipul's Razor project. > That's a database of checksums of spam e-mails that is updated live. > Spammer starts sending a few million spam e-mails, but after the first > few, there's a mail signature in the Razor DB so that the rest of the > world can reject those spams straight away. (Port: mail/razor-agents, WWW: > http://razor.sourceforge.net/) > > Integrating SpamAssassin into a mailing system can be done in many ways > depending on what mail software is in use and so forth. Ask again here > with details of your mail setup if you're interested in doing that. > > Cheers, > > Matthew > > The Razor project looks interesting. However, the site is poorly written, and I can't seem to find out how it actually works. I am still interested in setting up a honeypot account on my server, then spreading this account all over the net so that the harvesters that have picked up my e-mail address will pick up the spamtrap address. Then, any e-mail received to this account will get canned. Chris Maness