Date: Fri, 11 Aug 2006 08:45:04 -0700 From: Chris Maness <chris@chrismaness.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: DNS Blacklist Script? Message-ID: <44DCA600.4080809@chrismaness.com> In-Reply-To: <44D47850.5020705@infracaninophile.co.uk> References: <44D3ACE0.7050202@chrismaness.com> <44D47850.5020705@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > Chris Maness wrote: > >> Does anyone know of a script (or application) to automagically add a >> host to a dns blacklist? It would be very convenient to blacklist all >> the e-mails sent from a spammer to a honeypot address, or to blacklist >> all senders that thunderbird moves into the spam sub-folder. >> > > You need to be very careful implementing something like this. Most > Spam nowadays is bot-generated and uses forged 'From' addresses culled > from the address books on infected machines. Unless you're careful, > you're going to end up blocking a lot of completely innocent people, > or worse, blocking your own legitimate e-mail users. > > Having said that, consider SpamAssassin's 'Auto white list' feature. > It also works as a black list, but it's not a binary on-off. Instead, > anyone who sends e-mail to your server gets a spam score depending on > the ratings of their previous e-mails to you. That's added to the > spam score for the e-mail being processed. So someone who continually > sends you spammy e-mails won't get the benefit of the doubt on a marginal > e-mail, but someone else who sends a lot of ham will. > > Also included in SpamAssassin is a client for the Vipul's Razor project. > That's a database of checksums of spam e-mails that is updated live. > Spammer starts sending a few million spam e-mails, but after the first > few, there's a mail signature in the Razor DB so that the rest of the > world can reject those spams straight away. (Port: mail/razor-agents, WWW: > http://razor.sourceforge.net/) > > Integrating SpamAssassin into a mailing system can be done in many ways > depending on what mail software is in use and so forth. Ask again here > with details of your mail setup if you're interested in doing that. > > Cheers, > > Matthew > > The Razor project looks interesting. However, the site is poorly written, and I can't seem to find out how it actually works. I am still interested in setting up a honeypot account on my server, then spreading this account all over the net so that the harvesters that have picked up my e-mail address will pick up the spamtrap address. Then, any e-mail received to this account will get canned. Chris Maness
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44DCA600.4080809>