Date: Thu, 26 Oct 2006 13:21:20 -0500 From: "Jack Stone" <antennex@hotmail.com> To: jgordeev@dir.bg, freebsd-questions@freebsd.org Subject: Re: Shell question Message-ID: <BAY125-F25B491F7707FC65618F7C1CC070@phx.gbl> In-Reply-To: <4540EAEE.509@dir.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: Jordan Gordeev <jgordeev@dir.bg> >To: freebsd-questions@freebsd.org >Subject: Re: Shell question >Date: Thu, 26 Oct 2006 20:05:50 +0300 > >Jack Stone wrote: >>>From: Warren Block <wblock@wonkity.com> >>>To: Jack Stone <antennex@hotmail.com> >>>CC: freebsd-questions@freebsd.org >>>Subject: Re: Shell question >>>Date: Wed, 25 Oct 2006 21:35:55 -0600 (MDT) >>> >>>On Wed, 25 Oct 2006, Jack Stone wrote: >>> >>>>Folks: >>>>I have managed to piece together a shell script that is able to retrieve >>>>the domains from the spams of the day and summarize those in a special >>>>file that can then be added to the sendmail's rejects in the access.db. >>>>But, first I have to eyeball the list and remove any obvious good-guy >>>>domains. >>>> >>>>I would like to create another list of those same good guys that can be >>>>added to each day as they show up, then compare it to the above main >>>>list and delete the good guy domains before adding to the access.db. >>> >>> >>>Greylisting will be much more effective than this approach, and is easier >>>to implement. Combine that with sbl-xbl and maybe a few other DNSBLs, >>>add greet_pause of five or ten seconds, and you have much more >>>effectiveness with less false positives and much less maintenance. Adding >>>clamav rounds out the whole thing. I wrote an article that covers some >>>of this: >>> >>>http://www.wonkity.com/~wblock/greylist.pdf >>> >>>-Warren Block * Rapid City, South Dakota USA >> >> >>This shell script is just icing on the cake -- In addition to the DNSBLs, >>I have had all of those other filters running for years plus milter-regex >>in the front line, then greylist, then clamav, SA. >> >>It's the SA (SpamAssassin) that provides me the list of bad-guy domains. >>It's a very short list so I can always still eyeball it and remove any >>obvious good ones. It's just sometimes I have made a mistake and let in a >>good guy, say, like one of my own domains. If I had a "good-guy list" to >>watch over my shoulder and check the bad-guy list before adding to the >>access-reject, then those would never happen again. Those bad guys are >>pretty obvious by their names. >> >>Even if the domains are "throw-aways", I can stop a few more this way >>although I have to purge the sendmail access DB ever so often. My users >>might get 1 or 2 spams a month with my line of defenses. Takes a lot of my >>time, but worth the results. This shell would be a big help tho. >> >>Would appreciate any more tips on how to have my daily bad-guy list >>checked against the good-guy list. Both are flat files with the domains >>listed in a single column. >> >>Thanks guys! >> >>Jack >> > >See comm(1). >_______________________________________________ Yep, that's it....!! Thanks, Jack _________________________________________________________________ Stay in touch with old friends and meet new ones with Windows Live Spaces http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY125-F25B491F7707FC65618F7C1CC070>