From owner-freebsd-questions@FreeBSD.ORG Fri Aug 11 16:03:22 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D34116A4DF for ; Fri, 11 Aug 2006 16:03:22 +0000 (UTC) (envelope-from hakmi@rogers.com) Received: from smtp106.rog.mail.re2.yahoo.com (smtp106.rog.mail.re2.yahoo.com [68.142.225.204]) by mx1.FreeBSD.org (Postfix) with SMTP id B3D8443D49 for ; Fri, 11 Aug 2006 16:03:21 +0000 (GMT) (envelope-from hakmi@rogers.com) Received: (qmail 3849 invoked from network); 11 Aug 2006 16:03:20 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=Received:From:To:Cc:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Mailer:Thread-Index:X-MimeOLE:In-Reply-To; b=GD6FgO3kXoUv9o6o92UrxnLowb2myF133wzoFFN3OBGBuAgqnt4nS2DZAouhp+gqHKkIyqrmkwtsD723T2qmv+sUEen2BoSAS08UQP5EndVrbf6n1ac9EJk+lmNPREZ6/67DJLNlJJMTFJUGiZv1+wt0GYu0nbwlUVgCtDZmV5I= ; Received: from unknown (HELO tamouh) (hakmi@rogers.com@70.27.160.99 with login) by smtp106.rog.mail.re2.yahoo.com with SMTP; 11 Aug 2006 16:03:20 -0000 From: "Tamouh H." To: "'Chris Maness'" , "'Matthew Seaman'" Date: Fri, 11 Aug 2006 12:03:27 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: Aca9XUHJq72eFFxaRkWGmKwIo42IMwAAdnag X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 In-Reply-To: <44DCA600.4080809@chrismaness.com> Message-Id: <20060811160321.B3D8443D49@mx1.FreeBSD.org> Cc: freebsd-questions@freebsd.org Subject: RE: DNS Blacklist Script? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 16:03:22 -0000 > > =20 > >> Does anyone know of a script (or application) to=20 > automagically add a=20 > >> host to a dns blacklist? It would be very convenient to blacklist=20 > >> all the e-mails sent from a spammer to a honeypot address, or to=20 > >> blacklist all senders that thunderbird moves into the spam=20 > sub-folder. > >> =20 > > > > You need to be very careful implementing something like this. Most=20 > > Spam nowadays is bot-generated and uses forged 'From'=20 > addresses culled=20 > > from the address books on infected machines. Unless you're=20 > careful,=20 > > you're going to end up blocking a lot of completely=20 > innocent people,=20 > > or worse, blocking your own legitimate e-mail users. > > > > Having said that, consider SpamAssassin's 'Auto white list' feature. > > It also works as a black list, but it's not a binary=20 > on-off. Instead,=20 > > anyone who sends e-mail to your server gets a spam score=20 > depending on=20 > > the ratings of their previous e-mails to you. That's added to the=20 > > spam score for the e-mail being processed. So someone who=20 > continually=20 > > sends you spammy e-mails won't get the benefit of the doubt on a=20 > > marginal e-mail, but someone else who sends a lot of ham will. > > > > Also included in SpamAssassin is a client for the Vipul's=20 > Razor project. > > That's a database of checksums of spam e-mails that is updated live. > > Spammer starts sending a few million spam e-mails, but=20 > after the first=20 > > few, there's a mail signature in the Razor DB so that the=20 > rest of the=20 > > world can reject those spams straight away. (Port:=20 > mail/razor-agents, WWW: > > http://razor.sourceforge.net/) > > > > Integrating SpamAssassin into a mailing system can be done in many=20 > > ways depending on what mail software is in use and so forth. Ask=20 > > again here with details of your mail setup if you're=20 > interested in doing that. > > > > Cheers, > > > > Matthew > > > > =20 > The Razor project looks interesting. However, the site is=20 > poorly written, and I can't seem to find out how it actually works. >=20 > I am still interested in setting up a honeypot account on my=20 > server, then spreading this account all over the net so that=20 > the harvesters that have picked up my e-mail address will=20 > pick up the spamtrap address. =20 > Then, any e-mail received to this account will get canned. >=20 > Chris Maness Already many of the leading DNSBL lists like spamhaus.org and njbl.org = uses such methods to detect new spammers. We've been using the SBL-XBL + = dynablock + SURBL lists with much success reaching up to 95% reduction = in spam and so far very very very little false positives.