Date: Fri, 11 Aug 2006 12:03:27 -0400 From: "Tamouh H." <hakmi@rogers.com> To: "'Chris Maness'" <chris@chrismaness.com>, "'Matthew Seaman'" <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: RE: DNS Blacklist Script? Message-ID: <20060811160321.B3D8443D49@mx1.FreeBSD.org> In-Reply-To: <44DCA600.4080809@chrismaness.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > =20 > >> Does anyone know of a script (or application) to=20 > automagically add a=20 > >> host to a dns blacklist? It would be very convenient to blacklist=20 > >> all the e-mails sent from a spammer to a honeypot address, or to=20 > >> blacklist all senders that thunderbird moves into the spam=20 > sub-folder. > >> =20 > > > > You need to be very careful implementing something like this. Most=20 > > Spam nowadays is bot-generated and uses forged 'From'=20 > addresses culled=20 > > from the address books on infected machines. Unless you're=20 > careful,=20 > > you're going to end up blocking a lot of completely=20 > innocent people,=20 > > or worse, blocking your own legitimate e-mail users. > > > > Having said that, consider SpamAssassin's 'Auto white list' feature. > > It also works as a black list, but it's not a binary=20 > on-off. Instead,=20 > > anyone who sends e-mail to your server gets a spam score=20 > depending on=20 > > the ratings of their previous e-mails to you. That's added to the=20 > > spam score for the e-mail being processed. So someone who=20 > continually=20 > > sends you spammy e-mails won't get the benefit of the doubt on a=20 > > marginal e-mail, but someone else who sends a lot of ham will. > > > > Also included in SpamAssassin is a client for the Vipul's=20 > Razor project. > > That's a database of checksums of spam e-mails that is updated live. > > Spammer starts sending a few million spam e-mails, but=20 > after the first=20 > > few, there's a mail signature in the Razor DB so that the=20 > rest of the=20 > > world can reject those spams straight away. (Port:=20 > mail/razor-agents, WWW: > > http://razor.sourceforge.net/) > > > > Integrating SpamAssassin into a mailing system can be done in many=20 > > ways depending on what mail software is in use and so forth. Ask=20 > > again here with details of your mail setup if you're=20 > interested in doing that. > > > > Cheers, > > > > Matthew > > > > =20 > The Razor project looks interesting. However, the site is=20 > poorly written, and I can't seem to find out how it actually works. >=20 > I am still interested in setting up a honeypot account on my=20 > server, then spreading this account all over the net so that=20 > the harvesters that have picked up my e-mail address will=20 > pick up the spamtrap address. =20 > Then, any e-mail received to this account will get canned. >=20 > Chris Maness Already many of the leading DNSBL lists like spamhaus.org and njbl.org = uses such methods to detect new spammers. We've been using the SBL-XBL + = dynablock + SURBL lists with much success reaching up to 95% reduction = in spam and so far very very very little false positives.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060811160321.B3D8443D49>