Date: Fri, 11 Aug 2006 12:03:27 -0400 From: "Tamouh H." <hakmi@rogers.com> To: "'Chris Maness'" <chris@chrismaness.com>, "'Matthew Seaman'" <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: RE: DNS Blacklist Script? Message-ID: <20060811160321.B3D8443D49@mx1.FreeBSD.org> In-Reply-To: <44DCA600.4080809@chrismaness.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > >> Does anyone know of a script (or application) to > automagically add a > >> host to a dns blacklist? It would be very convenient to blacklist > >> all the e-mails sent from a spammer to a honeypot address, or to > >> blacklist all senders that thunderbird moves into the spam > sub-folder. > >> > > > > You need to be very careful implementing something like this. Most > > Spam nowadays is bot-generated and uses forged 'From' > addresses culled > > from the address books on infected machines. Unless you're > careful, > > you're going to end up blocking a lot of completely > innocent people, > > or worse, blocking your own legitimate e-mail users. > > > > Having said that, consider SpamAssassin's 'Auto white list' feature. > > It also works as a black list, but it's not a binary > on-off. Instead, > > anyone who sends e-mail to your server gets a spam score > depending on > > the ratings of their previous e-mails to you. That's added to the > > spam score for the e-mail being processed. So someone who > continually > > sends you spammy e-mails won't get the benefit of the doubt on a > > marginal e-mail, but someone else who sends a lot of ham will. > > > > Also included in SpamAssassin is a client for the Vipul's > Razor project. > > That's a database of checksums of spam e-mails that is updated live. > > Spammer starts sending a few million spam e-mails, but > after the first > > few, there's a mail signature in the Razor DB so that the > rest of the > > world can reject those spams straight away. (Port: > mail/razor-agents, WWW: > > http://razor.sourceforge.net/) > > > > Integrating SpamAssassin into a mailing system can be done in many > > ways depending on what mail software is in use and so forth. Ask > > again here with details of your mail setup if you're > interested in doing that. > > > > Cheers, > > > > Matthew > > > > > The Razor project looks interesting. However, the site is > poorly written, and I can't seem to find out how it actually works. > > I am still interested in setting up a honeypot account on my > server, then spreading this account all over the net so that > the harvesters that have picked up my e-mail address will > pick up the spamtrap address. > Then, any e-mail received to this account will get canned. > > Chris Maness Already many of the leading DNSBL lists like spamhaus.org and njbl.org uses such methods to detect new spammers. We've been using the SBL-XBL + dynablock + SURBL lists with much success reaching up to 95% reduction in spam and so far very very very little false positives.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060811160321.B3D8443D49>