Date: Thu, 26 Oct 2006 08:28:50 -0500 From: "Jack Stone" <antennex@hotmail.com> To: wblock@wonkity.com Cc: freebsd-questions@freebsd.org Subject: Re: Shell question Message-ID: <BAY125-F125A4299ABAC329A64499BCC070@phx.gbl> In-Reply-To: <20061025213046.I19297@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: Warren Block <wblock@wonkity.com> >To: Jack Stone <antennex@hotmail.com> >CC: freebsd-questions@freebsd.org >Subject: Re: Shell question >Date: Wed, 25 Oct 2006 21:35:55 -0600 (MDT) > >On Wed, 25 Oct 2006, Jack Stone wrote: > >>Folks: >>I have managed to piece together a shell script that is able to retrieve >>the domains from the spams of the day and summarize those in a special >>file that can then be added to the sendmail's rejects in the access.db. >>But, first I have to eyeball the list and remove any obvious good-guy >>domains. >> >>I would like to create another list of those same good guys that can be >>added to each day as they show up, then compare it to the above main list >>and delete the good guy domains before adding to the access.db. > >Greylisting will be much more effective than this approach, and is easier >to implement. Combine that with sbl-xbl and maybe a few other DNSBLs, add >greet_pause of five or ten seconds, and you have much more effectiveness >with less false positives and much less maintenance. Adding clamav rounds >out the whole thing. I wrote an article that covers some of this: > >http://www.wonkity.com/~wblock/greylist.pdf > >-Warren Block * Rapid City, South Dakota USA This shell script is just icing on the cake -- In addition to the DNSBLs, I have had all of those other filters running for years plus milter-regex in the front line, then greylist, then clamav, SA. It's the SA (SpamAssassin) that provides me the list of bad-guy domains. It's a very short list so I can always still eyeball it and remove any obvious good ones. It's just sometimes I have made a mistake and let in a good guy, say, like one of my own domains. If I had a "good-guy list" to watch over my shoulder and check the bad-guy list before adding to the access-reject, then those would never happen again. Those bad guys are pretty obvious by their names. Even if the domains are "throw-aways", I can stop a few more this way although I have to purge the sendmail access DB ever so often. My users might get 1 or 2 spams a month with my line of defenses. Takes a lot of my time, but worth the results. This shell would be a big help tho. Would appreciate any more tips on how to have my daily bad-guy list checked against the good-guy list. Both are flat files with the domains listed in a single column. Thanks guys! Jack _________________________________________________________________ Try Search Survival Kits: Fix up your home and better handle your cash with Live Search! http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=hmtagline
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY125-F125A4299ABAC329A64499BCC070>