Am 2004-10-22 14:55:48, schrieb Lupe Christoph: > Quoting tomasz abramowicz <[EMAIL PROTECTED]>:
> If you want that changed, file a bug against Spamassassin. But I hope > this bug will be closed without action. SBL/XBL has too many false > positives to rank higher. ??? - I get every day more the 700 in my SPAM-Box with the procmail filter attached... Most are catched by sbl-xbl.spamhaus.org and never I had FP's. > cn-kr.blackholes.us dynablock.njabl.org bl.spamcop.net cbl.abuseat.org > dnsbl-2.uceprotect.net taiwan.blackholes.us Hmm, maybe I will add them to my list to get the last 5% of SPAM too :-) > This list is most probably not what other people would use, so anybody > who blindly copies it: don't blame me if you block mail that would have > saved the world. :-) > If the sending IP address is ranked in SBL/XBL this is a good indication > that the mail is Spam. But there are lots of other better criteria. > > HTH, > Lupe Christoph Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/88452356 67100 Strasbourg/France IRC #Debian (irc.icq.com)
####################################################################
#
# FLT_spamhaus
#
####################################################################
SUB1=`formail -zxSubject:`
DATE1=`date +"%d/%m/%Y %T"`
####################################################################
# Open Relay check from <www.spamhaus.org> uses sbl-xbl lists
# and others
####################################################################
########## first IP ##########
:0 H
* Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
RECEIVIP=${MATCH}
:0
* ! RECEIVIP ?? 127.0.0.1
{
:0
* RECEIVIP ?? ()\/[0-9]+
{
QUAD1=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.\/[0-9]+
{
QUAD2=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+
{
QUAD3=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
{
RECEIVIPREV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
}
}
}
################ sbl-xbl.spamhaus.org ##############################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not
found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1"
:0
* ^Subject:.*(*****sbl-xbl.spamhaus.org*****)
ATT_SPAM/HOST_sbl-xbl.spamhaus.org/
}
################ cbl.abuseat.org ###################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.cbl.abuseat.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****cbl.abuseat.org***** $SUB1"
:0
* ^Subject:.*(*****cbl.abuseat.org*****)
ATT_SPAM/HOST_cbl.abuseat.org/
}
################ relays.ordb.org ###################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.relays.ordb.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0 fhw
| formail -i "Subject: *****relays.ordb.org***** $SUB1"
:0
* ^Subject:.*(*****relays.ordb.org*****)
ATT_SPAM/HOST_relays.ordb.org/
}
################ opm.blitzed.org ###################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.opm.blitzed.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****opm.blitzed.org***** $SUB1"
:0
* ^Subject:.*(*****opm.blitzed.org*****)
ATT_SPAM/HOST_opm.blitzed.org/
}
################ list.dsbl.org #####################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.list.dsbl.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****list.dsbl.org***** $SUB1"
:0
* ^Subject:.*(*****list.dsbl.org*****)
ATT_SPAM/HOST_list.dsbl.org/
}
################ dul.dnsbl.sorbs.org ###############################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.dul.dnsbl.sorbs.org 2>&1 | grep -v 'not
found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1"
:0
* ^Subject:.*(*****dul.dnsbl.sorbs.org*****)
ATT_SPAM/HOST_dul.dnsbl.sorbs.org/
}
################ blackholes.mail-abuse.org #########################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.blackholes.mail-abuse.org 2>&1 | grep -v 'not
found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****blackholes.mail-abuse.org***** $SUB1"
:0
* ^Subject:.*(*****blackholes.mail-abuse.org*****)
ATT_SPAM/HOST_blackholes.mail-abuse.org/
}
################ dialups.mail-abuse.org #########################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.dialups.mail-abuse.org 2>&1 | grep -v 'not
found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****dialups.mail-abuse.org***** $SUB1"
:0
* ^Subject:.*(*****dialups.mail-abuse.org*****)
ATT_SPAM/HOST_dialups.mail-abuse.org/
}
}
}
}
########## second IP ##########
:0 H
* Received: from.*\[.*\](.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
RECEIVIP2=${MATCH}
:0
* ! RECEIVIP2 ?? 127.0.0.1
{
:0
* RECEIVIP2 ?? ()\/[0-9]+
{
QUAD1=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.\/[0-9]+
{
QUAD2=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.[0-9]+\.\/[0-9]+
{
QUAD3=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
{
RECEIVIP2REV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
}
}
}
################ sbl-xbl.spamhaus.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not
found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1"
:0
* ^Subject:.*(*****sbl-xbl.spamhaus.org*****)
ATT_SPAM/HOST_sbl-xbl.spamhaus.org/
}
################ cbl.abuseat.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.cbl.abuseat.org 2>&1 | grep -v 'not found.'`
}
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****cbl.abuseat.org***** $SUB1"
:0
* ^Subject:.*(*****cbl.abuseat.org*****)
ATT_SPAM/HOST_cbl.abuseat.org/
}
################ relays.ordb.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.relays.ordb.org 2>&1 | grep -v 'not found.'`
}
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0 fhw
| formail -i "Subject: *****relays.ordb.org***** $SUB1"
:0
* ^Subject:.*(*****relays.ordb.org*****)
ATT_SPAM/HOST_relays.ordb.org/
}
################ opm.blitzed.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.opm.blitzed.org 2>&1 | grep -v 'not found.'`
}
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****opm.blitzed.org***** $SUB1"
:0
* ^Subject:.*(*****opm.blitzed.org*****)
ATT_SPAM/HOST_opm.blitzed.org/
}
################ list.dsbl.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.list.dsbl.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****list.dsbl.org***** $SUB1"
:0
* ^Subject:.*(*****list.dsbl.org*****)
ATT_SPAM/HOST_list.dsbl.org/
}
################ dul.dnsbl.sorbs.org ###############################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.dul.dnsbl.sorbs.org 2>&1 | grep -v 'not
found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1"
:0
* ^Subject:.*(*****dul.dnsbl.sorbs.org*****)
ATT_SPAM/HOST_dul.dnsbl.sorbs.org/
}
################ blackholes.mail-abuse.org #########################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.blackholes.mail-abuse.org 2>&1 | grep -v
'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****blackholes.mail-abuse.org***** $SUB1"
:0
* ^Subject:.*(*****blackholes.mail-abuse.org*****)
ATT_SPAM/HOST_blackholes.mail-abuse.org/
}
################ dialups.mail-abuse.org ############################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.dialups.mail-abuse.org 2>&1 | grep -v 'not
found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****dialups.mail-abuse.org***** $SUB1"
:0
* ^Subject:.*(*****dialups.mail-abuse.org*****)
ATT_SPAM/HOST_dialups.mail-abuse.org/
}
}
}
}
########################################### END-OF-SPAMHAUS ########
signature.pgp
Description: Digital signature
