Dave,
One of the tests in invURIBL does exactly that. Resolves the IP address and
checks them against various RBL's. You can even configure additional RBL
checks for the IP against other RBL's.
This is how invURIBL is handled that domain on our server today. (Sorry for
any wrap).
Starting to process message.
cessofanne.com 127.0.0.116 URI from message body found in multi.surbl.org
[116] [Total Weight=17]
cessofanne.com 127.0.0.2 URI from message body found in black.uribl.com [2]
[Total Weight=24]
cessofanne.com 222.60.14.242 127.0.0.2 URI's name server listed in
sbl.spamhaus.org [5] [Total Weight=29]
Resolved cessofanne.com to 61.233.42.4
61.233.42.4 will not be checked on sbl.spamhaus.org due to name server skip
enabled. [Total Weight=29]
61.233.42.4 127.0.0.2 URI's IP listed in cn.countries.nerd.dk [3] [Total
Weight=32]
Darrell
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude, Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
Dave Beckstrom writes:
We're getting an annoying amount of Viagra spam which currently contain a
link to one of these two sites:
lanseislan.com
cessofanne.com
Both domains resolve to 61.233.42.4 which is owned by "CHINA RAILWAY
TELECOMMUNICATIONS CENTER"
The source of the spam is coming from IPs in Italy and elsewhere.
Sniffer isn't failing these domains yet. Is anyone doing a reverse IP on
domains names contained within the body of email messages and then failing
or tagging spam based on the IP the domains resolve to?
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
