Am 08.06.21 um 20:43 schrieb Scott Techlist via mailop:
>> I'm using the "registrar-servers.com" nameserver as a pretty good predictor
>> of spamminess. There are few exceptions of
>> legitimate senders who think they need such registration info protection but
>> they can be handled by individual exceptions.
> Hans-Martin
> Can you elaborate on how you use it? I'd like to implement that.
I have a system that's not ready for public release, but you can do it in
rspamd with some relatively simple lua code in
rspamd.local.lua (not this is basically my first attempt at writing an rspamd
lua extension, so bear with the quality).
It does not handle weights for different nameservers in bad_nameservers.map
yet. bad_nameservers would contain a line
"registrar-servers.com" (the ns1. etc. is stripped by lua function get_tld).
There are a number of other nameserver
domains which could go in there, but most serve only a small number of spammer
domains so are not of general value.
Hope the list does not mind some lines of code:
-- local lua rules
local rspamd_logger = require "rspamd_logger"
local rspamd_dns = require "rspamd_dns"
local rspamd_util = require "rspamd_util"
local bad_nameservers = rspamd_config:add_map{
type = "hash",
url = "/etc/rspamd/override.d/bad_nameservers.map",
description = "nameservers used by spammers"
}
rspamd_config.NS_FILTER = {
callback = function(task)
return false
end,
score = 5,
description = "checks domain name servers against a list",
group = "dns_checks"
}
local function dns_symbol(task)
local function dns_cb(_, to_resolve, results, err)
-- rspamd_logger.errx(task, "to_resolve=%2, results=%3, err=%4", _,
to_resolve, results, err)
if err then
task:insert_result('DNS_ERROR', 1.0, err)
else
local score = 0.0
for key,ns in ipairs(results) do
-- rspamd_logger.errx(task, "checking nameserver: %1", ns)
if bad_nameservers:get_key(rspamd_util.get_tld(ns)) then
-- rspamd_logger.errx(task, "bad nameserver: %1", ns)
score = 1.0
end
end
-- rspamd_logger.errx(task, "nameserver score: %1", score)
if score > 0 then
task:insert_result('FROM_NAMESERVER', 1.0, results)
else
task:insert_result('FROM_NAMESERVER', 0.0, results)
end
end
end
-- rspamd_logger.errx(task, "from=%1", task:get_from(0))
task:get_resolver():resolve_ns({
task = task,
name = task:get_from(0)[1]["domain"],
callback = dns_cb
})
end
rspamd_config:register_symbol({
name = 'FROM_NAMESERVER',
score = 8.0,
callback = dns_symbol,
group = "dns_checks",
})
Cheers,
Hans-Martin
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
