Re: new (nasty) spam pattern

Thu, 30 Jul 2015 08:20:59 -0700

On Wed, 29 Jul 2015 15:12:17 -0700, Steve Fairhead <st...@fivetrees.com> wrote>
But when it does, I'd like to hurt them. I also run spamd; can't seem to find a way to tarpit based on domain rather than IP... 

Any cluebats?



Steve, I had the some problem, lots of spammers were figuring out how to  
'climb over the greywall', so I added spamd-bpgd [1] and a few blacklists  
[2] into the mix.



I haven't figure out how to incorporate DNSBL into spamd, so I use the  
cruder method of downloading the blacklists every 20 minutes via ftp or  
rsync and a cronjob.



I also found a post in the mailing list archives which describes how to  
use greyscanner to trap any mailservers sending to addresses with numbers  
in them. [3] (hat tip to Joakim Aronius)


/etc/mail/spamd.conf
--------------------
all:\
        :bgp-spamd:spammers:lashback:blocklist-de:psbl:

bgp-spamd:\
         :black:\
         :msg="Your address %A has sent mail to a spamtrap\n\
          within the last 24 hours":\
         :method=file:\
         :file=/etc/mail/bgp-spamd.black:

spammers:\
        :black:\
        :msg="Your address %A has sent spam\n\
         within the last 24 hours":\
        :method=file:\
        :file=/etc/mail/spammers.black:

lashback:\
        :black:\
        :msg="Your address %A has been sending email to\n\
         names harvested from suppression files":\
        :method=file:\
        :file=/etc/mail/lashback.black:

blocklist-de:\
        :black:\
        :msg="Your address %A has been reported within\n\
         the last 48 hours as having run attacks on mail servers":\
        :method=file:\
        :file=/etc/mail/blocklist-de.black:

psbl:\
        :black:\
        :msg="Your address %A has been reported to the\n\
         passive spam block list psbl.org":\
        :method=file:\
        :file=/etc/mail/psbl.black:


# crontab -l
------------
# update bgp-spamd blacklist
20 * * * * /usr/local/sbin/bgp-spamd.black.sh
# update lashback blacklist every 20 minutes

20 * * * * ftp -o /etc/mail/lashback.black  
http://www.unsubscore.com/blacklist.txt && /usr/libexec/spamd-setup

# update blocklist-de blacklist every 20 minutes

20 * * * * ftp -o /etc/mail/blocklist-de.black  
https://lists.blocklist.de/lists/mail.txt && /usr/libexec/spamd-setup

# update passive spam block list every 20 minutes

20 * * * * /usr/local/bin/rsync -z psbl-mirror.surriel.com::psbl/psbl.txt  
/etc/mail/psbl.black && /usr/libexec/spamd-setup



[1] http://bgp-spamd.net/
[2] https://mxtoolbox.com/blacklists.aspx
[3]























					Reply via email to