Hey orly!
Care to share your submission script? Let's get a contest going..! Ian On Thu, 9 May 2002, Orlando Andico wrote: > > Hello all, > > I've been having some dubious fun recently tweaking our spam-filtering > system at Mozcom. As you can imagine, with the volume of mail we're > moving, spam is a SERIOUS problem. > > In the past, my "solution" was a pattern-recognizer (I tweaked Postfix to > just scan the first 20 lines in body_checks to avoid horrendous CPU usage) > plus I maintained a list of "known spammer" IP's. > > Well.. that proved reasonably effective, but a big drain on me. > > We seem to have come up with a practical workaround: > > 1) DNS zone transfers from spamhaus.org to filter out hard-core spammers > 2) DNS subscription to ordb.org to filter open relays > 3) last ditch, my content-filtering scheme > > In the process, I've discovered a dubious method of having fun (tells you > something about my boring life..) > > and this is... submitting open-relay IP addresses to ORDB! it's easy if > you know how. What I do is, all the spam I receive (and I receive A LOT on > this 6-year-old email address) I save in a Pine folder. > > I have a bunch of Perl scripts which go through the spam folder looking > for the IP address of the last hop before Mozcom (which is the relay). > Then I submit them en-masse to ORDB. > > My "amusement" is trying to get a "high score" of positive open relay > confirms. It gives me a tiny bit of joy to add spammer relays to the ORDB > database, helps my employer's customers, AND helps everyone else who uses > ORDB. > > For today, I've had NINE (9) successful submissions!! just my tiny bit to > stop spam. That it's faintly amusing in a lame way is just gravy.. > > > Some stats (over the last 20-hour log period) > > 189387 total connects (incoming mail) > > 10254 rejects from spamhaus 3-hits SBL > 23528 rejects from ORDB open-relay RBL > 7139 rejects from my pattern-recognizer > > total spam rejects 40921 (21.6% of incoming mail) > > I still tweak my patterns file. If anyone wants a copy for their > /etc/postfix/body_checks file I can send it to them.. it does help catch > the last few bits that get through. > > (NB in spite of all this, I still get 20 spams a day, down from 100+) > > > --- > Orlando Andico <[EMAIL PROTECTED]> > Mosaic Communications, Inc. > > > > > > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to >[EMAIL PROTECTED] > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
