subject:"OT, spam tips."

Re: OT, spam tips.

2004-10-25 Thread Michelle Konzack

Am 2004-10-22 14:55:48, schrieb Lupe Christoph:
 Quoting tomasz abramowicz [EMAIL PROTECTED]:

 If you want that changed, file a bug against Spamassassin. But I hope
 this bug will be closed without action. SBL/XBL has too many false
 positives to rank higher.

???  -  I get every day more the 700 in my SPAM-Box with the
procmail filter attached... 

Most are catched by sbl-xbl.spamhaus.org and never I had FP's.

 cn-kr.blackholes.us dynablock.njabl.org bl.spamcop.net cbl.abuseat.org
 dnsbl-2.uceprotect.net taiwan.blackholes.us

Hmm, maybe I will add them to my list to get the last 5% of SPAM too :-)

 This list is most probably not what other people would use, so anybody
 who blindly copies it: don't blame me if you block mail that would have
 saved the world.

:-)

 If the sending IP address is ranked in SBL/XBL this is a good indication
 that the mail is Spam. But there are lots of other better criteria.
 
 HTH,
 Lupe Christoph

Greetings
Michelle

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917  ICQ #328449886
   50, rue de Soultz MSM LinuxMichi
0033/3/8845235667100 Strasbourg/France   IRC #Debian (irc.icq.com)

# 
# FLT_spamhaus
# 


SUB1=`formail -zxSubject:`
DATE1=`date +%d/%m/%Y %T`


# Open Relay check from www.spamhaus.org uses sbl-xbl lists
# and others


## first IP ##
:0 H
* Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{ 
  RECEIVIP=${MATCH} 
  
  :0
  * ! RECEIVIP ?? 127.0.0.1
  {
:0
* RECEIVIP ?? ()\/[0-9]+
{
  QUAD1=${MATCH}
  :0
  * RECEIVIP ?? [0-9]+\.\/[0-9]+
  {
QUAD2=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+
{
  QUAD3=${MATCH}
  :0
  * RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
  {
RECEIVIPREV=${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}
  }
}
  }
 sbl-xbl.spamhaus.org ##
  :0
  { REVCHECKIP=`host ${RECEIVIPREV}.sbl-xbl.spamhaus.org 21 | grep -v 'not 
found.'` }
  :0
  * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
  {
:0fhw
| formail -i Subject: *sbl-xbl.spamhaus.org* $SUB1
:0
* ^Subject:.*(*sbl-xbl.spamhaus.org*)
ATT_SPAM/HOST_sbl-xbl.spamhaus.org/
  }
 cbl.abuseat.org ###
  :0
  { REVCHECKIP=`host ${RECEIVIPREV}.cbl.abuseat.org 21 | grep -v 'not found.'` }
  :0
  * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
  {
:0fhw
| formail -i Subject: *cbl.abuseat.org* $SUB1
:0
* ^Subject:.*(*cbl.abuseat.org*)
ATT_SPAM/HOST_cbl.abuseat.org/
  }
 relays.ordb.org ###
  :0
  { REVCHECKIP=`host ${RECEIVIPREV}.relays.ordb.org 21 | grep -v 'not found.'` }
  :0
  * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
  {
:0 fhw
| formail -i Subject: *relays.ordb.org* $SUB1
:0
* ^Subject:.*(*relays.ordb.org*)
ATT_SPAM/HOST_relays.ordb.org/
  }
 opm.blitzed.org ###
  :0
  { REVCHECKIP=`host ${RECEIVIPREV}.opm.blitzed.org 21 | grep -v 'not found.'` }
  :0
  * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
  {
:0fhw
| formail -i Subject: *opm.blitzed.org* $SUB1
:0
* ^Subject:.*(*opm.blitzed.org*)
ATT_SPAM/HOST_opm.blitzed.org/
  }
 list.dsbl.org #
  :0
  { REVCHECKIP=`host ${RECEIVIPREV}.list.dsbl.org 21 | grep -v 'not found.'` }
  :0
  * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
  {
:0fhw
| formail -i Subject: *list.dsbl.org* $SUB1
:0
* ^Subject:.*(*list.dsbl.org*)
ATT_SPAM/HOST_list.dsbl.org/
  }
 dul.dnsbl.sorbs.org ###
  :0
  { REVCHECKIP=`host ${RECEIVIPREV}.dul.dnsbl.sorbs.org 21 | grep -v 'not 
found.'` }
  :0
  * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
  {
:0fhw
| formail -i Subject: *dul.dnsbl.sorbs.org* $SUB1
:0
* ^Subject:.*(*dul.dnsbl.sorbs.org*)
ATT_SPAM/HOST_dul.dnsbl.sorbs.org/
  }
 blackholes.mail-abuse.org #
  :0
  { REVCHECKIP=`host ${RECEIVIPREV}.blackholes.mail-abuse.org 21 | grep -v 'not 
found.'` }
  :0
  * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
  {
:0fhw
| formail -i Subject: *blackholes.mail-abuse.org* $SUB1
:0

Re: OT, spam tips.

2004-10-22 Thread Lupe Christoph

Quoting tomasz abramowicz [EMAIL PROTECTED]:

 sorry about the off topic, but maybe you guys at debian can fix what
 my internet provider is talking about?

 No problem, spam is always interesting to look at (well, at least
 for me ;).
 But when I see that they use SBL/XBL yet they still pass on the
 message to users then my stomach revolts ... it's like a waiter
 at a restaurant serving a dish to a customer and saying Please pay
 attention, sir, not to eat that dead fly you will find in the food.

If you want that changed, file a bug against Spamassassin. But I hope
this bug will be closed without action. SBL/XBL has too many false
positives to rank higher.

I have tested a large number of RBLs trying to find those with zero
false positives but still a high number of catches. I use the ones
I selected directly in postfix where they reject absolutely. The current
list is:

cn-kr.blackholes.us dynablock.njabl.org bl.spamcop.net cbl.abuseat.org
dnsbl-2.uceprotect.net taiwan.blackholes.us

This list is most probably not what other people would use, so anybody
who blindly copies it: don't blame me if you block mail that would have
saved the world.

If the sending IP address is ranked in SBL/XBL this is a good indication
that the mail is Spam. But there are lots of other better criteria.

HTH,
Lupe Christoph
-- 
| [EMAIL PROTECTED]   |   http://www.lupe-christoph.de/ |
| ... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity|
| Home for Badgers with Rabies.Michael Lucas | 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: OT, spam tips.

Re: OT, spam tips.

2 matches

Site Navigation

Mail list logo

Footer information