Re: DNS Blacklist Script?
Matthew Seaman wrote: Chris Maness wrote: Does anyone know of a script (or application) to automagically add a host to a dns blacklist? It would be very convenient to blacklist all the e-mails sent from a spammer to a honeypot address, or to blacklist all senders that thunderbird moves into the spam sub-folder. You need to be very careful implementing something like this. Most Spam nowadays is bot-generated and uses forged 'From' addresses culled from the address books on infected machines. Unless you're careful, you're going to end up blocking a lot of completely innocent people, or worse, blocking your own legitimate e-mail users. Having said that, consider SpamAssassin's 'Auto white list' feature. It also works as a black list, but it's not a binary on-off. Instead, anyone who sends e-mail to your server gets a spam score depending on the ratings of their previous e-mails to you. That's added to the spam score for the e-mail being processed. So someone who continually sends you spammy e-mails won't get the benefit of the doubt on a marginal e-mail, but someone else who sends a lot of ham will. Also included in SpamAssassin is a client for the Vipul's Razor project. That's a database of checksums of spam e-mails that is updated live. Spammer starts sending a few million spam e-mails, but after the first few, there's a mail signature in the Razor DB so that the rest of the world can reject those spams straight away. (Port: mail/razor-agents, WWW: http://razor.sourceforge.net/) Integrating SpamAssassin into a mailing system can be done in many ways depending on what mail software is in use and so forth. Ask again here with details of your mail setup if you're interested in doing that. Cheers, Matthew The Razor project looks interesting. However, the site is poorly written, and I can't seem to find out how it actually works. I am still interested in setting up a honeypot account on my server, then spreading this account all over the net so that the harvesters that have picked up my e-mail address will pick up the spamtrap address. Then, any e-mail received to this account will get canned. Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: DNS Blacklist Script?
Does anyone know of a script (or application) to automagically add a host to a dns blacklist? It would be very convenient to blacklist all the e-mails sent from a spammer to a honeypot address, or to blacklist all senders that thunderbird moves into the spam sub-folder. You need to be very careful implementing something like this. Most Spam nowadays is bot-generated and uses forged 'From' addresses culled from the address books on infected machines. Unless you're careful, you're going to end up blocking a lot of completely innocent people, or worse, blocking your own legitimate e-mail users. Having said that, consider SpamAssassin's 'Auto white list' feature. It also works as a black list, but it's not a binary on-off. Instead, anyone who sends e-mail to your server gets a spam score depending on the ratings of their previous e-mails to you. That's added to the spam score for the e-mail being processed. So someone who continually sends you spammy e-mails won't get the benefit of the doubt on a marginal e-mail, but someone else who sends a lot of ham will. Also included in SpamAssassin is a client for the Vipul's Razor project. That's a database of checksums of spam e-mails that is updated live. Spammer starts sending a few million spam e-mails, but after the first few, there's a mail signature in the Razor DB so that the rest of the world can reject those spams straight away. (Port: mail/razor-agents, WWW: http://razor.sourceforge.net/) Integrating SpamAssassin into a mailing system can be done in many ways depending on what mail software is in use and so forth. Ask again here with details of your mail setup if you're interested in doing that. Cheers, Matthew The Razor project looks interesting. However, the site is poorly written, and I can't seem to find out how it actually works. I am still interested in setting up a honeypot account on my server, then spreading this account all over the net so that the harvesters that have picked up my e-mail address will pick up the spamtrap address. Then, any e-mail received to this account will get canned. Chris Maness Already many of the leading DNSBL lists like spamhaus.org and njbl.org uses such methods to detect new spammers. We've been using the SBL-XBL + dynablock + SURBL lists with much success reaching up to 95% reduction in spam and so far very very very little false positives. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS Blacklist Script?
Already many of the leading DNSBL lists like spamhaus.org and njbl.org uses such methods to detect new spammers. We've been using the SBL-XBL + dynablock + SURBL lists with much success reaching up to 95% reduction in spam and so far very very very little false positives. I have noticed the amount of spam I have been getting climbing, so I needed to crack down. Thanks, I had SBL but not SBL-XBL. I also added dynablock.njabl.org and multi.surbl.org. This is the anti-spam part of my freebsd.mc. That should do the trick. FEATURE(`dnsbl', `no-more-funn.moensted.dk', `Spammer ${client_addr} $f reject ed: see http://www.moensted.dk/ (relays)') FEATURE(`dnsbl',`blackholes.mail-abuse.org',` Mail from ${client_addr} rejected : see http://mail-abuse.org/cgi-bin/lookup?$; {client_addr}')dnl FEATURE(`dnsbl',`bl.spamcop.net',` Mail from ${client_addr} Blocked - see http: //www.spamcop.net/bl.shtml?$ {client_addr}')dnl FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `Spammer ${client_addr} $f rejected: see http://www.spamhaus.org/sbl/index.lasso') FEATURE(`dnsbl', `list.dsbl.org', `Spammer ${client_addr} $f rejected: see htt p://dsbl.org/main') FEATURE(`dnsbl', `bl.kq6up.org', `Spammer ${client_addr} $f rejected: buzz off spammer') FEATURE(`dnsbl', `dynablock.njabl.org', `Spammer ${client_addr} $f rejected: s ee http://www.njabl.org/dynablock.html') FEATURE(`dnsbl', `multi.surbl.org', `Spammer ${client_addr} $f rejected: see h ttp://www.surbl.org') ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS Blacklist Script?
Chris Maness wrote: Does anyone know of a script (or application) to automagically add a host to a dns blacklist? It would be very convenient to blacklist all the e-mails sent from a spammer to a honeypot address, or to blacklist all senders that thunderbird moves into the spam sub-folder. You need to be very careful implementing something like this. Most Spam nowadays is bot-generated and uses forged 'From' addresses culled from the address books on infected machines. Unless you're careful, you're going to end up blocking a lot of completely innocent people, or worse, blocking your own legitimate e-mail users. Having said that, consider SpamAssassin's 'Auto white list' feature. It also works as a black list, but it's not a binary on-off. Instead, anyone who sends e-mail to your server gets a spam score depending on the ratings of their previous e-mails to you. That's added to the spam score for the e-mail being processed. So someone who continually sends you spammy e-mails won't get the benefit of the doubt on a marginal e-mail, but someone else who sends a lot of ham will. Also included in SpamAssassin is a client for the Vipul's Razor project. That's a database of checksums of spam e-mails that is updated live. Spammer starts sending a few million spam e-mails, but after the first few, there's a mail signature in the Razor DB so that the rest of the world can reject those spams straight away. (Port: mail/razor-agents, WWW: http://razor.sourceforge.net/) Integrating SpamAssassin into a mailing system can be done in many ways depending on what mail software is in use and so forth. Ask again here with details of your mail setup if you're interested in doing that. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: DNS Blacklist Script?
Matthew Seaman wrote: You need to be very careful implementing something like this. Most Spam nowadays is bot-generated and uses forged 'From' addresses culled from the address books on infected machines. Unless you're careful, you're going to end up blocking a lot of completely innocent people, or worse, blocking your own legitimate e-mail users. DNS based blacklists are based on the senders IP address, not the forged from address. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS Blacklist Script?
Your best is to report them to spamcop. I believe there is a plug-in for thunderbird to do that. -Derek At 03:24 PM 8/4/2006, Chris Maness wrote: Does anyone know of a script (or application) to automagically add a host to a dns blacklist? It would be very convenient to blacklist all the e-mails sent from a spammer to a honeypot address, or to blacklist all senders that thunderbird moves into the spam sub-folder. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]