Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>: > Dears, > > well, I just did version 0.01 of the URIWhois plugin. > > Its purpose is mainly to detect some spam containing URIs to sites in > brand-new domains, or having some conflict in whois and dns records, or > being driven by specific dns servers. > > So, it is meant to do something I believe someone else is already doing in > their SA, but this plugin is completely asynchronous in order to minimize > any performance impact. > > Also, it caches whois results. But the best thing is that, if you run more > SA copies on the same computer (in example, you use amavis), when one is > asked to issue a whois query for a domain which another copy is already > quering, the first SA copy waits for the results obtained by the latter! > > Finally, it is easily configurable to adapt to your own mileage: you may > even avoid whois queries by not using some of the rules. More details by > perldoc. > > Please note this is not stable stuff. It is... well, what's before alpha? > > The URIWhois plugin needs SA v.3.002003 (or above?) and would surely > appreciate a quite recent copy of BerkeleyDB (I'm using 0.31 with v.4.5 of > the berkeleydb libraries). > > You can download it from here: > http://www.tomassoni.biz/download/URIWhois-0.01.tar.bz2 (come on, it is 17 > KB...). > > Untar it on the /etc/spamassassin directory and you are (almost) done. > Review settings from the /etc/spamassassin/URIWhois.cf file. > > I would like to have this code reviewed by you, since I'm not that much used > to the async thingeries in SA. > > Enjoy! > > Giampaolo
In principle, this is a good concept; using domain whois data to spot bad domains can be useful. In practice, it's a really, really, really bad idea since the public whois infrastructure is not designed for this kind of high volume use. If many people did it, it would result in an effective DDOS against whois service, even with caching and delays. Please don't do it. It's much better to let URI blacklist operators such as SURBL handle these domains in a centralized way and publish the domain data via our four dozen DNS servers, etc. Jeff C.
