Am 16.12.2015 um 16:22 schrieb Shawn Bakhtiar:
On Dec 16, 2015, at 1:11 AM, Reindl Harald <h.rei...@thelounge.net> wrote: Am 15.12.2015 um 23:25 schrieb Juerg Reimann:I have a domain which gets a lot of spam to non-existent addresses. I thought why not set that domain to catch-all and feed all non-existent addresses directly to spamassassin. Any thoughts why this could be a bad idea? Of course any typos from real senders would also end up in sa, however, I believe that's in this case negligible...bayes poisioning when it's done without review on our honeypot only 20 out of 300 mails each day are usable for training, the rest is in the meantime 64 KB large random junkInstead of directly updating SA we use a program that updates our own DNS RBL using Bind DBZ and use counts as a metric incase any false positives (IE an occasional misspelled email) come through. We save the processed email in a folder for later training.
i prefer "rbldnsd" for that job, a small cronjob running every minute and re-create the zonefile does the job well, for blacklists it's much faster then bind
with the correct it detects automatically when the zonefile was changed and reloads it and last but not least you can rsync /var/lib/rbldnsd/ to other nodes and create redundancy without depend on a database
__________________________oh well, for lists which allow rsync or some other way to fetch their data you can have them local and save internet requests, on the MX unbound runs as recursive dns-cache and forwards to rbldnsnd running on a different port
forward-zone: name: "dnsbl.thelounge.net" forward-addr: 127.0.0.1@1053rbldns 447 0.0 0.6 42212 27376 ? Ss Dez12 0:56 /usr/sbin/rbldnsd -f -n -r/var/lib/rbldnsd -c 60s -t 300:300:300 -e -v -a -q -4 -b 127.0.0.1/1053 dnsbl.thelounge.net:ip4set:dnsbl.thelounge.net
signature.asc
Description: OpenPGP digital signature
