On 2/12/2016 8:48 AM, Axb wrote:
On 02/12/2016 02:39 PM, Alex wrote:
Hi,
For some time now I've been cycling URLs and IPs through a mariadb
database gathered from incoming mail on a honeypot I've created.
Surprising how many are received ahead of spamhaus/barracuda.
I'm looking for ideas on how to now make this information available to
spamassassin on my production system. I'd like to somehow export the
IPs, any URLs in the body, and email addresses to spamassassin.
Is it possible for spamassassin to query a database directly?
Did you try iptables to block/allow IPs?
You'd need a custom plugin query the DB directly.
I'm familiar with how to create a uridnsbl, but is DNS the best
approach here?
DNS is cheap/reliable and simple to deploy / load balance.
The info needs to be updated and reloaded rapidly, and
not all the info (URLs, emails) are conducive to being in DNS.
rbldnsd can check and load fresh data instantly within seconds.
If your dataset is not HUGE (loading 100MB zones is slow) rbldnspy
will take inmemory updates so instant listings...
https://github.com/gryphius/rbldnspy
--
Allen Chen
Network Administrator
IT
Harbourfront Centre
235 Queens Quay West, Toronto, ON
M5J 2G8, Canada | harbourfrontcentre.com <http://www.harbourfrontcentre.com>
Office: +1 416 973 7973
Cell: +1 416 556 2493
