DNS Blacklist Script?
Tamouh H.
hakmi at rogers.com
Fri Aug 11 16:03:22 UTC 2006
> >
> >> Does anyone know of a script (or application) to
> automagically add a
> >> host to a dns blacklist? It would be very convenient to blacklist
> >> all the e-mails sent from a spammer to a honeypot address, or to
> >> blacklist all senders that thunderbird moves into the spam
> sub-folder.
> >>
> >
> > You need to be very careful implementing something like this. Most
> > Spam nowadays is bot-generated and uses forged 'From'
> addresses culled
> > from the address books on infected machines. Unless you're
> careful,
> > you're going to end up blocking a lot of completely
> innocent people,
> > or worse, blocking your own legitimate e-mail users.
> >
> > Having said that, consider SpamAssassin's 'Auto white list' feature.
> > It also works as a black list, but it's not a binary
> on-off. Instead,
> > anyone who sends e-mail to your server gets a spam score
> depending on
> > the ratings of their previous e-mails to you. That's added to the
> > spam score for the e-mail being processed. So someone who
> continually
> > sends you spammy e-mails won't get the benefit of the doubt on a
> > marginal e-mail, but someone else who sends a lot of ham will.
> >
> > Also included in SpamAssassin is a client for the Vipul's
> Razor project.
> > That's a database of checksums of spam e-mails that is updated live.
> > Spammer starts sending a few million spam e-mails, but
> after the first
> > few, there's a mail signature in the Razor DB so that the
> rest of the
> > world can reject those spams straight away. (Port:
> mail/razor-agents, WWW:
> > http://razor.sourceforge.net/)
> >
> > Integrating SpamAssassin into a mailing system can be done in many
> > ways depending on what mail software is in use and so forth. Ask
> > again here with details of your mail setup if you're
> interested in doing that.
> >
> > Cheers,
> >
> > Matthew
> >
> >
> The Razor project looks interesting. However, the site is
> poorly written, and I can't seem to find out how it actually works.
>
> I am still interested in setting up a honeypot account on my
> server, then spreading this account all over the net so that
> the harvesters that have picked up my e-mail address will
> pick up the spamtrap address.
> Then, any e-mail received to this account will get canned.
>
> Chris Maness
Already many of the leading DNSBL lists like spamhaus.org and njbl.org uses such methods to detect new spammers. We've been using the SBL-XBL + dynablock + SURBL lists with much success reaching up to 95% reduction in spam and so far very very very little false positives.
More information about the freebsd-questions
mailing list