DNS Blacklist Script?

Matthew Seaman m.seaman at infracaninophile.co.uk
Sat Aug 5 10:52:38 UTC 2006 

Chris Maness wrote:
> Does anyone know of a script (or application) to automagically add a
> host to a dns blacklist?  It would be very convenient to blacklist all
> the e-mails sent from a spammer to a honeypot address, or to blacklist
> all senders that thunderbird moves into the spam sub-folder.

You need to be very careful implementing something like this.  Most
Spam nowadays is bot-generated and uses forged 'From' addresses culled
from the address books on infected machines.  Unless you're careful,
you're going to end up blocking a lot of completely innocent people,
or worse, blocking your own legitimate e-mail users.

Having said that, consider SpamAssassin's 'Auto white list' feature.
It also works as a black list, but it's not a binary on-off.  Instead,
anyone who sends e-mail to your server gets a spam score depending on
the ratings of their previous e-mails to you.  That's added to the
spam score for the e-mail being processed.  So someone who continually
sends you spammy e-mails won't get the benefit of the doubt on a marginal
e-mail, but someone else who sends a lot of ham will.

Also included in SpamAssassin is a client for the Vipul's Razor project.
That's a database of checksums of spam e-mails that is updated live.
Spammer starts sending a few million spam e-mails, but after the first
few, there's a mail signature in the Razor DB so that the rest of the
world can reject those spams straight away. (Port: mail/razor-agents, WWW:
http://razor.sourceforge.net/)

Integrating SpamAssassin into a mailing system can be done in many ways
depending on what mail software is in use and so forth.  Ask again here
with details of your mail setup if you're interested in doing that.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060805/76ac96dc/signature.pgp

More information about the freebsd-questions mailing list