jgordeev at dir.bg
Thu Oct 26 17:01:29 UTC 2006
Jack Stone wrote:
>> From: Warren Block <wblock at wonkity.com>
>> To: Jack Stone <antennex at hotmail.com>
>> CC: freebsd-questions at freebsd.org
>> Subject: Re: Shell question
>> Date: Wed, 25 Oct 2006 21:35:55 -0600 (MDT)
>> On Wed, 25 Oct 2006, Jack Stone wrote:
>>> I have managed to piece together a shell script that is able to
>>> retrieve the domains from the spams of the day and summarize those in
>>> a special file that can then be added to the sendmail's rejects in
>>> the access.db. But, first I have to eyeball the list and remove any
>>> obvious good-guy domains.
>>> I would like to create another list of those same good guys that can
>>> be added to each day as they show up, then compare it to the above
>>> main list and delete the good guy domains before adding to the
>> Greylisting will be much more effective than this approach, and is
>> easier to implement. Combine that with sbl-xbl and maybe a few other
>> DNSBLs, add greet_pause of five or ten seconds, and you have much more
>> effectiveness with less false positives and much less maintenance.
>> Adding clamav rounds out the whole thing. I wrote an article that
>> covers some of this:
>> -Warren Block * Rapid City, South Dakota USA
> This shell script is just icing on the cake -- In addition to the
> DNSBLs, I have had all of those other filters running for years plus
> milter-regex in the front line, then greylist, then clamav, SA.
> It's the SA (SpamAssassin) that provides me the list of bad-guy domains.
> It's a very short list so I can always still eyeball it and remove any
> obvious good ones. It's just sometimes I have made a mistake and let in
> a good guy, say, like one of my own domains. If I had a "good-guy list"
> to watch over my shoulder and check the bad-guy list before adding to
> the access-reject, then those would never happen again. Those bad guys
> are pretty obvious by their names.
> Even if the domains are "throw-aways", I can stop a few more this way
> although I have to purge the sendmail access DB ever so often. My users
> might get 1 or 2 spams a month with my line of defenses. Takes a lot of
> my time, but worth the results. This shell would be a big help tho.
> Would appreciate any more tips on how to have my daily bad-guy list
> checked against the good-guy list. Both are flat files with the domains
> listed in a single column.
> Thanks guys!
More information about the freebsd-questions