Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: Devdas Bhagat <devdas () worldgatein net>
Date: Thu, 18 Jul 2002 11:50:02 +0530
On 17/07/02 16:57 -0700, Dominik Miklaszewski wrote:
Guys, These days spam gets really, annoying (timewise and costwise) from a busy admin standpoint.. I run pair of sendmails with RBL (ordb.org) feature turned on and two anti-virus SMTP behind them, it's been catching maybe 20-30% of that trash..
<snip>
Here's the idea: 1. create a postmaster account on a Unix box and forward that spewage to it.
I assume that this is other than your regular postmaster account?
2. A cronjob would be running on these entities in postmaster's bucket parsing the "Received:" lines
Easier would be to pipe it to a script that does this job in real time and adds names to a database. Build a DNSBL from this database at regular intervals.
3. Input taken from 2. would be run against MX checking with the assumption that all those "DELIVERY FAILURE 55x:" are spewage.
Watch for valid MX records that never run mail servers, and Mx records of RFC 1918 addresses (been getting some of those nowadays).
4. There'll be a black list created from 3. with all those IP's and domains that fail 3. checks.
Just add relays.osirusoft.com to your blackhole list. Catches half the spam I get. Google for IMGate, thats a very stringly antispam postfix config.
I'm planning to let this process run and grow that black list to see what percentage of that crap I'd able to nail down.. What do you think? Would it be easier to do with Exim/Smail/Postfix ?
Any of these, AFAIK. Just create your own DNSBL and use that.
I'm sorry it's slightly off of that lists mainstream ..but since we have so lively discussion on different MTAs I dared to ask.
(Hey, Spam is just unwanted crap at the application level, so you are on topic -- Application proxies do come under firewalls). Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: FWTK and smap/smapd, (continued)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Paul Robertson (Jul 17)
- Message not available
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 18)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Roger Marquis (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Bennett Todd (Jul 17)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Roger Marquis (Jul 17)
- Re: FWTK and smap/smapd Brian Hatch (Jul 17)
- Re: FWTK and smap/smapd Dominik Miklaszewski (Jul 17)
- Re: FWTK and smap/smapd Devdas Bhagat (Jul 18)
- Re: FWTK and smap/smapd Greg Polanski (Jul 18)
- RE: FWTK and smap/smapd Karl Vogel (Jul 18)