Re: Debian Lists, USENET & Spam

[Karsten M. Self]

on Sun, Jan 06, 2002 at 12:05:32PM -0500, dman ([EMAIL PROTECTED]) wrote:
> On Sun, Jan 06, 2002 at 09:20:12AM -0500, Jens Gecius wrote:
> | dman <[EMAIL PROTECTED]> writes:
> | 
> | > On Fri, Jan 04, 2002 at 08:27:13PM -0800, Paul E Condon wrote:
> | > | Where is there a HOWTO or tutorial on using available tools (e.g.
> | > | procmail) to filter spam? Is it something that the "unwashed masses"
> | > | like myself can learn to do?
> | >
> | > If you would like, I can send you what I have.
> | >
> | > I made a script I that given a message on stdin will append the
> | > address in the From: header to a file.  I also have a mutt macro that
> | > invokes this script (and flags the message for deletion) with a single
> | > key press.  This part is just to reduce the effort required to
> | > blacklist someone.  I have exim setup to check that file against
> | > sender addresses and return a failure notice (instead of delivering)
> | > any address that is blacklisted.  It is really a simple setup (just
> | > several components).
> | >
> | > When I see some spam that hits my inbox, I press F12 and it goes away
> | > forever :-).
> | 
> | OK, so, could you post your scripts? That might be very helpful for
> | others.
> 
> The script is 
> 
> ------ ~/bin/spammer_log.py ------
> #!/usr/bin/python2.2
> 
> """
> This script takes an RFC2822 message on stdin, extracts the From: address and
> records it in a blacklist of spammers.

I find such blacklists are rarely effective.  Spammers typically use
one-shot addresses.  You'll have to filter against relaying hosts, often
by IP.

Here's a question:  I'd like to effectively block entire netblocks,
e.g.:   the entire Ciberlynx netblock

    Ciberlynx, Inc. (NETBLK-CIBERLYNX) CIBERLYNX 216.242.0.0 - 216.242.255.255

Go ahead and resolve the hosts -- the entire block is junk:

    $ nmap -sL 216.242.0-255.0-255

...will "list scan" the range listed, essentially performing DNS lookups
on each IP.

...how would one do this via procmail, filtering on 'Recieved' lines?
Anything from this domain should be forwarded to a spam complain
addresses and shitcanned.

Better:  how would one make an easy-to-use & update system to block
mails touching souch domains?

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?              Home of the brave
  http://gestalt-system.sourceforge.net/                    Land of the free
We freed Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire                      http://kmself.home.netcom.com/resume.html

pgpmU2NCIREx2.pgp
Description: PGP signature