Re: Shell question

Thu, 26 Oct 2006 11:22:08 -0700 




From: Jordan Gordeev <[EMAIL PROTECTED]>
To: freebsd-questions@freebsd.org
Subject: Re: Shell question
Date: Thu, 26 Oct 2006 20:05:50 +0300

Jack Stone wrote:

From: Warren Block <[EMAIL PROTECTED]>
To: Jack Stone <[EMAIL PROTECTED]>
CC: freebsd-questions@freebsd.org
Subject: Re: Shell question
Date: Wed, 25 Oct 2006 21:35:55 -0600 (MDT)

On Wed, 25 Oct 2006, Jack Stone wrote:


Folks:

I have managed to piece together a shell script that is able to retrieve 
the domains from the spams of the day and summarize those in a special 
file that can then be added to the sendmail's rejects in the access.db. 
But, first I have to eyeball the list and remove any obvious good-guy 
domains.



I would like to create another list of those same good guys that can be 
added to each day as they show up, then compare it to the above main 
list and delete the good guy domains before adding to the access.db.




Greylisting will be much more effective than this approach, and is easier 
to implement.  Combine that with sbl-xbl and maybe a few other DNSBLs, 
add greet_pause of five or ten seconds, and you have much more 
effectiveness with less false positives and much less maintenance. Adding 
clamav rounds out the whole thing.  I wrote an article that covers some 
of this:


http://www.wonkity.com/~wblock/greylist.pdf

-Warren Block * Rapid City, South Dakota USA




This shell script is just icing on the cake -- In addition to the DNSBLs, 
I have had all of those other filters running for years plus milter-regex 
in the front line, then greylist, then clamav, SA.



It's the SA (SpamAssassin) that provides me the list of bad-guy domains. 
It's a very short list so I can always still eyeball it and remove any 
obvious good ones. It's just sometimes I have made a mistake and let in a 
good guy, say, like one of my own domains. If I had a "good-guy list" to 
watch over my shoulder and check the bad-guy list before adding to the 
access-reject, then those would never happen again. Those bad guys are 
pretty obvious by their names.



Even if the domains are "throw-aways", I can stop a few more this way 
although I have to purge the sendmail access DB ever so often. My users 
might get 1 or 2 spams a month with my line of defenses. Takes a lot of my 
time, but worth the results. This shell would be a big help tho.



Would appreciate any more tips on how to have my daily bad-guy list 
checked against the good-guy list. Both are flat files with the domains 
listed in a single column.


Thanks guys!

Jack



See comm(1).
_______________________________________________


Yep, that's it....!!

Thanks,

Jack

_________________________________________________________________

Stay in touch with old friends and meet new ones with Windows Live Spaces 
http://clk.atdmt.com/MSN/go/msnnkwsp0070000001msn/direct/01/?href=http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to