On Tue, Aug 16, 2011 at 10:09 PM, Michael C. Robinson <plu...@robinson-west.com> wrote: > 1) How do I pick one where the expectation is that I will almost always > block the spammers?
Age, reputation, match with task goals? I like spamhaus, YMMV. > 2) How do I use them from a Perl script working with actual packets > thrown up to user space? You seem to be re-creating milter+honeypot. Not that doing so is a bad thing, but pulling past code might give you some great ideas. > 3) How can I keep this simple so that a novice Perl user will be able > to do what I'm doing, granted, I need to get better with Perl? CPAN it when done. Maintain it for the rest of your life, and find others to maintain it. > So how does one maintain a DNS blacklist? Dynamically, based on what traffic you don't like. > Do the IPs in the list have > to be aged? Depends on the source. A MX that hops IP's in a block can lead to an easier IP range block. A "clean" block with a rogue MX is an often annoyance where you accidentally "hosted" in a nest of spammers. > Is it enough to have a web page where blocked site admins > can send an email requesting clearance to get through? Hell no. In rough (but maybe inaccurate) order: 2001: Automated requests for approval. 2002: "retype these letters to be approved" 2003: "type the letters in this image to be approved" Server admins are very much exploitable by social engineering. Captcha adds machine engineering, but it's still trivial. > My blacklisting > philosophy right now is simple, I blacklist any IP that spams me. That's whack-a-mole. What I am about to say is *hugely* controversial. Re-read the above, please. With that being said: You should blacklist any ISP that allows spammers. This *WILL* cause collateral damage. > A curious question, shouldn't I be able to look up any IP that is > claiming to be a mail server via the DNS system? Yes and no. A huge amount of systems are not DNS-listed. *Any* server connected to the internet should be allowed to send mail. You can decline mail from non-DNS listed systems...... This *WILL* cause collateral damage. This *WILL* cause collateral damage. (Did I stutter?) > My thought is, I > can ignore infected personal computers if there are no DNS records > listing them as legitimate email servers for legitimate domains or > better yet no IP records at all. This *WILL* cause collateral damage. That being said, if you can handle it, go for it. -Bop _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug