SURBL tags Logwatch reports

Kenneth Porter 20 Jul 2004 23:05:19 -0000

I use Logwatch (http://logwatch.org/) to get nightly dumps of the "interesting" parts of my Linux logs. Today's report was tagged by SA 3.0pre2 because the mailserver part listed several URI's in SURBL's:

1.1 BIZ_TLD                URI: Contains a URL in the BIZ top-level domain
1.3 URIBL_SBL              Contains a URL listed in the SBL blocklist
                           [URIs: detailpills.biz rosepharma.biz]
                           [justpharma.biz]
2.0 URIBL_WS_SURBL         Contains a URL listed in the WS SURBL blocklist
                           [URIs: justpharma.biz]
1.0 URIBL_OB_SURBL         Contains a URL listed in the OB SURBL blocklist
                           [URIs: detailpills.biz rosepharma.biz]
                           [justpharma.biz]

Extract from the problem report:

Unresolved sender domains:
    [EMAIL PROTECTED]: 1 Time(s)
    [EMAIL PROTECTED]: 1 Time(s)
    [EMAIL PROTECTED]: 1 Time(s)
    [EMAIL PROTECTED]: 1 Time(s)
    [EMAIL PROTECTED]: 1 Time(s)

Total: 5

Is whitelisting my only recourse here or is there some more elegant and general solution?

If I do whitelist this, how long would it be before spammers start forging this address and subject line?

From: root <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: LogWatch for example.com

SURBL tags Logwatch reports

Reply via email to