-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 15-05-14 16:31, James B. Byrne wrote: > > On Thu, May 15, 2014 09:08, David Jones wrote: >> We use the fresh15.spameatingmonkey.net RBL. >> >> http://spameatingmonkey.com/lists.html >> > > > I checked three domain names used by the spam messages received > yesterday. All of the domains were registered yesterday as well. > None of them report as being in any of the fresh lists at > spameatingmonkey.com. Nor are they listed in DOB at > support-intelligence.net. I have to wonder how soon after > creation new domains are added to the fresh lists. Over 20% of the > coverage period is already over for fresh.spameatingmonkey.net and > I suspect that the domain used yesterday has already been > abandoned. At least we are getting the exact same messages today > from a bunch of different domains all registered with the same > registrar: enom.com. > > At this point I would be willing to implement a rule to block all > domains registered with that registrar and be done with it. Is > there a spamassassin whois plug-in that can parse and check the > registrar and the domain creation date? >
This depends on the actual domains you're seeing, and your setup ofcourse, but postfix has a feature that can check the MX and NS records of the envelope sender or hostname of the connecting ip. If these are all the same, you could block connections based on those. See http://www.postfix.org/postconf.5.html#smtpd_client_restrictions and www.postfix.org/postconf.5.html#smtpd_client_restrictions, especially the check_*_mx_access and check_*_ns_access directives. Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTdlmZAAoJEJPfMZ19VO/1OCwQAN1yS5CAyOJAeYnzbiNAwbmP 4SagnWD6pB3nZysRigqWp3ISchi8L4DAn6Y9ZzI4m0iowdf3UEXmyYDWOADSUu9P amDfRB0Rw1jq/yolMJvzEhLWeFSo0/9WnRipk/v8yaIEae67henSK1TdPxxXIqwO Xzuxs30EYbTuzUgvV9PXvLxHZavhktFT6r+sLOI3rqUTmRLzhwsFEHVb58PwhreF YBtvSOkQqk6z22nUA5lx45gNrZfhrVGhaLhYJ5iNUsqwPSWcIy08hPHt3qMHnZ0R BZDwRbM/1hCglJlhpkuSEExB9+CCxPGBreiMtUGDBMOJ8olACXCidKgjKugZJEJ1 nDA6JhrcF81yBVqDxiM6oHXvobWALEWwd7pLoBK9Y08ukleA+KFJYMsefV5cTykP d56bTkzJTy7kmQGIDCpb0dDYFo9pHzpOmfTMI+D2ZlmEvQf1IDNV0c2X3IjNyrnh 84ek+jyK8qmI3R13RiXKovWFpI9AZnmoc5XsiJYRnkVO3DQtZ1frixoI+MO2IENE QcA6gFsEYJm410a2mIpuqmoYZgi15oDfzaw1qslXBo7dSEyrp1oXW52exSO5tUAc 5nJaI6k18Mhh6aJueRWThLmS5GaKV0FTp36LFQnzn/2ZRXTFVqQtjFkURHw6YxRT IsggecowyypYTacGNK9w =J6v+ -----END PGP SIGNATURE-----
