Am 10.03.2015 um 23:01 schrieb Kevin Miller:
-----Original Message----- From: Kevin A. McGrail [mailto:kmcgr...@pccc.com] Sent: Tuesday, March 10, 2015 1:31 PM To: Kevin Miller; users@spamassassin.apache.org Subject: Re: Bogus day old domains from RRPPROXY.NET On 2/19/2015 2:50 PM, Kevin Miller wrote:Is there a way to reject or up the score on anything that is served upby that name server or registar? I was thinking maybe putting the rrproxy.net nameserver in my dns as 127.0.0.1, on the theory that if it doesn't resolve the message will be rejected at the MTA level. Hi Kevin, I thought there was a feature for this, perhaps AskDNS. From https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6518, askdns L_URI_NXDOMAIN_NS _URIDOMAINS_ NS [NXDOMAIN] But you might need an RBL server to query. Mark, any input on how best to block a URI that ties to a namserver like these? Name Server: NS1.RRPPROXY.NET Name Server: NS2.RRPPROXY.NET Name Server: NS3.RRPPROXY.NETFWIW, I put on my BOFH hat, and just blocked those name servers at the filewall. They're based in Germany so it's a pretty safe bet that I'm not going to see legitimate mail from any of the legitimate domains hosted by them. That may not be the case for others. My spam level dropped significantly
for postfix there is "check_sender_ns_access hash:/etc/postfix/blacklist_ns.cf" with the advantage of logging and a proper reject
cat /etc/postfix/blacklist_ns.cf ns1.sedoparking.com REJECT Domain is parked at sedo.com ns2.sedoparking.com REJECT Domain is parked at sedo.com ns1.fastpark.net REJECT Domain is parked at namedrive.com ns2.fastpark.net REJECT Domain is parked at namedrive.com a.ns.ultsearch.com REJECT Domain is parked at a.ns.ultsearch.com b.ns.ultsearch.com REJECT Domain is parked at b.ns.ultsearch.com buy.internettraffic.com REJECT Domain is parked at buy.internettraffic.comsell.internettraffic.com REJECT Domain is parked at sell.internettraffic.com
signature.asc
Description: OpenPGP digital signature