DNS Blacklist Script?

Chris Maness chris at chrismaness.com
Fri Aug 11 15:45:09 UTC 2006 

Matthew Seaman wrote:
> Chris Maness wrote:
>   
>> Does anyone know of a script (or application) to automagically add a
>> host to a dns blacklist?  It would be very convenient to blacklist all
>> the e-mails sent from a spammer to a honeypot address, or to blacklist
>> all senders that thunderbird moves into the spam sub-folder.
>>     
>
> You need to be very careful implementing something like this.  Most
> Spam nowadays is bot-generated and uses forged 'From' addresses culled
> from the address books on infected machines.  Unless you're careful,
> you're going to end up blocking a lot of completely innocent people,
> or worse, blocking your own legitimate e-mail users.
>
> Having said that, consider SpamAssassin's 'Auto white list' feature.
> It also works as a black list, but it's not a binary on-off.  Instead,
> anyone who sends e-mail to your server gets a spam score depending on
> the ratings of their previous e-mails to you.  That's added to the
> spam score for the e-mail being processed.  So someone who continually
> sends you spammy e-mails won't get the benefit of the doubt on a marginal
> e-mail, but someone else who sends a lot of ham will.
>
> Also included in SpamAssassin is a client for the Vipul's Razor project.
> That's a database of checksums of spam e-mails that is updated live.
> Spammer starts sending a few million spam e-mails, but after the first
> few, there's a mail signature in the Razor DB so that the rest of the
> world can reject those spams straight away. (Port: mail/razor-agents, WWW:
> http://razor.sourceforge.net/)
>
> Integrating SpamAssassin into a mailing system can be done in many ways
> depending on what mail software is in use and so forth.  Ask again here
> with details of your mail setup if you're interested in doing that.
>
> 	Cheers,
>
> 	Matthew
>
>   
The Razor project looks interesting.  However, the site is poorly 
written, and I can't seem to find out how it actually works.

I am still interested in setting up a honeypot account on my server, 
then spreading this account all over the net so that the harvesters that 
have picked up my e-mail address will pick up the spamtrap address.  
Then, any e-mail received to this account will get canned.

Chris Maness

More information about the freebsd-questions mailing list