OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Comments

<< SPF and Greylisting? | Up: Passive Aggressive Spam Filtering | Flattened | Expanded | Re: Passive Aggressive Spam Filtering >>

Threshold: Help

  Re: Passive Aggressive Spam Filtering (mod 1/35)
by Cybil Courraud (82.66.245.132) (d@cyb.fr) on Fri Jul 17 13:07:06 2009 (GMT)
  My experience...

1. I was missing bsdly in my conf, thanks for it. Nevertheless, (maybe 'cause I use FBSD, sorry) I couldn't fetch the list. So I replaced :file=http://www.bsdly.net/~peter/bsdly.net.traplist: without 'http://' and it's OK.

2. For SPF, I made a script which fetches "my friends'" mail forwarder IPs and feed my whitelist by domainname. In this list, I met f5.com, fr.ibm.com, bizanga.com, bnpparibas.com, sfr.fr, apple.com etcetera. This kind of use of SPF is only for not delaying (at least for work). Take care of reverse lookup (pf doesn't like unresolved hosts): do reverse lookup hosts with a cronded script before.

3. CIDR is very efficient (even if unfair as we do it for China or Korea). BTW, I add to spamd.conf(5) some lists from my favorites top spam countries (which I'm not communicating with). Here is my script to get a good country ranking (install GeoIP package before):

#! /usr/bin/perl
my %db;
for ( `spamdb` ) {
        next if /^SPAMTRAP/;
        if ( /^(\w+)\|([^\|]+)/ ) {
                my $kind = $1;
                my $ip = $2;
                my $country = `geoiplookup $ip`;
                $country =~ s/.*, ([\w\s]+)\n/$1/;
                if ( $country =~ /IP Address not found/ ) {
                        $db{"$kind not found"} .= "$ip ";
                        next;
                }
                $db{"$kind $country"}++;
        }
}

for ( sort keys %db ) {
        print $_.": ".$db{$_}."\n";
}

4. Honey pot: publish your spammed logins on a poor web page (my catchall gave me some ;). And ... tarpit for pleasure !

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]