Contributed by jose on from the protecting-against-spam dept.
I think I am going to use the rsync sites listed at http://spfilter.openrbl.org/code/xml-view.php. I can set a single cron job to rsync the files and then run spamd-setup at the end of that script.
I have also found some harsh lists at http://www.blackholes.us/zones/country/ Does anyone have some white lists to balance these out? I?d hate to block an entire continent!
So, what else is everyone using for blacklists?"
Anyone have any info they'd like to share?
(Comments are closed)
By gwyllion () on
Apparently http://spfilter.openrbl.org/data/sbl/SBL.cidr is no longer available, as it is replaced with a bzip2 version: http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2
The comments in /etc/spamd.conf point you to http://spamlinks.port5.com/filter-bl.htm#ip
Comments
By matt.s () nospam-4t-slakin-dot-n3t on mailto:nospam-4t-slakin-dot-n3t
Comments
By Fred () hamvanger@inklaar.net on mailto:hamvanger@inklaar.net
Dsbl contains a list of (proven) exploitable relays and proxies, dynablock a list of dynamic IP adresses. These two complement each other nicely, blocking loads of spam with no false positives so far.
The dynablock zone files can be copied if needed, see http://dynablock.easynet.nl/.
By Eric () on mailto:eric(at)naxalite(dot)ath(dot)cx
Not that hard to bypass:
#! /bin/sh
/usr/local/bin/wget http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2
/usr/local/bin/bunzip2 -f SBL.cidr.bz2
cat SBL.cidr | /usr/bin/grep -v '#' | cut -f 1 > /home/eric/spamlist
Run in crontab every 6 hours a few minutes before spamd-setup then in spamd.conf:
:file=/home/eric/spam:
Comments
By Anonymous Coward () on
#! /bin/sh
lynx -source http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2 | bunzip2 -c | /usr/bin/grep -v '#' | cut -f 1
And just call it with an exec line in spamd.conf
By emil () on http://rhadmin.org
Here is the most elegant spamhaus spamd config that I've seen... /etc/spamd.conf:
spamhaus: :black: :msg="SPAM. Your address %A is in the Spamhaus Block Listn See http://www.spamhaus.org/sbl for more details": :method=exec: :file=/etc/spamd.spamhaus: /etc/spamd.spamhaus:
#!/bin/sh ftp -o - 'http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2' 2>/dev/null | /usr/local/bin/bunzip2 | awk '{print $1}'
By Peter Hessler () spambox@theapt.org on http://www.theapt.org
I have a host that is a honeypot. I have a really high MX record (MX 666) aimed at that IP address, so if any spammer should try to avoid my main MX, they get denied. If they should try my main MX after that, then that is the point.
That bogus MX is on the same machine, as a legit MX, so there is no benifit to an admin to override my MX preferences. If I take down my mail server, I also kill my honeypot.
By r4d0 () on http://linuxmg.org
By r4d0 () on http://linuxmg.org
By Jedi/Sector One () j@pureftpd.org on http://www.skymobile.com/
I have a bunch of fake email addresses only used to feed lousy web forms, nntp posts or invisible (for browsers) parts of web pages.
When someone writes to those addresses, it runs relaydb -b that adds the IP addresses to the spamd's blacklist.
Works well.
Comments
By dude () dude@mung.net on http://www.mung.net
http://tmda.net
I have read on discussions where tmda seems to be able to handle a hugh load
Comments
By tedu () on
By Craig () on
An advantage of checking by hand is this allows me to identify spam domains. Shockingly many of them allow domain zone transfers so I can get all their ip addresses and block them all at once instead of waiting to get a spam from each an every one of them.
I then load the addresses into a pf table and have it redirect connections to spamd. Using this scheme for only a few months now I have about 17,000 ip addresses blocked. When I get a enough from an ip block I move it to a different table and have pf send the whole block to spamd. Now most of the spam that gets through (once) comes from home lusers machines and those without reverse name lookups.
I have only had 2 occasions when I too aggressively blacklisted sites. In those cases I just removed the ip address and when the message was retried it got through. This is the best feature of spamd; mistakes do not lead to missed messages!
By Anonymous Coward () on
By Hannu () liljis@hotmail.com on mailto:liljis@hotmail.com
l2.spews.dnsbl.sorbs.net
http://groups.yahoo.com/group/spews/
By Jim () on
#
# Sample spamd.conf entry
#
# somename:
# :method=exec:
# :file=/path/to/this/script:
#
ftp -o - 'http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2'
2>/dev/null | /usr/local/bin/bunzip2 | awk '{print $1}'
By John Shannon () on
By chuck () on lemure.net
Comments
By Anonymous Coward () on