[vox] Spamassassin global blacklist....

ME vox@lists.lugod.org
Tue, 29 Apr 2003 11:12:58 -0700 (PDT)


I posted before, asking for anyone to provide a list of global blacklists
they use for spamassassin.

I have a spamassassin global blacklist that I use and you are all welcome
to it. (It is dynamically created nightly from my config file, so that any
changes I make and add to the list are included within 24 hours.)

http://www.passwall.com/blacklist.txt

(Background)
Spamassasin uses a local config file per user, and by default also uses a
system config file (/etc/mail/spamassassin/local.cf) to which you can set
global/site-wide settings. This is perfect for blocking spam sites with
the spamassassin blacklist_from directive.

Spam falls into 4 categories AFAIK:
1) Spam comes from the site that it actually appears to comes from
2) Spam comes from a [open|limited]Relay sent on purpose by someone with
access to the relay or not. (This includes e-mail with forged from-lines.)
3) Spam sent from individuals at ISP with "throw away" accounts.
4) Spam sent by users who don't realize they are spammers (after
installing trojaned software that makes them into a relay for some
spammers.) Some of these have cropped up as cases where the person
installing the software knows that it contributes to sending spam, but
they dont care since they are getting paid to be a relay.

For case #1: blacklist_from works great.
For case #2: ORBL, and other BL provide good support for giviing higher
spam scores to such hosts. (Use of a procmail filter also allows me to
prefilter mail from certain IP addresses when it is in the "received from"
chain in the header.)
For case #3: perfect for sending to spamcop to get their accounts closed
and possibly fine their credit cards used to open the accounts.
For case #4: also spamcop.

About 60% of the spam I get is from case#1.

The global blacklist can be appended to users' local spamassassin
configfiles to blacklist hosts. It can be put in the system config file
for spamassassin.

If any of you have other similar blacklists, I'd like to get your lists too.