[vox] Spamassassin global blacklist....

Peter Jay Salzman vox@lists.lugod.org
Tue, 29 Apr 2003 11:19:24 -0700 

i've been keeping a list of spamming domains that i've been gleaning
from spam sent to dirac.org and lugod.org.  combined, the list is ...
quite large.   ;)

a spamming domain is any domain that isn't something you can't blacklist
(like AOL and whatnot since we have AOL members on the vox lists) and
sends more than 2 spams in a month (or if i see it's chronic).

if you're interested, i can send you a copy of the list in either
postfix form (used on lugod.org) like this:

213.45.219         REJECT
213.46             REJECT
###213.47.228         REJECT   mar03
###213.53          REJECT   apr03
213.54.67          REJECT
213.58.16          REJECT
###213.60.148         REJECT   apr03
###213.76             REJECT   feb03
###213.93.92          REJECT   mar03
213.96             REJECT
213.97             REJECT

or in tcpd form (used on dirac.org), like this:

ALL: 213.45.219.
ALL: 213.46.
###ALL: 213.47.228.   mar03
###ALL: 213.53.   apr03
ALL: 213.54.67.
ALL: 213.58.16.
###ALL: 213.60.148.   apr03
###ALL: 213.76.   feb03
###ALL: 213.93.92.   mar03
ALL: 213.96.
ALL: 213.97.

all entries are commented out till they hit the max allowable spams.

pete



begin ME <dugan@passwall.com> 
> I posted before, asking for anyone to provide a list of global blacklists
> they use for spamassassin.
> 
> I have a spamassassin global blacklist that I use and you are all welcome
> to it. (It is dynamically created nightly from my config file, so that any
> changes I make and add to the list are included within 24 hours.)
> 
> http://www.passwall.com/blacklist.txt
> 
> (Background)
> Spamassasin uses a local config file per user, and by default also uses a
> system config file (/etc/mail/spamassassin/local.cf) to which you can set
> global/site-wide settings. This is perfect for blocking spam sites with
> the spamassassin blacklist_from directive.
> 
> Spam falls into 4 categories AFAIK:
> 1) Spam comes from the site that it actually appears to comes from
> 2) Spam comes from a [open|limited]Relay sent on purpose by someone with
> access to the relay or not. (This includes e-mail with forged from-lines.)
> 3) Spam sent from individuals at ISP with "throw away" accounts.
> 4) Spam sent by users who don't realize they are spammers (after
> installing trojaned software that makes them into a relay for some
> spammers.) Some of these have cropped up as cases where the person
> installing the software knows that it contributes to sending spam, but
> they dont care since they are getting paid to be a relay.
> 
> For case #1: blacklist_from works great.
> For case #2: ORBL, and other BL provide good support for giviing higher
> spam scores to such hosts. (Use of a procmail filter also allows me to
> prefilter mail from certain IP addresses when it is in the "received from"
> chain in the header.)
> For case #3: perfect for sending to spamcop to get their accounts closed
> and possibly fine their credit cards used to open the accounts.
> For case #4: also spamcop.
> 
> About 60% of the spam I get is from case#1.
> 
> The global blacklist can be appended to users' local spamassassin
> configfiles to blacklist hosts. It can be put in the system config file
> for spamassassin.
> 
> If any of you have other similar blacklists, I'd like to get your lists too.
> 
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox

-- 
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D