On Tue, Aug 12, 2008 at 11:46:29AM +0200, Peter N. M. Hansteen wrote:
> Morgan Wesstrvm <[EMAIL PROTECTED]> writes:
>
> > I haven't slept tonight so I simply don't understand what this
> > paragraph is saying or what its purpose is? Can I enter "fake" email
> > addresses here and if a GREY host happens to send a mail to this fake
> > address, that host gets blacklisted? How big is the chance that it
> > would try a fake random address I enter here...? (LOL, I can imagine
> > you have a good laugh by now but I really like to learn :-) )
>
> This is where you may find a major source of entertainment. Yes, you
> can enter bogus addresses in the traplist. Yes, the easiest way to
> decide what to put in your traplist is to harvest from the
> joejob-generated bounce messages that keep piling up. For good
> measure, you can publish your list of spamtraps on the web and sit
> back and laugh at tail -f /var/log/spamd.
I (and others) use variations on a slightly different approach...
When spammers apparently started to generate their target
addresses from parts a'la:
AnastasiabeetRansom
AnastasiacartonGrover
:
SavannahenthusiastGrover
SavannahkobayashiRansom
i found the SPAMTRAP mechanism too simple since it uses
exact matches of the addresses and the spammers generated
addresses had too much variation. A "greyscanner" script
has the possibility to be more "intelligent".
In my case I use a modified greyscanner script
[original]: http://www.ualberta.ca/~beck/greyscanner/
my modifications are extended DNS checks
and mail address checking using an address pattern file.
I use newsyslog to make the maillog rotation process
/var/log/maillog.0 to find "User unknown" lines. Hosts
mailing to unknown addresses are removed from spamd-white.
Unknown addresses are saved in a sort -u file.
The saved unknown addresses are then processed to find
address prefixes and postfixes into a file a'la:
^Anastasia
^Savannah
Grover$
Ransom$
My modified greyscanner script then use these prefixes
and postfixes for address validation when processing
the spamdb database.
I can publish the scripts if anyone is interested.
--
/ Raimo Niskanen, Erlang/OTP, Ericsson AB
