Raimo Niskanen wrote:
> On Tue, Aug 12, 2008 at 11:46:29AM +0200, Peter N. M. Hansteen wrote:
>
>> Morgan Wesstrvm <[EMAIL PROTECTED]> writes:
>>
>>
>>> I haven't slept tonight so I simply don't understand what this
>>> paragraph is saying or what its purpose is? Can I enter "fake" email
>>> addresses here and if a GREY host happens to send a mail to this fake
>>> address, that host gets blacklisted? How big is the chance that it
>>> would try a fake random address I enter here...? (LOL, I can imagine
>>> you have a good laugh by now but I really like to learn :-) )
>>>
>> This is where you may find a major source of entertainment. Yes, you
>> can enter bogus addresses in the traplist. Yes, the easiest way to
>> decide what to put in your traplist is to harvest from the
>> joejob-generated bounce messages that keep piling up. For good
>> measure, you can publish your list of spamtraps on the web and sit
>> back and laugh at tail -f /var/log/spamd.
>>
>
> I (and others) use variations on a slightly different approach...
>
> When spammers apparently started to generate their target
> addresses from parts a'la:
> AnastasiabeetRansom
> AnastasiacartonGrover
> :
> SavannahenthusiastGrover
> SavannahkobayashiRansom
> i found the SPAMTRAP mechanism too simple since it uses
> exact matches of the addresses and the spammers generated
> addresses had too much variation. A "greyscanner" script
> has the possibility to be more "intelligent".
>
> In my case I use a modified greyscanner script
> [original]: http://www.ualberta.ca/~beck/greyscanner/
> my modifications are extended DNS checks
> and mail address checking using an address pattern file.
>
> I use newsyslog to make the maillog rotation process
> /var/log/maillog.0 to find "User unknown" lines. Hosts
> mailing to unknown addresses are removed from spamd-white.
> Unknown addresses are saved in a sort -u file.
>
> The saved unknown addresses are then processed to find
> address prefixes and postfixes into a file a'la:
> ^Anastasia
> ^Savannah
> Grover$
> Ransom$
>
> My modified greyscanner script then use these prefixes
> and postfixes for address validation when processing
> the spamdb database.
>
> I can publish the scripts if anyone is interested.
>
>
I'm interested to see your scripts
