At 16:52 22-08-2011, Adam Katz wrote:
You can't do whois en-masse (I'd love that, but ...), so this means an
NS host lookup. To determine if they are authoritative, that's another
lookup (which I don't believe is necessary). A blocklist would also be
another lookup (if using a BL, it could chec
On 2011-08-23 7:38, Michael Scheidell wrote:
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
SA has this already... and more.
read into URIDNSBL.pm an
On Tue, 23 Aug 2011 01:38:08 -0400, Michael Scheidell wrote:
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all
share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
if outright blocking is wanted (its stup
On Mon, 22 Aug 2011 16:13:03 -0700, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all
share
the same set of authoritative nameservers.
1: make the plugin
2: add whitelist/skiplist could ideally be urlbl_skip_domain that are
used
commit code to sandbox
On 2011-08-23 2:21, dar...@chaosreigns.com wrote:
On 08/22, Adam Katz wrote:
this not worth doing? I realize that the potential for collateral
damage is high, so I don't think it'd be wise to try and publish any
sort of data for such a plugin, but it seems like the plugin itself
might be occasi
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
*
On 08/22, Adam Katz wrote:
> > this not worth doing? I realize that the potential for collateral
> > damage is high, so I don't think it'd be wise to try and publish any
> > sort of data for such a plugin, but it seems like the plugin itself
> > might be occasionally useful...
>
> It might be use
On 08/22/2011 04:13 PM, Noah Meyerhans wrote:
> I've recently observed a fair amount of spam from domains that all
> share the same set of authoritative nameservers. It occurred to me
> that it might be nice to be able to blacklist mail from all domains
> sharing these nameservers, or maybe to sim
