At 16:52 22-08-2011, Adam Katz wrote:
You can't do whois en-masse (I'd love that, but ...), so this means an
NS host lookup. To determine if they are authoritative, that's another
lookup (which I don't believe is necessary). A blocklist would also be
another lookup (if using a BL, it could chec
On 2011-08-23 7:38, Michael Scheidell wrote:
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
SA has this already... and more.
read into URIDNSBL.pm an
On Tue, 23 Aug 2011 01:38:08 -0400, Michael Scheidell wrote:
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all
share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
if outright blocking is wanted (its stup
On Mon, 22 Aug 2011 16:13:03 -0700, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all
share
the same set of authoritative nameservers.
1: make the plugin
2: add whitelist/skiplist could ideally be urlbl_skip_domain that are
used
commit code to sandbox
On 2011-08-23 2:21, dar...@chaosreigns.com wrote:
On 08/22, Adam Katz wrote:
this not worth doing? I realize that the potential for collateral
damage is high, so I don't think it'd be wise to try and publish any
sort of data for such a plugin, but it seems like the plugin itself
might be occasi
On 8/22/11 7:13 PM, Noah Meyerhans wrote:
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers.
postfix:
check_sender_ns_access
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
*
On 08/22, Adam Katz wrote:
> > this not worth doing? I realize that the potential for collateral
> > damage is high, so I don't think it'd be wise to try and publish any
> > sort of data for such a plugin, but it seems like the plugin itself
> > might be occasionally useful...
>
> It might be use
On 08/22/2011 04:13 PM, Noah Meyerhans wrote:
> I've recently observed a fair amount of spam from domains that all
> share the same set of authoritative nameservers. It occurred to me
> that it might be nice to be able to blacklist mail from all domains
> sharing these nameservers, or maybe to sim
I've recently observed a fair amount of spam from domains that all share
the same set of authoritative nameservers. It occurred to me that it
might be nice to be able to blacklist mail from all domains sharing
these nameservers, or maybe to simply have that trait count toward the
spam score. I do
