Op Tue, 29 Nov 2011 21:54:37 +0100 schreef Han Boetes
<[email protected]>:
At the moment all spamd greylisting cares about is, "does it retry
connecting?" Unfortunately a lot of spammers do a spamrun and
simply try sending a spam message or 10 and then move on to the
next smtp server on their list and that get's them white listed in
a matter of seconds.
No it doesn't. Your passtime is too short (default is 25 minutes).
Not really a problem. I use postfix and with a few smart
configuration statements it can fend for itself pretty well. You
can make it check for various things like being on a rbl,
spamd.conf(5) allows adding blacklists.
not
having a reverse dns, not posting with a real helo etc etc. And
all result in an entry in the logfiles which contains NOQUEUE.
So I wrote the little script below which checks the spamdb output and
the postfix logfile output:
So far I am only bothered with one spam group. And they have been
sending spam with the same silly pattern for over five years now:
g[a-z][0-9]{5}@mydomain.com
As sender or recipient? If recipient, then spamd.alloweddomains should
take care of that.
I don't make it up, it's that simple.
Anyway. Wouldn't it be nice if spamd would do the checks that
postfix does so the mailserver protecting code can be separated
from the real functionality?
So spamd would use the stuttering time to figure out if the ip is
not on an rbl, if the dnsname is reverse resolvable, if the helo
is valid, if the sender is not matching silly pattern, etc etc
A few years ago I started work on a Java application that remotely
tabulates, sorts and correlates the data, looks up DNS information and
verifies recipients with a Postfix server. Via right-click menus I can
manipulate the database. Have been using it daily ever since it became
slightly usable, but there is still a lot of work to do...
[...]
# Kick spammerts who got through back to the blacklist
for i in $(awk '/NOQUEUE/ {print $10}' /var/log/maillog|sed -e
's|.*\[\(.*\)].*|\1|'|sort|uniq); do
if grep -q "WHITE|$i|" $SPAMDB; then
Trap $i
echo "$(date) $i got through! Gotcha bastard!!" >> /var/log/greytoblack
fi
done
If I read this correctly, this is actually dangerous, as it could trap
people who make typos. Or mailers that use old addresses.
--
Gemaakt met Opera's revolutionaire e-mailprogramma:
http://www.opera.com/mail/
(Remove the obvious prefix to reply.)
