On Mon, 10 Dec 2018, ozgurerdogan wrote:
I simply need to write custom rules to block certain mails, domain names. Do
I have to learn programming language for this? Is not it easy like create a
conf file and let Sa update rules from that source remotely via http?
If your primary need is to block certain domain names it might be easier to
create your own custom DNS-RBL and add rules to your SA configuration to score
against that.
Once you've got the DNS-RBL built (I recommend rbldnsd,
http://www.corpit.ru/mjt/rbldnsd.html) and the querying rules added to your SA
config, then updating is just a matter of adding new names to your DNS-RBL. If
you use rbldnsd, it's as easy as just "echoing" names onto the end of a text file.
By clever usage of the IP address associated with the name and the scoring rules
it is possible to have different scores assigned to specific names.
EG: if a name has the address 127.0.0.2 then give it a score of +2 if 127.0.0.4
then give it a score of 10.
So if a host is a bit spammy then the 127.0.0.2 address will not outright
black-list it but help score with other indications (EG Bayes, etc).
Whereas if you give it a 127.0.0.4 then it's a one-shot kill.
I actually run two local RBLs, one for DNS/Hostnames and one for URI-RBL to hit
specific URLs within messages.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
