Hi,
Yet Another Ninja wrote:
On 9/5/2007 5:27 PM, Marc Perkel wrote:
mouss wrote:
ram wrote:
I am using SA 3.2.3 and very few spam get thru
But I can still see some spam with urls because the the urls are not
yet
listed in uribls
I tried to do some analysis on my quarantine, I found atleast some
spammer domains have the same NS records.
Now in my spamassassin can I do a DNS check (on all domains in
body-urls
or mail-from, reply-to etc) to find their NS records and score them on
bad NS servers. What is the risk of FP's because innocent DNS
providers may see
themselves getting list
better show an example so that we can see.
if the NS belongs to a spam organization, then it's ok. otherwise,
just because a spammer configures his dns to point to my domain
doesn't mean you can block me!
I have to say that the idea of having a blacklist of name servers used
by spammers is interesting. Something to investigate.
one, and its a good one, is already in use :-)
uridnsbl URIBL_SBL sbl.spamhaus.org. TXT
Yes - true, but the SBL lists the IP of the nameservers.
I think Ram has seen the same thing as me in the past, I've had stuff
that has slipped past the URIBL_* tests and upon investigation of the
FNs - the *domain name* of the nameservers for the referenced domain is
already listed in either SURBL or URIBL, so therefore if the URIBL_*
tests were expanded to lookup the nameservers hostnames, strip of the
domains and test those against the URIBL_* lists, then it might yield
some good results.
Cheers,
Steve.
