Per Jessen wrote:
Marc Perkel wrote:
I've developed an extremely accurate of detecting virus infected spam
zombies. I think it's 100% accurate can catches them on the first try.
Here is 600,000 IP addresses I've detected in the last 3 days.
If you're keen to share your development, why don't you explain to us
how it works?
/Per Jessen, Zürich
The details are a little to complex for this forum but the new trick is
mostly based on the fact that spam bots general don't issue the QUIT
command and when combined with other factors allows me to catch spam
bots on the first try.
List has grown to over 700k spam bots now. If anyone wants to take
advantage of this then just use these rules:
header __RCVD_IN_JMF
eval:check_rbl('JMF-lastexternal','hostkarma.junkemailfilter.com.')
describe __RCVD_IN_JMF Sender listed in JunkEmailFilter
tflags __RCVD_IN_JMF net
header RCVD_IN_JMF_W eval:check_rbl_sub('JMF-lastexternal', '127.0.0.1')
describe RCVD_IN_JMF_W Sender listed in JMF-WHITE
tflags RCVD_IN_JMF_W net nice
score RCVD_IN_JMF_W -5
header RCVD_IN_JMF_BL eval:check_rbl_sub('JMF-lastexternal', '127.0.0.2')
describe RCVD_IN_JMF_BL Sender listed in JMF-BLACK
tflags RCVD_IN_JMF_BL net
score RCVD_IN_JMF_BL 3.0
header RCVD_IN_JMF_BR eval:check_rbl_sub('JMF-lastexternal', '127.0.0.4')
describe RCVD_IN_JMF_BR Sender listed in JMF-BROWN
tflags RCVD_IN_JMF_BR net
score RCVD_IN_JMF_BR 1.0
