Mailing List Archive: SpamAssassin: users

SA Blacklists

Index | Next | Previous | View Threaded

groups at ez15loan

Feb 2, 2004, 5:25 PM

Post #1 of 2 (273 views)
Permalink

SA Blacklists

Just curious if anyone has tried this and if so, how their results have been:

http://www.stearns.org/sa-blacklist/

From the readme:

The sa-blacklist.current file in this directory is a blacklist
of spammers in a form suitable for use in the spamassassin mail filter
program ( http://spamassassin.org/ ).

Many thanks to a growing number of contributors; please see the
blacklist file for their names. Thanks to all for their contributions!

Please send additions or corrections to me, William Stearns
<wstearns [at] pobox> . Please read the README.policy file first.

Here's the new way of installing the blacklist. Pick a non-root
user under which this will be done; substitute that user's login name
for non-root-user in the following. Do this once as root:

touch /etc/mail/spamassassin/50blacklist.cf
chown non-root-user /etc/mail/spamassassin/50blacklist.cf

, make sure that /etc/sudoers has a line for the above user:

non-root-user ALL=(root) NOPASSWD: /etc/init.d/spamassassin restart

, and place all on one line in non-root-user's crontab
(/var/spool/cron/non-root-user):

17 1,7,13,19 * * * sleep $[ $RANDOM / 1024 ] ; rsync -aqL
zaphod.stearns.org::wstearns/sa-blacklist/sa-blacklist.current
/home/non-root-user/50blacklist.cf && cat /home/non-root-user/50blacklist.cf
>/etc/mail/spamassassin/50blacklist.cf && /usr/bin/sudo
/etc/init.d/spamassassin restart >/dev/null 2>/dev/null

Then get cron to reread the config file by doing this as root:

touch /var/spool/cron

I'm also providing a list of the domains in sa-blacklist as the
file "sa-blacklist.current.domains". Squid will gladly use that as a
list of blocked domains; perfect for email clients that will go out to
fetch images stored on spammer web servers. Set up a regular download
like the above and add these two lines to /etc/squid/squid.conf:

acl spammers url_regex "/etc/squid/sa-blacklist.current.domains"
http_access deny all spammers

There's also a .uri.cf version of this file that looks for these
domains inside URL's in the message.

groups at ez15loan

Feb 2, 2004, 5:27 PM

Post #2 of 2 (250 views)
Permalink

Re: SA Blacklists [In reply to]

Here's a little more, in short:

This is a list of domains, hosts, and IP addresses used by
spammers. This can include bulk email houses, individual companies that
send spam, and servers that are used to host images for spam. Spam is
strictly defined as Unsolicited Bulk Email, and so I will include
unsolicited mail where the sender is not explicity asking for money,
such as political and religious spam.

The domains and IP's can be the original ones listed in the
mail, but also include the intermediate redirectors and the final target
site. If the company is attempting to hide behind a temporary domain
used for email campaign(s), the real company domain is included as well.

The list does _not_ include hosting services where spammers and
non-spammers can sign up for accounts (geocities, store.yahoo.com, etc.)
It also does not include counters, ad trackers (although this is
severely borderline), free email services (hotmail, msn, etc.), and
generic ISP's that host normal user accounts (earthlink, etc.). It does
not include individual email addresses; this takes far too much work for
too little payback.

In short, I want this list to be a list of domains, hosts, and
IP addresses used exclusively by companies that spam.

--
Jon

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads