Jump to content

Apply Blacklists using IP of spamvertised sites


iixii

Recommended Posts

Hi,

For my Spamcop account, I have enabled the country blacklists for Brazil, China and South Korea. This complements the Spamcop blacklist very nicely, out of the several hundred spams per day only about 5-10 get through. However, I'd like to get rid of those too.

Practically all of them contain links to spamvertised sites. The overwhelming majority of those are served from IPs that belong to exactly those countries which I have blacklisted for mail.

So here's my feature request:

If a message is not classified as spam by its source IP, check the body for links. If there is any link which resolves to an IP which is on one of the selected country blocklists, classify the message as spam.

Pretty please with sugar on top?

Cheers,

Axel

Link to comment
Share on other sites

It's been a while since I asked about the available items for filtering, noting that SpamAssassin has also been updated at least once since then. Where I am headed is wondering if the SURBL is available and you may not have recognized it? Someone with an e-mail account may be by later and point out that this BL isn't available ....????

Link to comment
Share on other sites

Yes, the SURBL blacklists are already being used through spamassassin. Look in the X-spam-Status header for URIBL_*_SURBL rule matches. I don't think they score very high (high risk of false positives on spam-related mail as well as spam) but they help. They match based on domain name, not IP address.

Link to comment
Share on other sites

Yes, the SURBL blacklists are already being used through spamassassin.

Oh, OK. Problem is, I don't want to enable SpamAssassin as a whole. So an alternative to my initial request would be that the ability to modify the SpamAssassin rules is introduced, so that I could enable it and configure it to use SURBL only, which would result in what I initially wanted.

Link to comment
Share on other sites

  • 2 weeks later...
Oh, OK. Problem is, I don't want to enable SpamAssassin as a whole. So an alternative to my initial request would be that the ability to modify the SpamAssassin rules is introduced, so that I could enable it and configure it to use SURBL only, which would result in what I initially wanted.

23088[/snapback]

A workaround would be to change your filtering blacklists by checking on the Spamassassin and increase it's threshold to the highest setting (whatever that may be).

That should pass all but the highest scoring stuff, but it will also include the URIBL lists in the header added by spamassassin.

An example of a header line added by spamassassin:

X-spam-Status: hits=6.1 tests=FORGED_RCVD_HELO,RCVD_ILLEGAL_IP,

RCVD_NUMERIC_HELO,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL

version=3.0.0

--------------------------------------------------------------------------

"URIBL_OB_SURBL"

"URIBL_SBL"

"URIBL_WS_SURBL"

There are some other URIBL's too.

".... _SURBL"

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...