Jump to content
Sign in to follow this  
iixii

Apply Blacklists using IP of spamvertised sites

Recommended Posts

Hi,

For my Spamcop account, I have enabled the country blacklists for Brazil, China and South Korea. This complements the Spamcop blacklist very nicely, out of the several hundred spams per day only about 5-10 get through. However, I'd like to get rid of those too.

Practically all of them contain links to spamvertised sites. The overwhelming majority of those are served from IPs that belong to exactly those countries which I have blacklisted for mail.

So here's my feature request:

If a message is not classified as spam by its source IP, check the body for links. If there is any link which resolves to an IP which is on one of the selected country blocklists, classify the message as spam.

Pretty please with sugar on top?

Cheers,

Axel

Share this post


Link to post
Share on other sites

It's been a while since I asked about the available items for filtering, noting that SpamAssassin has also been updated at least once since then. Where I am headed is wondering if the SURBL is available and you may not have recognized it? Someone with an e-mail account may be by later and point out that this BL isn't available ....????

Share this post


Link to post
Share on other sites

Yes, the SURBL blacklists are already being used through spamassassin. Look in the X-spam-Status header for URIBL_*_SURBL rule matches. I don't think they score very high (high risk of false positives on spam-related mail as well as spam) but they help. They match based on domain name, not IP address.

Edited by SpeckledJim

Share this post


Link to post
Share on other sites
Yes, the SURBL blacklists are already being used through spamassassin.

Oh, OK. Problem is, I don't want to enable SpamAssassin as a whole. So an alternative to my initial request would be that the ability to modify the SpamAssassin rules is introduced, so that I could enable it and configure it to use SURBL only, which would result in what I initially wanted.

Share this post


Link to post
Share on other sites
Oh, OK. Problem is, I don't want to enable SpamAssassin as a whole. So an alternative to my initial request would be that the ability to modify the SpamAssassin rules is introduced, so that I could enable it and configure it to use SURBL only, which would result in what I initially wanted.

23088[/snapback]

A workaround would be to change your filtering blacklists by checking on the Spamassassin and increase it's threshold to the highest setting (whatever that may be).

That should pass all but the highest scoring stuff, but it will also include the URIBL lists in the header added by spamassassin.

An example of a header line added by spamassassin:

X-spam-Status: hits=6.1 tests=FORGED_RCVD_HELO,RCVD_ILLEGAL_IP,

RCVD_NUMERIC_HELO,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL

version=3.0.0

--------------------------------------------------------------------------

"URIBL_OB_SURBL"

"URIBL_SBL"

"URIBL_WS_SURBL"

There are some other URIBL's too.

".... _SURBL"

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×