Jump to content

Apply Blacklists using IP of spamvertised sites


iixii
 Share

Recommended Posts

Hi,

For my Spamcop account, I have enabled the country blacklists for Brazil, China and South Korea. This complements the Spamcop blacklist very nicely, out of the several hundred spams per day only about 5-10 get through. However, I'd like to get rid of those too.

Practically all of them contain links to spamvertised sites. The overwhelming majority of those are served from IPs that belong to exactly those countries which I have blacklisted for mail.

So here's my feature request:

If a message is not classified as spam by its source IP, check the body for links. If there is any link which resolves to an IP which is on one of the selected country blocklists, classify the message as spam.

Pretty please with sugar on top?

Cheers,

Axel

Link to comment
Share on other sites

It's been a while since I asked about the available items for filtering, noting that SpamAssassin has also been updated at least once since then. Where I am headed is wondering if the SURBL is available and you may not have recognized it? Someone with an e-mail account may be by later and point out that this BL isn't available ....????

Link to comment
Share on other sites

Yes, the SURBL blacklists are already being used through spamassassin. Look in the X-spam-Status header for URIBL_*_SURBL rule matches. I don't think they score very high (high risk of false positives on spam-related mail as well as spam) but they help. They match based on domain name, not IP address.

Edited by SpeckledJim
Link to comment
Share on other sites

Yes, the SURBL blacklists are already being used through spamassassin.

Oh, OK. Problem is, I don't want to enable SpamAssassin as a whole. So an alternative to my initial request would be that the ability to modify the SpamAssassin rules is introduced, so that I could enable it and configure it to use SURBL only, which would result in what I initially wanted.

Link to comment
Share on other sites

  • 2 weeks later...
Oh, OK. Problem is, I don't want to enable SpamAssassin as a whole. So an alternative to my initial request would be that the ability to modify the SpamAssassin rules is introduced, so that I could enable it and configure it to use SURBL only, which would result in what I initially wanted.

23088[/snapback]

A workaround would be to change your filtering blacklists by checking on the Spamassassin and increase it's threshold to the highest setting (whatever that may be).

That should pass all but the highest scoring stuff, but it will also include the URIBL lists in the header added by spamassassin.

An example of a header line added by spamassassin:

X-spam-Status: hits=6.1 tests=FORGED_RCVD_HELO,RCVD_ILLEGAL_IP,

RCVD_NUMERIC_HELO,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL

version=3.0.0

--------------------------------------------------------------------------

"URIBL_OB_SURBL"

"URIBL_SBL"

"URIBL_WS_SURBL"

There are some other URIBL's too.

".... _SURBL"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...