Am 2004-10-22 14:55:48, schrieb Lupe Christoph: > Quoting tomasz abramowicz <tomasz@spin.it>: > If you want that changed, file a bug against Spamassassin. But I hope > this bug will be closed without action. SBL/XBL has too many false > positives to rank higher. ??? - I get every day more the 700 in my SPAM-Box with the procmail filter attached... Most are catched by sbl-xbl.spamhaus.org and never I had FP's. > cn-kr.blackholes.us dynablock.njabl.org bl.spamcop.net cbl.abuseat.org > dnsbl-2.uceprotect.net taiwan.blackholes.us Hmm, maybe I will add them to my list to get the last 5% of SPAM too :-) > This list is most probably not what other people would use, so anybody > who blindly copies it: don't blame me if you block mail that would have > saved the world. :-) > If the sending IP address is ranked in SBL/XBL this is a good indication > that the mail is Spam. But there are lots of other better criteria. > > HTH, > Lupe Christoph Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/88452356 67100 Strasbourg/France IRC #Debian (irc.icq.com)
#################################################################### # # FLT_spamhaus # #################################################################### SUB1=`formail -zxSubject:` DATE1=`date +"%d/%m/%Y %T"` #################################################################### # Open Relay check from <www.spamhaus.org> uses sbl-xbl lists # and others #################################################################### ########## first IP ########## :0 H * Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ { RECEIVIP=${MATCH} :0 * ! RECEIVIP ?? 127.0.0.1 { :0 * RECEIVIP ?? ()\/[0-9]+ { QUAD1=${MATCH} :0 * RECEIVIP ?? [0-9]+\.\/[0-9]+ { QUAD2=${MATCH} :0 * RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+ { QUAD3=${MATCH} :0 * RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+ { RECEIVIPREV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}" } } } ################ sbl-xbl.spamhaus.org ############################## :0 { REVCHECKIP=`host ${RECEIVIPREV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1" :0 * ^Subject:.*(*****sbl-xbl.spamhaus.org*****) ATT_SPAM/HOST_sbl-xbl.spamhaus.org/ } ################ cbl.abuseat.org ################################### :0 { REVCHECKIP=`host ${RECEIVIPREV}.cbl.abuseat.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****cbl.abuseat.org***** $SUB1" :0 * ^Subject:.*(*****cbl.abuseat.org*****) ATT_SPAM/HOST_cbl.abuseat.org/ } ################ relays.ordb.org ################################### :0 { REVCHECKIP=`host ${RECEIVIPREV}.relays.ordb.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0 fhw | formail -i "Subject: *****relays.ordb.org***** $SUB1" :0 * ^Subject:.*(*****relays.ordb.org*****) ATT_SPAM/HOST_relays.ordb.org/ } ################ opm.blitzed.org ################################### :0 { REVCHECKIP=`host ${RECEIVIPREV}.opm.blitzed.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****opm.blitzed.org***** $SUB1" :0 * ^Subject:.*(*****opm.blitzed.org*****) ATT_SPAM/HOST_opm.blitzed.org/ } ################ list.dsbl.org ##################################### :0 { REVCHECKIP=`host ${RECEIVIPREV}.list.dsbl.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****list.dsbl.org***** $SUB1" :0 * ^Subject:.*(*****list.dsbl.org*****) ATT_SPAM/HOST_list.dsbl.org/ } ################ dul.dnsbl.sorbs.org ############################### :0 { REVCHECKIP=`host ${RECEIVIPREV}.dul.dnsbl.sorbs.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1" :0 * ^Subject:.*(*****dul.dnsbl.sorbs.org*****) ATT_SPAM/HOST_dul.dnsbl.sorbs.org/ } ################ blackholes.mail-abuse.org ######################### :0 { REVCHECKIP=`host ${RECEIVIPREV}.blackholes.mail-abuse.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****blackholes.mail-abuse.org***** $SUB1" :0 * ^Subject:.*(*****blackholes.mail-abuse.org*****) ATT_SPAM/HOST_blackholes.mail-abuse.org/ } ################ dialups.mail-abuse.org ######################### :0 { REVCHECKIP=`host ${RECEIVIPREV}.dialups.mail-abuse.org 2>&1 | grep -v 'not found.'` } :0 * $ REVCHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****dialups.mail-abuse.org***** $SUB1" :0 * ^Subject:.*(*****dialups.mail-abuse.org*****) ATT_SPAM/HOST_dialups.mail-abuse.org/ } } } } ########## second IP ########## :0 H * Received: from.*\[.*\](.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ { RECEIVIP2=${MATCH} :0 * ! RECEIVIP2 ?? 127.0.0.1 { :0 * RECEIVIP2 ?? ()\/[0-9]+ { QUAD1=${MATCH} :0 * RECEIVIP2 ?? [0-9]+\.\/[0-9]+ { QUAD2=${MATCH} :0 * RECEIVIP2 ?? [0-9]+\.[0-9]+\.\/[0-9]+ { QUAD3=${MATCH} :0 * RECEIVIP2 ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+ { RECEIVIP2REV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}" } } } ################ sbl-xbl.spamhaus.org ################################### :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1" :0 * ^Subject:.*(*****sbl-xbl.spamhaus.org*****) ATT_SPAM/HOST_sbl-xbl.spamhaus.org/ } ################ cbl.abuseat.org ################################### :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.cbl.abuseat.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****cbl.abuseat.org***** $SUB1" :0 * ^Subject:.*(*****cbl.abuseat.org*****) ATT_SPAM/HOST_cbl.abuseat.org/ } ################ relays.ordb.org ################################### :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.relays.ordb.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0 fhw | formail -i "Subject: *****relays.ordb.org***** $SUB1" :0 * ^Subject:.*(*****relays.ordb.org*****) ATT_SPAM/HOST_relays.ordb.org/ } ################ opm.blitzed.org ################################### :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.opm.blitzed.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****opm.blitzed.org***** $SUB1" :0 * ^Subject:.*(*****opm.blitzed.org*****) ATT_SPAM/HOST_opm.blitzed.org/ } ################ list.dsbl.org ################################### :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.list.dsbl.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****list.dsbl.org***** $SUB1" :0 * ^Subject:.*(*****list.dsbl.org*****) ATT_SPAM/HOST_list.dsbl.org/ } ################ dul.dnsbl.sorbs.org ############################### :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.dul.dnsbl.sorbs.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1" :0 * ^Subject:.*(*****dul.dnsbl.sorbs.org*****) ATT_SPAM/HOST_dul.dnsbl.sorbs.org/ } ################ blackholes.mail-abuse.org ######################### :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.blackholes.mail-abuse.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****blackholes.mail-abuse.org***** $SUB1" :0 * ^Subject:.*(*****blackholes.mail-abuse.org*****) ATT_SPAM/HOST_blackholes.mail-abuse.org/ } ################ dialups.mail-abuse.org ############################ :0 { REV2CHECKIP=`host ${RECEIVIP2REV}.dialups.mail-abuse.org 2>&1 | grep -v 'not found.'` } :0 * $ REV2CHECKIP ?? 127\.0\.0\.(2|4) { :0fhw | formail -i "Subject: *****dialups.mail-abuse.org***** $SUB1" :0 * ^Subject:.*(*****dialups.mail-abuse.org*****) ATT_SPAM/HOST_dialups.mail-abuse.org/ } } } } ########################################### END-OF-SPAMHAUS ########
Attachment:
signature.pgp
Description: Digital signature