Am 2004-10-22 14:55:48, schrieb Lupe Christoph:
> Quoting tomasz abramowicz <tomasz@spin.it>:
> If you want that changed, file a bug against Spamassassin. But I hope
> this bug will be closed without action. SBL/XBL has too many false
> positives to rank higher.
??? - I get every day more the 700 in my SPAM-Box with the
procmail filter attached...
Most are catched by sbl-xbl.spamhaus.org and never I had FP's.
> cn-kr.blackholes.us dynablock.njabl.org bl.spamcop.net cbl.abuseat.org
> dnsbl-2.uceprotect.net taiwan.blackholes.us
Hmm, maybe I will add them to my list to get the last 5% of SPAM too :-)
> This list is most probably not what other people would use, so anybody
> who blindly copies it: don't blame me if you block mail that would have
> saved the world.
:-)
> If the sending IP address is ranked in SBL/XBL this is a good indication
> that the mail is Spam. But there are lots of other better criteria.
>
> HTH,
> Lupe Christoph
Greetings
Michelle
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSM LinuxMichi
0033/3/88452356 67100 Strasbourg/France IRC #Debian (irc.icq.com)
####################################################################
#
# FLT_spamhaus
#
####################################################################
SUB1=`formail -zxSubject:`
DATE1=`date +"%d/%m/%Y %T"`
####################################################################
# Open Relay check from <www.spamhaus.org> uses sbl-xbl lists
# and others
####################################################################
########## first IP ##########
:0 H
* Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
RECEIVIP=${MATCH}
:0
* ! RECEIVIP ?? 127.0.0.1
{
:0
* RECEIVIP ?? ()\/[0-9]+
{
QUAD1=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.\/[0-9]+
{
QUAD2=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+
{
QUAD3=${MATCH}
:0
* RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
{
RECEIVIPREV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
}
}
}
################ sbl-xbl.spamhaus.org ##############################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1"
:0
* ^Subject:.*(*****sbl-xbl.spamhaus.org*****)
ATT_SPAM/HOST_sbl-xbl.spamhaus.org/
}
################ cbl.abuseat.org ###################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.cbl.abuseat.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****cbl.abuseat.org***** $SUB1"
:0
* ^Subject:.*(*****cbl.abuseat.org*****)
ATT_SPAM/HOST_cbl.abuseat.org/
}
################ relays.ordb.org ###################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.relays.ordb.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0 fhw
| formail -i "Subject: *****relays.ordb.org***** $SUB1"
:0
* ^Subject:.*(*****relays.ordb.org*****)
ATT_SPAM/HOST_relays.ordb.org/
}
################ opm.blitzed.org ###################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.opm.blitzed.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****opm.blitzed.org***** $SUB1"
:0
* ^Subject:.*(*****opm.blitzed.org*****)
ATT_SPAM/HOST_opm.blitzed.org/
}
################ list.dsbl.org #####################################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.list.dsbl.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****list.dsbl.org***** $SUB1"
:0
* ^Subject:.*(*****list.dsbl.org*****)
ATT_SPAM/HOST_list.dsbl.org/
}
################ dul.dnsbl.sorbs.org ###############################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.dul.dnsbl.sorbs.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1"
:0
* ^Subject:.*(*****dul.dnsbl.sorbs.org*****)
ATT_SPAM/HOST_dul.dnsbl.sorbs.org/
}
################ blackholes.mail-abuse.org #########################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.blackholes.mail-abuse.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****blackholes.mail-abuse.org***** $SUB1"
:0
* ^Subject:.*(*****blackholes.mail-abuse.org*****)
ATT_SPAM/HOST_blackholes.mail-abuse.org/
}
################ dialups.mail-abuse.org #########################
:0
{ REVCHECKIP=`host ${RECEIVIPREV}.dialups.mail-abuse.org 2>&1 | grep -v 'not found.'` }
:0
* $ REVCHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****dialups.mail-abuse.org***** $SUB1"
:0
* ^Subject:.*(*****dialups.mail-abuse.org*****)
ATT_SPAM/HOST_dialups.mail-abuse.org/
}
}
}
}
########## second IP ##########
:0 H
* Received: from.*\[.*\](.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
{
RECEIVIP2=${MATCH}
:0
* ! RECEIVIP2 ?? 127.0.0.1
{
:0
* RECEIVIP2 ?? ()\/[0-9]+
{
QUAD1=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.\/[0-9]+
{
QUAD2=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.[0-9]+\.\/[0-9]+
{
QUAD3=${MATCH}
:0
* RECEIVIP2 ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
{
RECEIVIP2REV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
}
}
}
################ sbl-xbl.spamhaus.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.sbl-xbl.spamhaus.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1"
:0
* ^Subject:.*(*****sbl-xbl.spamhaus.org*****)
ATT_SPAM/HOST_sbl-xbl.spamhaus.org/
}
################ cbl.abuseat.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.cbl.abuseat.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****cbl.abuseat.org***** $SUB1"
:0
* ^Subject:.*(*****cbl.abuseat.org*****)
ATT_SPAM/HOST_cbl.abuseat.org/
}
################ relays.ordb.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.relays.ordb.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0 fhw
| formail -i "Subject: *****relays.ordb.org***** $SUB1"
:0
* ^Subject:.*(*****relays.ordb.org*****)
ATT_SPAM/HOST_relays.ordb.org/
}
################ opm.blitzed.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.opm.blitzed.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****opm.blitzed.org***** $SUB1"
:0
* ^Subject:.*(*****opm.blitzed.org*****)
ATT_SPAM/HOST_opm.blitzed.org/
}
################ list.dsbl.org ###################################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.list.dsbl.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****list.dsbl.org***** $SUB1"
:0
* ^Subject:.*(*****list.dsbl.org*****)
ATT_SPAM/HOST_list.dsbl.org/
}
################ dul.dnsbl.sorbs.org ###############################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.dul.dnsbl.sorbs.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1"
:0
* ^Subject:.*(*****dul.dnsbl.sorbs.org*****)
ATT_SPAM/HOST_dul.dnsbl.sorbs.org/
}
################ blackholes.mail-abuse.org #########################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.blackholes.mail-abuse.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****blackholes.mail-abuse.org***** $SUB1"
:0
* ^Subject:.*(*****blackholes.mail-abuse.org*****)
ATT_SPAM/HOST_blackholes.mail-abuse.org/
}
################ dialups.mail-abuse.org ############################
:0
{ REV2CHECKIP=`host ${RECEIVIP2REV}.dialups.mail-abuse.org 2>&1 | grep -v 'not found.'` }
:0
* $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
{
:0fhw
| formail -i "Subject: *****dialups.mail-abuse.org***** $SUB1"
:0
* ^Subject:.*(*****dialups.mail-abuse.org*****)
ATT_SPAM/HOST_dialups.mail-abuse.org/
}
}
}
}
########################################### END-OF-SPAMHAUS ########
Attachment:
signature.pgp
Description: Digital signature