Dynamic black listing - locally blacklist sender domain / IP

[Petr Bena <pe...@bena.rocks>]

Hi,

I would like to implement some sort of semi-automated or dynamic sender 
black listing. Basically what I would like to accomplish is to have a 
dynamic blacklist (not something hardcoded in config files, but rather 
some sort of a database, possibly SQL based) so that I could relatively 
easily add senders domains to this list.

Another thing I would like to do with this is to create a special folder 
in my mailbox and create a cron task that would automatically get all 
senders of emails in this folder and add it into that dynamic blacklist. 
So that if I moved someone's e-mail to this specific folder in my 
mailbox, their whole domain would be blacklisted in my antispam (at some 
point I could probably just use current Junk folder for this purpose).

I am aware of DNSBL and I already use it, but it's not efficient enough, 
I am receiving tons of spam from certain domains and IP's, which are 
always same, and even if I have a cron task that automatically learn 
everything from my Junk folder as spam, spamassasin pass more than 90% 
of these senders in future, even if they keep using same domains and IPs 
to send spam. I used to add these to config file like this:


blacklist_from      *@*wyprz.xyz

What I would like to do is something like

blacklist_from_postgres     sa@localhost:sa/blacklist

Or something like that so that it would connect to localhost postgres 
and checked mail sender against table blacklist in db sa or anything 
similar like this.

Isn't there already some sort of a plugin that is capable of this? 
Basically if there was something that would allow me to create this 
dynamic blacklist (eg. let me create some mysql / postgres table that 
would be used as blacklist by spamassasin) I could implement the rest 
myself easily.

Thanks

Re: Dynamic black listing - locally blacklist sender domain / IP

[Axb <ax...@gmail.com>]

On 10/15/2016 04:13 PM, Petr Bena wrote:
> I already do that I use DNSBL but they have too small expiry time, if
> they blacklist someone, in two days they are free to spam again. If it
> worked and I didn't keep getting spammed by same IP's and same senders
> all time I wouldn't have to hardcode them into my configuration, which
> is indeed pretty annoying.

<top_posting_urks>

Are you aware that you can run your own "DNSBL" locally?

With one simple piece of software you can run IP/domain/hash black, 
white, and even purple lists, for FREE

You don't have to be tied to third party lists only.

Google for rbldnsd - there's lots of info on how to setup and all you 
can do with it.


> On 10/15/16 15:43, Axb wrote:
>> On 10/15/2016 01:45 PM, Petr Bena wrote:
>>> Hi,
>>>
>>> I would like to implement some sort of semi-automated or dynamic sender
>>> black listing. Basically what I would like to accomplish is to have a
>>> dynamic blacklist (not something hardcoded in config files, but rather
>>> some sort of a database, possibly SQL based) so that I could relatively
>>> easily add senders domains to this list.
>>>
>>> Another thing I would like to do with this is to create a special folder
>>> in my mailbox and create a cron task that would automatically get all
>>> senders of emails in this folder and add it into that dynamic blacklist.
>>> So that if I moved someone's e-mail to this specific folder in my
>>> mailbox, their whole domain would be blacklisted in my antispam (at some
>>> point I could probably just use current Junk folder for this purpose).
>>>
>>> I am aware of DNSBL and I already use it, but it's not efficient enough,
>>> I am receiving tons of spam from certain domains and IP's, which are
>>> always same, and even if I have a cron task that automatically learn
>>> everything from my Junk folder as spam, spamassasin pass more than 90%
>>> of these senders in future, even if they keep using same domains and IPs
>>> to send spam. I used to add these to config file like this:
>>>
>>>
>>> blacklist_from      *@*wyprz.xyz
>>>
>>> What I would like to do is something like
>>>
>>> blacklist_from_postgres     sa@localhost:sa/blacklist
>>>
>>> Or something like that so that it would connect to localhost postgres
>>> and checked mail sender against table blacklist in db sa or anything
>>> similar like this.
>>>
>>> Isn't there already some sort of a plugin that is capable of this?
>>> Basically if there was something that would allow me to create this
>>> dynamic blacklist (eg. let me create some mysql / postgres table that
>>> would be used as blacklist by spamassasin) I could implement the rest
>>> myself easily.
>>
>> if you want to block snowshoe, chase their ranges and use IP/domain
>> lists to block at smtp level (rbldnsd).
>>
>> blocking senders via SA is probably the most inneficient way to do it.
>>
>>
>>
>>
>

Re: Dynamic black listing - locally blacklist sender domain / IP

[Petr Bena <pe...@bena.rocks>]

I already do that I use DNSBL but they have too small expiry time, if
they blacklist someone, in two days they are free to spam again. If it
worked and I didn't keep getting spammed by same IP's and same senders
all time I wouldn't have to hardcode them into my configuration, which
is indeed pretty annoying.


On 10/15/16 15:43, Axb wrote:
> On 10/15/2016 01:45 PM, Petr Bena wrote:
>> Hi,
>>
>> I would like to implement some sort of semi-automated or dynamic sender
>> black listing. Basically what I would like to accomplish is to have a
>> dynamic blacklist (not something hardcoded in config files, but rather
>> some sort of a database, possibly SQL based) so that I could relatively
>> easily add senders domains to this list.
>>
>> Another thing I would like to do with this is to create a special folder
>> in my mailbox and create a cron task that would automatically get all
>> senders of emails in this folder and add it into that dynamic blacklist.
>> So that if I moved someone's e-mail to this specific folder in my
>> mailbox, their whole domain would be blacklisted in my antispam (at some
>> point I could probably just use current Junk folder for this purpose).
>>
>> I am aware of DNSBL and I already use it, but it's not efficient enough,
>> I am receiving tons of spam from certain domains and IP's, which are
>> always same, and even if I have a cron task that automatically learn
>> everything from my Junk folder as spam, spamassasin pass more than 90%
>> of these senders in future, even if they keep using same domains and IPs
>> to send spam. I used to add these to config file like this:
>>
>>
>> blacklist_from      *@*wyprz.xyz
>>
>> What I would like to do is something like
>>
>> blacklist_from_postgres     sa@localhost:sa/blacklist
>>
>> Or something like that so that it would connect to localhost postgres
>> and checked mail sender against table blacklist in db sa or anything
>> similar like this.
>>
>> Isn't there already some sort of a plugin that is capable of this?
>> Basically if there was something that would allow me to create this
>> dynamic blacklist (eg. let me create some mysql / postgres table that
>> would be used as blacklist by spamassasin) I could implement the rest
>> myself easily.
>
> if you want to block snowshoe, chase their ranges and use IP/domain
> lists to block at smtp level (rbldnsd).
>
> blocking senders via SA is probably the most inneficient way to do it.
>
>
>
>

Re: Dynamic black listing - locally blacklist sender domain / IP

[Axb <ax...@gmail.com>]

On 10/15/2016 01:45 PM, Petr Bena wrote:
> Hi,
>
> I would like to implement some sort of semi-automated or dynamic sender
> black listing. Basically what I would like to accomplish is to have a
> dynamic blacklist (not something hardcoded in config files, but rather
> some sort of a database, possibly SQL based) so that I could relatively
> easily add senders domains to this list.
>
> Another thing I would like to do with this is to create a special folder
> in my mailbox and create a cron task that would automatically get all
> senders of emails in this folder and add it into that dynamic blacklist.
> So that if I moved someone's e-mail to this specific folder in my
> mailbox, their whole domain would be blacklisted in my antispam (at some
> point I could probably just use current Junk folder for this purpose).
>
> I am aware of DNSBL and I already use it, but it's not efficient enough,
> I am receiving tons of spam from certain domains and IP's, which are
> always same, and even if I have a cron task that automatically learn
> everything from my Junk folder as spam, spamassasin pass more than 90%
> of these senders in future, even if they keep using same domains and IPs
> to send spam. I used to add these to config file like this:
>
>
> blacklist_from      *@*wyprz.xyz
>
> What I would like to do is something like
>
> blacklist_from_postgres     sa@localhost:sa/blacklist
>
> Or something like that so that it would connect to localhost postgres
> and checked mail sender against table blacklist in db sa or anything
> similar like this.
>
> Isn't there already some sort of a plugin that is capable of this?
> Basically if there was something that would allow me to create this
> dynamic blacklist (eg. let me create some mysql / postgres table that
> would be used as blacklist by spamassasin) I could implement the rest
> myself easily.

if you want to block snowshoe, chase their ranges and use IP/domain 
lists to block at smtp level (rbldnsd).

blocking senders via SA is probably the most inneficient way to do it.