You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2018/09/27 12:40:25 UTC
[Bug 7635] New: Bitcoin address check against reported scams
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
Bug ID: 7635
Summary: Bitcoin address check against reported scams
Product: Spamassassin
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: kjetil@kjernsmo.net
Target Milestone: Undefined
With the rise of the scams using Bitcoin addresses, it seems to be an important
feature, but as it was argued in Bug #7468, Bitcoin is in wide use, so a simple
rule won't cut it.
However, there are sites where you can report scams, e.g.
https://bitcoinwhoswho.com/ and it has an API to query for scams. So, a plugin
that can discover bitcoin addresses and then query for scams could have
significant impact.
Kjetil
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
--- Comment #8 from Henrik Krohns <he...@hege.li> ---
check_hashbl_bodyre can be used in trunk
Sending UPGRADE
Sending lib/Mail/SpamAssassin/Plugin/HashBL.pm
Transmitting file data ..done
Committing transaction...
Committed revision 1848553.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
Target Milestone|4.0.0 |3.4.3
--- Comment #9 from Giovanni Bechis <gi...@paclan.it> ---
check_hashbl_bodyre can be used in 3.4.3 from r1856896.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
--- Comment #10 from Giovanni Bechis <gi...@paclan.it> ---
Now that 3.4.3 has been released I would like to put this rule on my sandbox,
btcblack.it is a btc-rbl I manage.
Is it the correct timing to enable this rule ?
The rbl is in use by several people, if it would be needed I can enable some
mirrors.
if (version >= 3.004003)
ifplugin Mail::SpamAssassin::Plugin::HashBL
# BTC address present in BTC blacklist
body __HASHBL_BTC eval:check_hashbl_bodyre('bl.btcblack.it',
'raw/max=10/shuffle', '\b([13][a-km-zA-HJ-NP-Z1-9]{25,34})\b')
priority __HASHBL_BTC -100
tflags __HASHBL_BTC net
meta BTC_HASHBL_BLACK ( __HASHBL_BTC && __BITCOIN_ID &&
!__URL_BTC_ID )
describe BTC_HASHBL_BLACK Message contains BTC address found on BTC
blacklist
score BTC_HASHBL_BLACK 5.0
endif
endif
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
Henrik Krohns <he...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hege@hege.li
--- Comment #3 from Henrik Krohns <he...@hege.li> ---
Haven't had a chance to commit yet, but I've also enchanced HashBL to do
generic raw or hashed queries like
body HASHBL_BTC eval:check_hashbl_bodyre('btcbl.foo.bar',
'sha1/max=10/shuffle', '\b([13][a-km-zA-HJ-NP-Z1-9]{25,34})\b')
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
--- Comment #2 from Giovanni Bechis <gi...@paclan.it> ---
https://btcblack.it for work in progress info.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
--- Comment #14 from John Hardin <jh...@impsec.org> ---
(In reply to Henrik Krohns from comment #13)
> Also using my regex there shouldn't be a need to do any __BITCOIN_ID &&
> !__URL_BTC_ID meta stuff. Grepping from spam corpus all I get are the btc
> spam, and not random URLs similar to ham corpus.
Thanks, I will certainly look into that.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
Benny Pedersen <me...@junc.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me@junc.eu
--- Comment #4 from Benny Pedersen <me...@junc.eu> ---
i would like to try btc whitelist on succes, its imho to risky to send btc and
see looses to late
possible to support whitelist ?
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
John Hardin <jh...@impsec.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jhardin@impsec.org
--- Comment #11 from John Hardin <jh...@impsec.org> ---
(In reply to Giovanni Bechis from comment #10)
> Now that 3.4.3 has been released I would like to put this rule on my
> sandbox, btcblack.it is a btc-rbl I manage.
I'd be careful with that. The basic bitcoin wallet ID pattern hits an
unfortunate number of response-tracking URLs in legitimate mass mailings. The
RE should probably be more complex to avoid picking BTC-like strings out of
non-BTC URLs.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
--- Comment #13 from Henrik Krohns <ap...@hege.li> ---
Also using my regex there shouldn't be a need to do any __BITCOIN_ID &&
!__URL_BTC_ID meta stuff. Grepping from spam corpus all I get are the btc spam,
and not random URLs similar to ham corpus.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
--- Comment #12 from Henrik Krohns <ap...@hege.li> ---
Consider using
(?:\s|^)([13][a-km-zA-HJ-NP-Z1-9]{25,34})(?:\s|$)
It practically eliminates all matches from my ham corpus. And previous spam
runs were also pretty much whitespace delimited.
It's just a silly game of whackamole.. I vote +1 if you use my safe one to
reduce unneeded DNS queries..
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
Kevin A. McGrail <km...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@apache.org
Target Milestone|Undefined |4.0.0
--- Comment #5 from Kevin A. McGrail <km...@apache.org> ---
I'd like to see the hashbl additions and consider that for 4.0 rather than yet
another plugin. I'm trying to work on 3.4.3 so this would be for 4.0 IMO.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
--- Comment #7 from Giovanni Bechis <gi...@paclan.it> ---
(In reply to Kevin A. McGrail from comment #5)
> I'd like to see the hashbl additions and consider that for 4.0 rather than
> yet another plugin. I'm trying to work on 3.4.3 so this would be for 4.0
> IMO.
the plugin was just the quickest way to test my server
code, hashbl is definitely the way to go.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
Giovanni Bechis <gi...@paclan.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |giovanni@paclan.it
--- Comment #1 from Giovanni Bechis <gi...@paclan.it> ---
I recently created a dns bitcoin blacklist with a SpamAssassin plugin for this
purpose.
SpamAssassin Plugin is just a bit more than a Poc and it doesn't catch
obfuscated bitcoin addresses but it is a starting point.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7635] Bitcoin address check against reported scams
Posted by bu...@bugzilla.spamassassin.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7635
--- Comment #6 from Giovanni Bechis <gi...@paclan.it> ---
(In reply to Benny Pedersen from comment #4)
> i would like to try btc whitelist on succes, its imho to risky to send btc
> and see looses to late
>
> possible to support whitelist ?
AFAIK there isn't any public bitcoin whitelist available
and, as for email addresses, public whitelists could be poisoned.
--
You are receiving this mail because:
You are the assignee for the bug.