You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Luis Hernán Otegui <lu...@gmail.com> on 2008/05/20 15:48:50 UTC
Can I block/blacklist via SPF??
Hello, list. I've been wondering how to stop traffic from certain
hosts which only seem to distribute spam. I'm tired of reporting the
emails to their ISP, Spamcop, etc. Since the servers are identically
configured (they seem to be virtual machines fired up/cloned from the
same template), and have valid SPF records, I would like to know if is
there a way to block/blacklist these domains via SpamAssassin.
For the record, I run Postfix/Amavisd-new 2.5.4/SA 3.2.4. I do SPF
checks only via SA.
Here are two examples:
http://pastebin.com/m2a039236
http://pastebin.com/m5f77a5a4
Thanks in advance,
Luis
--
_____________________________________
GNU/GPL: "May The Source Be With You...
Linux Registered User #448382.
_____________________________________
Re: Can I block/blacklist via SPF??
Posted by Matt Kettler <mk...@verizon.net>.
Benny Pedersen wrote:
> On Tue, May 20, 2008 16:08, Matt Kettler wrote:
>
>
>> Why get SPF involved? Just blacklist the domain with blacklist_from
>> *@example.com.
>>
>
> bad example :-)
>
>
Agreed..
>> SPF is useful to prevent forgery, but if a spammer wants to forge a
>> domain you've blacklisted.. well, more power to em.
>>
>
> default spamassassin have low scores on pass/whitelist so if recipient really
> want it users need to do whitelist_auth foo@domain.tld
>
> and change scores on whitelist_* maybe :-)
>
True, which would really be the case no matter how a domain is blacklisted.
But in this case, OP isn't concerned with how to bypass a blacklist. It
was just a bad example. :)
Re: Can I block/blacklist via SPF??
Posted by Benny Pedersen <me...@junc.org>.
On Tue, May 20, 2008 16:08, Matt Kettler wrote:
> Why get SPF involved? Just blacklist the domain with blacklist_from
> *@example.com.
bad example :-)
> SPF is useful to prevent forgery, but if a spammer wants to forge a
> domain you've blacklisted.. well, more power to em.
default spamassassin have low scores on pass/whitelist so if recipient really
want it users need to do whitelist_auth foo@domain.tld
and change scores on whitelist_* maybe :-)
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: Can I block/blacklist via SPF??
Posted by Luis Hernán Otegui <lu...@gmail.com>.
2008/5/20 mouss <mo...@netoyen.net>:
> Matt Kettler wrote:
>>
>> Luis Hernán Otegui wrote:
>>>
>>> Hello, list. I've been wondering how to stop traffic from certain
>>> hosts which only seem to distribute spam. I'm tired of reporting the
>>> emails to their ISP, Spamcop, etc. Since the servers are identically
>>> configured (they seem to be virtual machines fired up/cloned from the
>>> same template), and have valid SPF records, I would like to know if is
>>> there a way to block/blacklist these domains via SpamAssassin.
>>>
>>
>> Why get SPF involved? Just blacklist the domain with blacklist_from
>> *@example.com.
>>
>> SPF is useful to prevent forgery, but if a spammer wants to forge a domain
>> you've blacklisted.. well, more power to em.
>>
>>
>
> and he can also block the domains or the clients in his MTA.
Well, guess I left my brain on my night table this morning... Thanks
for the Kindergarden lesson! Blocked them @ Postfix.
Excuse me for the dumb topic. Too much coffee and no sleeping make me
really close to a sea slug when it comes to thinking ;-)
>
>
Best regards,
Luis
--
_____________________________________
GNU/GPL: "May The Source Be With You...
Linux Registered User #448382.
_____________________________________
Re: Can I block/blacklist via SPF??
Posted by mouss <mo...@netoyen.net>.
Matt Kettler wrote:
> Luis Hernán Otegui wrote:
>> Hello, list. I've been wondering how to stop traffic from certain
>> hosts which only seem to distribute spam. I'm tired of reporting the
>> emails to their ISP, Spamcop, etc. Since the servers are identically
>> configured (they seem to be virtual machines fired up/cloned from the
>> same template), and have valid SPF records, I would like to know if is
>> there a way to block/blacklist these domains via SpamAssassin.
>>
>
> Why get SPF involved? Just blacklist the domain with blacklist_from
> *@example.com.
>
> SPF is useful to prevent forgery, but if a spammer wants to forge a
> domain you've blacklisted.. well, more power to em.
>
>
and he can also block the domains or the clients in his MTA.
Re: Can I block/blacklist via SPF??
Posted by Matt Kettler <mk...@verizon.net>.
Luis Hernán Otegui wrote:
> Hello, list. I've been wondering how to stop traffic from certain
> hosts which only seem to distribute spam. I'm tired of reporting the
> emails to their ISP, Spamcop, etc. Since the servers are identically
> configured (they seem to be virtual machines fired up/cloned from the
> same template), and have valid SPF records, I would like to know if is
> there a way to block/blacklist these domains via SpamAssassin.
>
Why get SPF involved? Just blacklist the domain with blacklist_from
*@example.com.
SPF is useful to prevent forgery, but if a spammer wants to forge a
domain you've blacklisted.. well, more power to em.
Re: Can I block/blacklist via SPF??
Posted by Benny Pedersen <me...@junc.org>.
On Tue, May 20, 2008 15:48, Luis Hernán Otegui wrote:
> Here are two examples:
> http://pastebin.com/m2a039236
> http://pastebin.com/m5f77a5a4
both are good candidates for training bayes
just dont whitelist spam domains, it gets spf_pass that only says domain owner
have assigned it good relay, can be spam, or ham still
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098