Re: [Exim] Spews list filtering

Top Page
Delete this message
Reply to this message
Author: Konrad Michels
Date:  
To: Nico Erfurth
CC: exim-users
Subject: Re: [Exim] Spews list filtering
Hi Nico
In reply to your "PS" at the bottom of the mail, you get the two lists
from http://www.spews.org/spews_list_level1.txt and
http://www.spews.org/spews_list_level2.txt. Its quite interesting to
read on http://www.spews.org what its all about in detail.

Once you get the lists, what I did was

cat spews_list_level2.txt | awk '{print $1}' | grep -v "#" >>
spews_list2

which produces a list of ranged ip addresses in a flat file!

Does this make sense?

Later
Konrad


On Wed, 2003-02-12 at 11:16, Nico Erfurth wrote:
> Konrad Michels wrote:
> > Hi again folks
> > Seems to be "lets fix these spammers" day today for me! I've sucked
> > down the spews.org list of ip addresses, used awk and grep to produce a
> > list of only ip addresses in a flat text file, and quite happily got
> > exim to do lookups agains the list with the following in the configure
> > file:
> >
> > deny  hosts = /usr/local/exim/spews_list2
> >         message = Rejected - host IP address is in the spews list as a
> > spammer domain

> >
> > This definitely works well, which I did by adding my home IP to the list
> > and attempting a connect from home - got the rejection message back and
> > that was the end of that!
> >
> > However, in the interests of efficiency, it would seem to make more
> > sense to bung these IP addresses in a mysql database, and do the lookups
> > against it. Can anyone assist with the syntax for exim 4.12 to do a
> > lookup against a database for these ip addresses instead of looking up
> > against the flat text file?
>
> How does the list look like?
> I don't know what you downloaded :)
>
> Instead of using mysql, you should go for some fast filebased database
> for this, like cdb or the default dbm.
>
> If you have entries like
> 10.0.0.0/24
> 10.0.1.0/24
>
> you can use
> hosts = net24-cdb;/usr/local/exim/spews_list2.cdb
>
> if you have mixed netsizes like
>
> 10.0.0.0/24
> 10.1.0.0/20
>
> you can list a lookup for each size
>
> hosts = net24-cdb;/usr/local/exim/spews_list2.cdb : \
>          net20-cdb;/usr/local/exim/spews_list2.cdb

>
> for single ips, just use
> hosts = cdb;/usr/local/exim/spews_list2.cdb
>
> I think this should show you the right way :)
>
> Nico
>
> P.S. Can you show me/us which files you downloaded and how you converted
> them? I want to put together a small "Have fun with spammers and exim"-site.

--
***********************************************************************
*
* Konrad Michels
* System Administrator
* Surfkitchen Limited
* Abbey House
* 1650 Arlington Business Park
* Theale
* RG7 4SA
* United Kingdom
* Tel: +44 118 929 8079
*
***********************************************************************