Re: [exim] Unusual DNS Lists available

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
Subject: Re: [exim] Unusual DNS Lists available


Michelle Konzack wrote:
> Hi Marc,
>
> Am 2008-05-27 08:22:35, schrieb Marc Perkel:
>
>> dig perkel.com.rb.junkemailfilter.com         - returns 127.0.0.1
>> dig perkel.co.uk.rb.junkemailfilter.com       - returns 127.0.0.2
>> dig perkel.state.ca.us.rb.junkemailfilter.com - returns 127.0.0.3

>>
>
> Hmm are you think, this lookup is faster then a local check?
>

Well - it's very local on my system.
>
>>     Free Mail Domains List

>>
>> These are a list of host names of provider of free email accounts that
>> are often used for fraud scams. The list includes names like yahoo.com,
>> hotmail.com, gmail.com. This is not a block list. It is used to
>> determine if the account used comes from a freemail provider.
>>
>> Usage:
>>
>> dig yahoo.com.freemaildomains.junkemailfilter.com
>>
>
> May be usefull. How many FREMAIL DOMAINS are already listet?
> My own list has arround 73 from which I get regulary spam.
>


I have 1893 in my list. I use the list to avoid blacklisting them.
>
>> For example. Spammers sometimes send email from a hotmail.com account
>> and have the reply-to set to a gmail.com account. That way when the
>> sender gets shut down for spamming the reply-to still works.
>>
>
> ...and <gmail.com> will never take action against
> them and they can continue to spam the world!
>
> I HATE GMAIL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> Arround 1400 indirect GMAIL spams per day in my
> (old) mailbox are too much!!
>
>
>> Here's an example of an Exim rule to block this.
>>
>> # Freemail Tests
>>
>> warn    dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_From:}}
>>     add_header = X-Freemail-From: ${domain:${lc:$h_From:}}
>>     set acl_c_freemail = yes
>>     set acl_c_freemail_from = ${domain:${lc:$h_From:}}

>>     
>> warn    dnslists = freemaildomains.junkemailfilter.com/${domain:${lc:$h_Reply-to:}}
>>     add_header = X-Freemail-Reply-to: ${domain:${lc:$h_Reply-to:}}
>>     set acl_c_freemail = yes
>>     set acl_c_freemail_reply = ${domain:${lc:$h_Reply-to:}}

>>
>> deny    condition = ${if def:acl_c_freemail}
>>     condition = ${if eq{$sender_host_name}{}}

>>
>> deny    condition = ${if def:acl_c_freemail_reply}
>>     condition = ${if def:acl_c_freemail_from}
>>     !condition = ${if eqi{${local_part:$h_From:}@${domain:$h_From:}} \
>>         {${local_part:$h_Reply-to:}@${domain:$h_Reply-to:}}}

>>
>
> I will try this out and thest if it is faster then my local list...
>


Let me know how it works for you.
>
>>     ISP Hosts List

>>
>> The ISP list are domains that provide DSL or cable modem access to end
>> users. We use the list internally as an exclusion list when we test for
>> conditions excepting ISPs. This list is generated by using the registry
>> barrier of hosts that are classified as dynamic IP ranges. We don't know
>> how useful this list is to you but if you find a good use for it let us
>> know.
>>
>> dig comcast.com.isphosts.junkemailfilter.com
>>
>
> Many ISPs offer fixed IPs including VALID reverse lookups
> but they give them IPs from there dynamic pool...
>
> So this list will hit MANY innocent users.
>
>
>


It's not intended as a blacklist. I'm using it internally and I'm not
sure what good it is to just anyone reading it but I'm providing the
list in hopes of inspiring ideas.