Re: [exim] 2nd Stage DNS blocking

Top Page
Delete this message
Reply to this message
Author: Hardy
Date:  
To: exim-users
Subject: Re: [exim] 2nd Stage DNS blocking
On 08.10.2016 13:06, Lena@??? wrote:
>> From: Hardy
>
>> I would like to run
>> these "Received from" addresses against dnslists and/or blacklists in files.
>
> Honest users send non-spam messages from dynamic IP-addresses.
> Those dynamic IP-addresses often are in blacklists.
>


Thanks for the reminder. I am aware I have to be more careful. Even in
the 1st Stage DNS blocking I block only if the IP is listed in the
majority of blacklists (There are even whitelists to counter this). And
most blacklist providers offer a scheme for sensibility, as they also
know this problem.

Just for testing I use a very simple script like this for IPv4 IPs:

#!/bin/bash
set $(echo x $1 | tr "." " ")
shift
ip=$4.$3.$2.$1
echo $ip
L=0
echo BLACK
host ${ip}.zen.spamhaus.org && ((L++))
host ${ip}.cbl.abuseat.org && ((L++))
host ${ip}.dnsbl.sorbs.net && ((L++))
host ${ip}.ix.dnsbl.manitu.net && ((L++))
host ${ip}.ix.bl.spamcannibal.org && ((L++))
echo WHITE
host ${ip}.list.dnswl.org && ((L--))
host ${ip}.swl.spamhaus.org && ((L--))

echo SpamValue $L
exit $L

How many and which lists you query (apart from your own, my system
learns, I am VERY safe against address harvesters) and what level of $L
is significant is to be determined....