[BlueOnyx:16857] Re: How to add Blacklists?

Ernie ernie at info.eis.net.au
Tue Jan 13 18:45:11 -05 2015 

I was just reading through the uceprotech.net advice for ISP's as I had
never heard of uceprotect RBL until this thread, one thing they suggested
was:

"Users sending email to multiple undeliverable addresses within a short time
frame are almost always spammers, therefore you should shutdown those
accounts automatically and promptly."

Does BlueOnyx have the ablitiy to detect users that are trying to send to
multiple undeliverable addresses? This would be a good way of detecting if a
users email account has been compromised and used by a spammer. 

I find that does happen a lot when naive users respond to an email that asks for their
username and password, or a brute force attack on SMTPauth.


- Ernie.


> Hi Chris,
> 
> > Also, I think that instead of "dnsbl-2useprotect.net", you mean to say 
> > "dnsbl-2.uceprotect.net".   And while we're talking about 
> > UCEprotect.net, I think that it's worth mentioning that this is a 
> > somewhat more aggressive list than, say, Spamcop.net or the Spamhaus ZEN 
> > list.  I say this without any axe to grind.
> 
> I'd also like to add another perspective and suggestion here: Using RBLs
> directly in Sendmail is naturally an option. Using some of the more
> aggressive/progressive RBLs such as UCE (I love it, too!) can then be a
> bit problematic, as it might block emails for certain usage cases.
> 
> A slightly better approach there is this: Instead of using these more
> aggressive/progressive RBLs in Sendmail offload them to SpamAssassin and
> give them a score slightly below the threshold at which email is marked
> as SPAM.
> 
> In that case the mails will get marked as SPAM if there are other
> indicators that suggest it is indeed SPAM. But mails without such
> indicators still get through. Especially if you routinely receive emails
> from there.
> 
> As an example use the config file /etc/mail/spamassassin/spamrats.cf
> that's included in the AV-SPAM package. To add a new RBL just create a
> new file ending with *.cf in /etc/mail/spamassassin/ and stay true to
> the suggested format from spamrats.cf:
> 
> Example for UCEprotect:
> 
> header UCE_PROT eval:check_rbl('UCE_PROT', 'dnsbl-2.uceprotect.net.')
> score UCE_PROT 2.5
> 
> That adds a rule named UCE_PROT that uses dnsbl-2.uceprotect.net and
> gives it a score of 2.5 points.
> 
> -- 
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

-- 
"I Ping therefore I am."

More information about the Blueonyx mailing list