[TriLUG] SPAM filters
davis
davis at skink.net
Thu Jan 9 12:19:44 EST 2003
Hello
I use SpamAssassin as well. Here is a simple script for parsing the caughtpam file:
#!/usr/bin/perl
#John F. Davis
$spamfile = $ARGV[0];
unless ( -e $spamfile ) {
printf("Can't find $spamfile to read!\n");
exit;
}
open(SF,$spamfile) || die "cannot open $spamfile for reading. $!";
while (<SF>) {
chomp;
if (/Received: from .*/) {
s/Received: from .*\[(.*)\].*/$1/;
print "$_\n";
}
}
close(SF) || die "cannot close $spamfile\n";
use it like so: spamips.pl caughtspam
It will generate a list of ips which you can paste into your firewall
blocked hosts lists. Periodically you will have to change some of the
duplicate ips into netblocks. ie. 66.77.193.x and 66.77.193.y to 66.77.193.0/24.
Happiness is a empty mailbox, a empty caughtspam file, and a large
filter count:
This is just a sample. (ps, I reset the firewall stats earlier today. This
is just a half day count.)
7 356 DROP all -- eth0 any 66.150.179.0/24 anywhere
0 0 DROP all -- eth0 any 66.161.0.242 anywhere
0 0 DROP all -- eth0 any 66-178-47-0.reverse.newskies.net/24 anywhere
0 0 DROP all -- eth0 any 66.180.243.0/24 anywhere
7 304 DROP all -- eth0 any undefined-yet.list-email.net/24 anywhere
--
Happy Trails
John F. Davis
ABC #6334 92 R100GSPD
More information about the TriLUG
mailing list