l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Apr 29 11:20

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Spamassassin global blacklist....
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Spamassassin global blacklist....

I posted before, asking for anyone to provide a list of global blacklists
they use for spamassassin.

I have a spamassassin global blacklist that I use and you are all welcome
to it. (It is dynamically created nightly from my config file, so that any
changes I make and add to the list are included within 24 hours.)


Spamassasin uses a local config file per user, and by default also uses a
system config file (/etc/mail/spamassassin/local.cf) to which you can set
global/site-wide settings. This is perfect for blocking spam sites with
the spamassassin blacklist_from directive.

Spam falls into 4 categories AFAIK:
1) Spam comes from the site that it actually appears to comes from
2) Spam comes from a [open|limited]Relay sent on purpose by someone with
access to the relay or not. (This includes e-mail with forged from-lines.)
3) Spam sent from individuals at ISP with "throw away" accounts.
4) Spam sent by users who don't realize they are spammers (after
installing trojaned software that makes them into a relay for some
spammers.) Some of these have cropped up as cases where the person
installing the software knows that it contributes to sending spam, but
they dont care since they are getting paid to be a relay.

For case #1: blacklist_from works great.
For case #2: ORBL, and other BL provide good support for giviing higher
spam scores to such hosts. (Use of a procmail filter also allows me to
prefilter mail from certain IP addresses when it is in the "received from"
chain in the header.)
For case #3: perfect for sending to spamcop to get their accounts closed
and possibly fine their credit cards used to open the accounts.
For case #4: also spamcop.

About 60% of the spam I get is from case#1.

The global blacklist can be appended to users' local spamassassin
configfiles to blacklist hosts. It can be put in the system config file
for spamassassin.

If any of you have other similar blacklists, I'd like to get your lists too.

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!