[TriLUG] SPAM filters

davis davis at skink.net
Thu Jan 9 12:19:44 EST 2003


Hello

I use SpamAssassin as well.  Here is a simple script for parsing the caughtpam file:

#!/usr/bin/perl
#John F. Davis


$spamfile = $ARGV[0];

unless ( -e $spamfile ) {
    printf("Can't find $spamfile to read!\n");
    exit;
}

open(SF,$spamfile) || die "cannot open $spamfile for reading. $!";
while (<SF>) {
    chomp;
    if (/Received: from .*/) {
        s/Received: from .*\[(.*)\].*/$1/;
        print "$_\n";
    }
}

close(SF) || die "cannot close $spamfile\n";

use it like so: spamips.pl caughtspam

It will generate a list of ips which you can paste into your firewall
blocked hosts lists.  Periodically you will have to change some of the 
duplicate ips into netblocks.  ie. 66.77.193.x and 66.77.193.y to 66.77.193.0/24.

Happiness is a empty mailbox, a empty caughtspam file, and a large
filter count: 

This is just a sample. (ps, I reset the firewall stats earlier today.  This
is just a half day count.)

   7   356 DROP       all  --  eth0   any     66.150.179.0/24      anywhere           
    0     0 DROP       all  --  eth0   any     66.161.0.242         anywhere           
    0     0 DROP       all  --  eth0   any     66-178-47-0.reverse.newskies.net/24  anywhere           
    0     0 DROP       all  --  eth0   any     66.180.243.0/24      anywhere           
    7   304 DROP       all  --  eth0   any     undefined-yet.list-email.net/24  anywhere 

-- 
Happy Trails
John F. Davis
ABC #6334 92 R100GSPD 



More information about the TriLUG mailing list