dnsbl'S + bogofilter = spam barbecue
Chris Fortune
cfortune at telus.net
Wed Nov 10 22:27:39 CET 2004
Any single DNSBL can be mistaken, so mail should not be rejected if it is listed on only one DNSBL. To be careful query 4 of the
best and factor the results. I like to roll my own solutions, and I don't like most MTAs' implementations of RBL checking - too
inflexible -, so I use a perl system call to a C program `rblcheck`, kill the mail if there are 3 or more hits, and add points to
the bogosity score otherwise. Here is the algorithm that has worked very well for me, written in perl pseudocode:
#!/ perl
...
$hits = -1; # number of RBLs with a record for this IP address
$bogosity = -1; # bayesian classification score
$multiplier = 0.10; # number of points to add to bogosity for each RBL hit
$IP_address = "216.144.204.43"; # guess who ;-)
#exit code returns number of dnsbls IP addr is listed on
$hits = system("rblcheck -q $IP_address");
if($hits >= 3){
&kill_email_now;
&store_ip_on_local_blacklist;
}
elsif($hits < 3){
$bogosity = call_bogofilter();
$bogosity += ($hits * $multiplier);
}
...
I really don't know how you could integrate this with your MTA... :(
Chris Fortune, CTO
http://spameater.com/
Thanks for supporting anti-spam R&D
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.786 / Virus Database: 532 - Release Date: 10/29/2004
More information about the Bogofilter
mailing list