Create a spammerbodies file and include this line
# various encoded URL formats. if they're trying to disguise the URL then they're up to no good/(ftp|https?):\/\/([^\/]*@)?([01]{10,})?(\d+|00+\d +(\.00+\d+){3}|[\%0-9a-zA-Z\.\?_-]*\%[\%0-9a-zA-Z\.\?_-]+)(:\d+)?(\/|"|\s|$)/ REJECT
Having just configured my email server with a ROBUST array of RBLs, I think this is a fantastic idea. I've been using the body_checks feature in postfix and manually adding violating URI's to create my own blacklist for several months now. I would love to benefit from a shared list. I don't care much for the white-list feature, that seems to me to create a backdoor for the spammer.
Combined, RBL and private blacklisting (IPs and Addys) allow me to block 6000 plus spam A DAY. That's for a mere 150 plus users. Server side spam blocking using only Bayesian processing is an immense processor drain as is server side virus scanning.
Look at it this way. Spammers need to make money. To do so you must be presented a URI to complete a transaction to make that money. They cannot easily change this URI without incurring cost so it will always be in the spam. Spammers who try to include too much "sales" content in their spams instead of a URI will be caught by a secondary bayesian filter.
P.s. We have been successfully blocking encrypted URI's for months now. It's an easy rule to set up and legitimate users will never encrypt a URI.
It's really quite beautiful.
Slashdot Mirror
Sure! These are things you can do if you are using Postfix as your MTA.
/(ftp|https?):\/\/([^\/]*@)?([01]{10,})?(\d+|00+\d +(\.00+\d+){3}|[\%0-9a-zA-Z\.\?_-]*\%[\%0-9a-zA-Z\ .\?_-]+)(:\d+)?(\/|"|\s|$)/ REJECT
d y.html
In your main.cf file include this at the bottom
body_checks = regexp:/etc/postfix/spammerbodies
Learn more here about main.cf and other cool spam protections here:
http://www.afp548.com/Articles/mail/spam2.html including a really great RBL configuration.
Create a spammerbodies file and include this line
# various encoded URL formats. if they're trying to disguise the URL then they're up to no good
You can get a full list of other scripts here:
http://www.securitysage.com/guides/postfix_uce_bo
and here
http://www.hispalinux.es/~data/postfix/
Hope that helps.
Having just configured my email server with a ROBUST array of RBLs, I think this is a fantastic idea. I've been using the body_checks feature in postfix and manually adding violating URI's to create my own blacklist for several months now. I would love to benefit from a shared list. I don't care much for the white-list feature, that seems to me to create a backdoor for the spammer. Combined, RBL and private blacklisting (IPs and Addys) allow me to block 6000 plus spam A DAY. That's for a mere 150 plus users. Server side spam blocking using only Bayesian processing is an immense processor drain as is server side virus scanning. Look at it this way. Spammers need to make money. To do so you must be presented a URI to complete a transaction to make that money. They cannot easily change this URI without incurring cost so it will always be in the spam. Spammers who try to include too much "sales" content in their spams instead of a URI will be caught by a secondary bayesian filter. P.s. We have been successfully blocking encrypted URI's for months now. It's an easy rule to set up and legitimate users will never encrypt a URI. It's really quite beautiful.