Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » A custom spamassassin spam domain list
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
attached is a cf file i named 80_domains.cf that does a good job of filtering over 5800 spam domains in any email sent to your server, be it an HTML email or plain text. simply put the file in the plugins\spamassassin\rules folder and restart the server...there are no duplicates.

just updated the file today 5-04-09.
removed around 1,100 domains from the list that expired in the whois registry.
contains 5,886 known spam domains. will detect them in plain text or html email body...cuts down on spam quite a bit.

#####ALSO!!!#####
I'm sure most of you have gotten the junk spam from some foreign countries that has the subject as something like:
"Как научиться делать Праздники" or something and the entire email is some insane russian or weird language. most of these emails in their source headers are using a character set of:
charset="koi8-r" --just look at the source header of those types of emails and you'll see something like:

Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable


SO, to deal with junk spam like this, in my file here that you can download, just enter a line such as this:

mimeheader bad_char_set Content-Type =~ /charset="koi8-r"/i
score bad_char_set 20

the above line will BLOCK any email using that character set in it's headers!!!. you can add different char sets of course in that line above and change the score if you want. you may not want to totally block a char set but lower the score or something; like just add a 2 or 3 to it's score to increase it's chance of being tagged as spam. i however will block the charset koi8-r because i'm in the united states and none of my clients need this russian char set : )

**just an FYI** you can easily add your own entries to my list here by just adding an entry below the last line in my file here.
Also, keep in mind it's easier to edit this file if you have an editor that takes word wrap off so the lines don't look like paragraphs.

for example, if my last line has something like this:

rawbody spam_domains_30 /solargoldonline\.com/i
score spam_domains_30 20

-----------
you can add your own new line after it so you can not only have the domains i add but your own list in the same file. so you can
add something like:

rawbody spam_domains_31 /spamdomain\.com/i
score spam_domains_31 20

  • Attachment: 80_domains.cf
    (Size: 106.99KB, Downloaded 1496 times)

[Updated on: Mon, 04 May 2009 20:55]

  •  
evsmetal

Messages: 42
Karma: 0
Send a private message to this user
I copied it to my server, and restarted the service.

How can I see if it's working?
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
evsmetal wrote on Thu, 07 February 2008 19:45

I copied it to my server, and restarted the service.

How can I see if it's working?



well the easiest way would be to compose a very simple email and in the message enter one of the domains that is in the list...
so like, in my file you have something similar to "mysite\.com"

so type up an email and send it to yourself with mysite.com in the email (remove the \ )....then see if you get the email. you shouldn't.
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
can anyone verify if this is working for them?
works great here filtering tons of spam.
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
^^BUMP^^
updated first message...1,754 domains now filtered and marked as spam.
  •  
neilwr

Messages: 40
Karma: 0
Send a private message to this user
May have found a small error in one of the lines of code.

current line is.

rawbody spam_domains_15 /newmicrosoftdeals,com|

Should this read

rawbody spam_domains_15 /newmicrosoftdeals\.com|

Looks like the \. was missed and a , was type by mistake.

You can just edit your own file and then restart your kerio mail server service.

btw, great file excellent idea.
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
neilwr wrote on Thu, 13 March 2008 22:05

May have found a small error in one of the lines of code.

current line is.

rawbody spam_domains_15 /newmicrosoftdeals,com|

Should this read

rawbody spam_domains_15 /newmicrosoftdeals\.com|

Looks like the \. was missed and a , was type by mistake.

You can just edit your own file and then restart your kerio mail server service.

btw, great file excellent idea.


Ahh, thanks! I just corrected that so when i post the new file soon the mistake won't be there. Also, here is a good one to deal with things like: www todaypromo cn and the infamous:
myspamsite dot com

rawbody bad_dot_com m/www[\s]*[\w]*[\s]*cn|[\w ]*dot *com[\r\n]/i
score bad_dot_com 20

Also i see now they are putting their links in attachments telling you to "check out" the url in the attachment.

[Updated on: Wed, 26 March 2008 17:11]

  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
^^BUMP^^
updated first message...1,935 domains now filtered and marked as spam.
  •  
scottwilkins

Messages: 654
Karma: 7
Send a private message to this user
Just so folks know what to do with this, for a normal Windows installation the file would go here:

C:\Program Files\Kerio\MailServer\plugins\spamassassin\rules\

  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
^^BUMP^^
updated first message...2,066 domains now filtered and marked as spam.
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
^^BUMP^^
updated first message...2,311 domains now filtered and marked as spam.
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Spamassissin uses the 25_uribl.cf for this. It is dynamic as takes data from different sources on the net. Works well for me.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
linuxbox

Messages: 139
Karma: 0
Send a private message to this user
freakinvibe wrote on Fri, 23 May 2008 09:54

Spamassissin uses the 25_uribl.cf for this. It is dynamic as takes data from different sources on the net. Works well for me.


You need to understand also that 25_uribl.cf doesn't actually do anything with hostnames or domain names. you can read about it here at the bottom under 2nd stage how this list works with spamhaus and surbl.org: (it's IP based, not URL based)
http://www.spamhaus.org/effective_filtering.html

if you look at 25_uribl.cf, you'll see that rules look at sbl.spamhaus.org and multi.surbl.org which contain IP ADDRESSES associated with certain spam domains. this rule doesn't actually filter the domain name text itself, it uses spamhaus and surbl to lookup the domains IP address to check if it's on their blacklists. this is not very effective and not reliable because what if a non spam domain is on the same server ip as a spam domain?? then what? : )

My list doesn't do any extra processing or ask others for approval, doesn't do any dns queries for an ip etc etc. it's much more simple, if your domain name text is on the list, then you are blocked. blocking by IP address for a domain is senseless.

[Updated on: Fri, 23 May 2008 17:24]

  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
As you can see in

http://www.surbl.org/lists.html and

http://www.surbl.org/faq.html#differ-rbls

multi.surbl.org is an aggregate list of many lists, for example:

URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist

It contains URLs and not IP addresses. For me it is very effective. As I don't have the time to scan through Spam messages, manually extract bad URLs, manually put them in a list and the copy this list into my KMS configuration, I prefer 25_uribl.cf.

But I don't have anything against your list, it is probably good for many people, but not for me.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
copious

Messages: 1
Karma: 0
Send a private message to this user
Does anyone know the location this would go on a default install for the mac version?
Previous Topic: How to Export contacts from Kerio
Next Topic: Migration tool will not connect.
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 01:20:07 CET 2017

Total time taken to generate the page: 0.00598 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.