Analyzes of Intention

Thread: Analyzes of Intention

Search this list only Search all lists
Analyzes of Intention
	2007-06-20 15:29:13
Hi list; It would like to know if amavisd-new has some configuration to make analyzes of intention of senders and IP's. Thank you. -- _________________________________________ _ Geison Porfirio ovo Developer of Systems of Linux Security /(_) e-mail: geisonp in gmail.com ^ ^ cel: (19) 8188-9965 \| GNU/Linux User: 443174 ------------------------------------------------------------ ------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourcefor ge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re: Analyzes of Intention
Germany	2007-06-20 15:30:06
* Geison Porfirio <geisonpgmail.com>: > Hi list; > > It would like to know if amavisd-new has some configuration to make > analyzes of intention of senders and IP's. Intention? They intend to send mail to you, what else? -- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandtcharite.de Charite - UniversitÃ¤tsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to plonkcharite.de ------------------------------------------------------------ ------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourcefor ge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re: Analyzes of Intention
	2007-06-20 15:42:54
2007/6/20, Ralf Hildebrandt <Ralf.Hildebrandtcharite.de>: > * Geison Porfirio <geisonpgmail.com>: > > Hi list; > > > > It would like to know if amavisd-new has some configuration to make > > analyzes of intention of senders and IP's. > > Intention? They intend to send mail to you, what else? I want to analizar my description of spam's and to verify the domains and ip's that more they had sent me Spam. With this to block or to mark e-mails of these senders. > > -- > Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandtcharite.de > Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155 > Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 > IT-Zentrum Standort CBF send no mail to plonkcharite.de > > ------------------------------------------------------------ ------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourcefor ge.net/powerbar/db2/ > _______________________________________________ > AMaViS-user mailing list > AMaViS-userlists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/ho wto/ -- _________________________________________ _ Geison Porfirio ovo Developer of Systems of Linux Security /(_) e-mail: geisonp in gmail.com ^ ^ cel: (19) 8188-9965 \| GNU/Linux User: 443174 ------------------------------------------------------------ ------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourcefor ge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re: Analyzes of Intention
	2007-06-20 15:58:01
2007/6/20, Geison Porfirio <geisonpgmail.com>: > 2007/6/20, Ralf Hildebrandt <Ralf.Hildebrandtcharite.de>: > > * Geison Porfirio <geisonpgmail.com>: > > > Hi list; > > > > > > It would like to know if amavisd-new has some configuration to make > > > analyzes of intention of senders and IP's. > > > > Intention? They intend to send mail to you, what else? > > I want to analizar my description of spam's and to verify the domains > and ip's that more they had sent me Spam. > With this to block or to mark e-mails of these senders. A little bit more information... I would like to select from some database the top #10 ip / domain spammers. In according this information i would not receive messages from these senders > > > > > > -- > > Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandtcharite.de > > Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155 > > Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 > > IT-Zentrum Standort CBF send no mail to plonkcharite.de > > > > ------------------------------------------------------------ ------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourcefor ge.net/powerbar/db2/ > > _______________________________________________ > > AMaViS-user mailing list > > AMaViS-userlists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/amavis-user > > AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 > > AMaViS-HowTos:http://www.amavis.org/ho wto/ > > > -- > _________________________________________ > _ Geison Porfirio > ovo Developer of Systems of Linux Security > /(_) e-mail: geisonp in gmail.com > ^ ^ cel: (19) 8188-9965 \| GNU/Linux User: 443174 > -- _________________________________________ _ Geison Porfirio ovo Developer of Systems of Linux Security /(_) e-mail: geisonp in gmail.com ^ ^ cel: (19) 8188-9965 \| GNU/Linux User: 443174 ------------------------------------------------------------ ------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourcefor ge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re: Analyzes of Intention
United States	2007-06-20 16:39:19
Geison wrote: > A little bit more information... > I would like to select from some database the top #10 ip / domain > spammers. In according this information i would not receive messages > from these senders Off hand I doubt you will ever know who the top ten spammers are. They probably are using the million or so botnet computers to spew their garbage. I doubt they they use one IP address and one domain name to send from. You would do a lot better by using zen.spamhaus.org to block some of those millions of computers. Their database is much better than anything you could ever craft by hand. Gary V ------------------------------------------------------------ ------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourcefor ge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re: Analyzes of Intention
United States	2007-06-20 16:51:24
Gary wrote: > Geison wrote: >> A little bit more information... >> I would like to select from some database the top #10 ip / domain >> spammers. In according this information i would not receive messages >> from these senders > Off hand I doubt you will ever know who the top ten spammers are. They > probably are using the million or so botnet computers to spew their > garbage. I doubt they they use one IP address and one domain name to > send from. You would do a lot better by using zen.spamhaus.org to > block some of those millions of computers. Their database is much > better than anything you could ever craft by hand. If you are using postfix, it would be something like this: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, <..possible other stuff..> reject_rbl_client zen.spamhaus.org I actually use use sbl-xbl.spamhaus.org (which is a subset of zen.spamhaus.org) You could use one or the other (but not both). Gary V ------------------------------------------------------------ ------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourcefor ge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

Re: Analyzes of Intention
Slovenia	2007-06-21 07:29:42
Geison, > I would like to select from some database the top #10 ip / domain > spammers. In according this information i would not receive messages > from these senders The README.sql-pg (and README.sql-mysql) list some interesting SQL queries, if you have logging to SQL enabled in amavisd.conf. Some examples of a query: -- mail from last two minutes: SELECT UNIX_TIMESTAMP()-msgs.time_num AS age, SUBSTRING(policy,1,2) as pb, content AS c, dsn_sent as dsn, ds, bspam_level AS level, size, SUBSTRING(sender.email,1,18) AS s, SUBSTRING(recip.email,1,18) AS r, SUBSTRING(msgs.subject,1,10) AS subj FROM msgs LEFT JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id LEFT JOIN maddr AS sender ON msgs.sid=sender.id LEFT JOIN maddr AS recip ON msgrcpt.rid=recip.id WHERE content IS NOT NULL AND UNIX_TIMESTAMP()-msgs.time_num < 120 ORDER BY msgs.time_num DESC; -- clean messages ordered by count, grouped by domain: SELECT count() as cnt, avg(bspam_level), sender.domain FROM msgs LEFT JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id LEFT JOIN maddr AS sender ON msgs.sid=sender.id LEFT JOIN maddr AS recip ON msgrcpt.rid=recip.id WHERE content='C' GROUP BY sender.domain ORDER BY cnt DESC LIMIT 50; -- top spamy domains with >10 messages, sorted by spam average, -- grouped by domain: SELECT count() as cnt, avg(bspam_level) as spam_avg, sender.domain FROM msgs LEFT JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id LEFT JOIN maddr AS sender ON msgs.sid=sender.id LEFT JOIN maddr AS recip ON msgrcpt.rid=recip.id WHERE bspam_level IS NOT NULL GROUP BY sender.domain HAVING count() > 10 ORDER BY spam_avg DESC LIMIT 50; -- sender domains with >100 messages, sorted on sender.domain: SELECT count() as cnt, avg(bspam_level) as spam_avg, sender.domain FROM msgs LEFT JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id LEFT JOIN maddr AS sender ON msgs.sid=sender.id LEFT JOIN maddr AS recip ON msgrcpt.rid=recip.id GROUP BY sender.domain HAVING count(*) > 100 ORDER BY sender.domain DESC LIMIT 100; Mark ------------------------------------------------------------ ------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourcefor ge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amav is.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/ho wto/

[1-7]

about | contact Other archives ( Real Estate discussion Medical topics )