spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Haar <Jason.H...@trimble.co.nz>
Subject Re: Cooperative data gathering project.
Date Thu, 17 Dec 2009 02:47:01 GMT
On 12/17/2009 03:30 PM, Marc Perkel wrote:
> Then the third filed is NONE. That's how I do it. But the idea is that 
> any kind of daya can be collectively gathered and distributed.
>
Instead of a TCP channel (which means software), what about using DNS? 
If the SA clients did RBL lookups that contained the details as part of 
the query, then if your end parses DNS logs (I'm thinking djbdns, don't 
know about BIND), then you could extract the data yourself.

You could even introduce a token into the RBL to stop the bad guys 
corrupting your corpus (a problem you'll have to deal with anyway 
whatever the network mechanism).

e.g. (token == "834ufg754")

spam.1.2.3.4.834ufg754.newrbl.com
ham.5.6.7.8.834ufg754.newrbl.com

ie only the dns logs that contain valid tokens are legitimate

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


Mime
View raw message