phishing whitelist via DNS
David Lee
t.d.lee at DURHAM.AC.UK
Wed Oct 19 12:41:31 IST 2005
Julian: Last week we briefly discussed the possibility of doing the
"phishing.safe.sites.conf" information via DNS, so that it could be
maintained between releases and also follow more closely the methodology
of RBL blacklists.
I have cobbled together a quick "proof of concept" implementation:
1. loaded our DNS with data derived from a recent copy of the file;
2. patched "Message.pm" ("InPhishingWhitelist" subroutine; based on
4.47.1);
3. written a little driver program to call "InPhishingWhitelist" (loops on
stdin: the domain name to be checked).
Doubtless it needs more work (it doesn't yet handle the subtlety of a
couple of ":81"-like entries in your data; you would probably want to
rework it for interaction with the "REMOVE" option). And certainly the
DNS zonename would have to change (something under "mailscanner.info"?).
Attached are the Message.pm patch and the driver program. (The DNS data
should, of course, be visible via DNS.)
Enjoy.
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: Durham University :
: http://www.dur.ac.uk/t.d.lee/ South Road :
: Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
[ Part 2, "Message.pm patch" Text/PLAIN (Name: "Message.pm.patch") ]
[ 32 lines. ]
[ Unable to print this part. ]
[ Part 3, "Driver program" Text/PLAIN (Name: "test.pl") 6 lines. ]
[ Unable to print this part. ]
More information about the MailScanner
mailing list