phishing whitelist via DNS

David Lee t.d.lee at DURHAM.AC.UK
Wed Oct 19 12:41:31 IST 2005


Julian: Last week we briefly discussed the possibility of doing the 
"phishing.safe.sites.conf" information via DNS, so that it could be 
maintained between releases and also follow more closely the methodology 
of RBL blacklists.

I have cobbled together a quick "proof of concept" implementation:
1. loaded our DNS with data derived from a recent copy of the file;
2. patched "Message.pm" ("InPhishingWhitelist" subroutine; based on
    4.47.1);
3. written a little driver program to call "InPhishingWhitelist" (loops on
    stdin: the domain name to be checked).

Doubtless it needs more work (it doesn't yet handle the subtlety of a 
couple of ":81"-like entries in your data; you would probably want to 
rework it for interaction with the "REMOVE" option).  And certainly the 
DNS zonename would have to change (something under "mailscanner.info"?).

Attached are the Message.pm patch and the driver program.  (The DNS data 
should, of course, be visible via DNS.)

Enjoy.

-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
    [ Part 2, "Message.pm patch"  Text/PLAIN (Name: "Message.pm.patch")  ]
    [ 32 lines. ]
    [ Unable to print this part. ]


    [ Part 3, "Driver program"  Text/PLAIN (Name: "test.pl")  6 lines. ]
    [ Unable to print this part. ]




More information about the MailScanner mailing list