jerry.benton at mailborder.com
Sun Aug 24 14:30:48 IST 2014
You have presented what you see as a problem, yet have not presented a solution. If you have a better way to do it, write it and send it to me or this list and I will be happy to implement it. If you think it is overkill to blacklist an entire domain, again, provide an alternate solution and if it makes sense and is sustainable I will be happy to implement it.
The current build uses domains instead of URLs because the list from the current source at phishtank.com, which uses URLs, was somewhere around 30,000 items the last time I checked. That is way too big for a config file. Therefore, the current build script scrubs those and gets it under 1,000 items. This is done by evaluating all of the URLs and pulling the domains from them. This is not like blacklisting a /16 CIDR. There is (should be) a hell of a lot more control of what content gets posted on a domain’s website. If there is malicious content anywhere on a website, the whole thing should be blacklisted until they fix it. This isn’t mystifying. Google does the same thing with its search results.
Requirements for a new solution:
- A source for the bad sites. www.phishtank.com is currently used. It is actively maintained. If you know of a better resource, feel free to let me know.
- A new cron to replace the current version. I am aware it is very basic and needs to be updated. What we need is either a cron that will read a custom section of phishing.bad.sites.conf or we can add an additional file called something like phishing.bad.sites.custom.conf that can be read and merged with phishing.bad.sites.conf during the build.
- The same thing for phishing.safe.sites.conf
- A source for the safe sites if you think the current source is a bad one.
- The same cron logic as stated above for the bad sites.
So what would be the most helpful thing at the moment would be a cron that addresses the above issue regarding custom entries. It would need to evaluate your “safe” entries and remove it from the dynamic “bad” entries if present. It would then need to append the custom “safe” entries to phishing.safe.sites.conf.
On Aug 24, 2014, at 12:07 AM, Nick Edwards <nick.z.edwards at gmail.com> wrote:
> Would it not be better to first fix the
> I find it a bit ridiculous that you list URI shortners, like t.co and
> others (yet strangely not fb.me)
> its for that reason we dont and wont as an ISP, use your list. other
> mailscanner users in my group were also mystified why, and wont use it
> It's kind of like the old spews, list a /16 because of one or two
> spammers, complete overkill
> just sayin...
> On 8/12/14, Jerry Benton <jerry.benton at mailborder.com> wrote:
>> I would like to have content dynamically updated at some point. An example
>> would be an optional Phishing updates, ScamNailer updates (after we fix it),
>> etc. Also, versioning for content, a better wiki with better authoring
>> control, etc. The debate has already gone back and forth over this mailing
>> list regarding static vs CMS, so we don't need to rehash the same debate.
>> Jerry Benton
>> On Aug 11, 2014, at 11:55 AM, Richard Siddall <richard.siddall at elirion.net>
>>> Hristo Benev wrote:
>>>> Based on navbar-fixed-top
>>>> I've created this
>>>> Is CMS really needed? How many pages are changed and how frequently?
>>>> AFAIK most of the changes are in the wiki.
>>>> Development and version control could be done via GIT (or other VCS).
>>> "Build A Blog With Jekyll And GitHub Pages"
>>> Might suit a developer better than installing WordPress and a
>>> Bootstrap-based theme.
>>>> Do you have any comments?
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> Before posting, read http://wiki.mailscanner.info/posting
>>> Support MailScanner development - buy the book off the website!
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner