The sa-blacklist files hold lists of spammer domains, in a form suitable for blocking access to those domains. Each one has a datestamp so you can locate a specific version and identify newer and older releases, but you should only need to use the versions with "current" in the name, which always points to the latest release.
Find the program you're using below to decide which one to use.
Just thought I'd drop you a quick note on how to add your SA black list to Exim. To start with, the Squid list ( sa-blacklist.current.domains ) looks OK to use with Exim. Then, in exim.conf the following is added (near any other deny sections):
deny message = $sender_host_address Blocked by http://www.stearns.org/sa-blacklist/ hosts = partial()lsearch;/path/to/sa-blacklist.current.domainsI'd like to sincerely thank Daniel Bird for contributing the above instructions.
Postfix is chocked full of features to help stem the tide of UCE, if you are already using some of them, you should consider the below recipe a guide and not so much a drop in solution. Take a look at the Postfix UCE docs, available here, (consider using a mirror):http://www.postfix.org/uce.html
...but for those of us who aren't using any of these conf declarations and would like to drop in Bill's blacklist, the following should suffice, we are going to be filtering based on the envelope sender.
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_restrictions
You are now rejecting envelope senders from the blacklisted domains, they will be rejected with a 554 error. If you would like to test this without actually rejecting mails, you can add `warn_if_reject, ' before the `check_sender_access' token, messages that would be rejected will be logged with a `reject_warning'.I would like to sincerely thank Jereme Corrado for doing the postfix research and testing, and for contributing the above instructions.
The Privoxy privacy proxy (based on the Internet Junkbuster) filters outbound http and https requests and inbound replies, allowing you to block access to undesirable sites, block popups, block tracking gifs, etc. To install, place sa-blacklist.current.action in /etc/privoxy/ (your path may differ, based on operating system) and edit the "config" file there (note, this was previously called sa-blacklist.current.actions). Add the:
actionsfile sa-blacklist.current #spamassassin domain blacklistline so the file looks like:
actionsfile standard # Internal purpose, recommended actionsfile sa-blacklist.current #spamassassin domain blacklist actionsfile default # Main actions file actionsfile user # User customizations
Qmail has the ability to unconditionally block mail from spammers based on the envelope sender (which may not be the same as the "From:" field in the header, don't be surprised if this approach misses some emails that you think it should catch). In other words, if the spammers don't lie about their sending domain, qmail may be able to block them before the mail message is even transmitted. This cuts down on things like bounces, and hopefully spam!
To install, locate qmail's "control" directory. Download the sa-blacklist.current.at-domains file, and append it to the "badmailfrom" file there. Restart qmail.
As a side note, I also have random.current.cf as a list of tags spammers sometimes forget to convert in spam, also in spamassassin format.
All three files increase the spam score for the message, making it more likely that the spam will get caught.
To install, download the above three files and place them in /etc/mail/spamassassin/ , making sure they each end in ".cf" (spamassassin treats all files ending in .cf as configuration files and loads them all). Restart spamassassin.
A second approach, currently under test, is to publish the sa-blacklist domains as a dns-based RBL. This replaces the use of the .uri.cf file above, but performs the same checks with lower load.
For more information on this approach, installation instructions, and details on using both a dns-rbl-based sa-blacklist and a dns-rbl-based Spamcop database, please see http://www.surbl.org .
Squid can unconditionally block all outbound requests to certain domains. Privoxy is preferred for this, as privoxy will replace images with images, and squid will put in a dummy html page instead (which just means your pages will have broken images, no big deal). Other than that it will work just fine.
Download sa-blacklist.current.domains to /etc/squid/ (again, path may vary). Edit squid.conf , adding the line:
acl spammers url_regex "/etc/squid/sa-blacklist.current.domains"in with the other acl lines (order for acl lines doesn't matter), and adding
http_access deny all spammersabove your http_access lines (order does matter here). Restart squid.
Like qmail, sendmail can also inspect the envelope sender address and block based on the domain. Go to the /etc/mail directory, append sa-blacklist.current.sendmail-access to /etc/mail/access, run
make access.dband restart sendmail.
If you have a spam filtering tool, mail transport agent, http proxy, or any other program that you want to filter spammer domains, no problem. I can provide the list in any format you need. Simply send me the format to use and I'll add it to my build script.