How to install into your programs

The sa-blacklist files hold lists of spammer domains, in a form suitable for blocking access to those domains. Each one has a datestamp so you can locate a specific version and identify newer and older releases, but you should only need to use the versions with "current" in the name, which always points to the latest release.

Find the program you're using below to decide which one to use.

Exim mail server

Just thought I'd drop you a quick note on how to add your SA black list to Exim. To start with, the Squid list ( ) looks OK to use with Exim. Then, in exim.conf the following is added (near any other deny sections):

deny message = $sender_host_address Blocked by
	hosts = partial()lsearch;/path/to/
I'd like to sincerely thank Daniel Bird for contributing the above instructions.
Postfix mail server

Postfix is chocked full of features to help stem the tide of UCE, if you are already using some of them, you should consider the below recipe a guide and not so much a drop in solution. Take a look at the Postfix UCE docs, available here, (consider using a mirror):

...but for those of us who aren't using any of these conf declarations and would like to drop in Bill's blacklist, the following should suffice, we are going to be filtering based on the envelope sender.

  1. Copy the blacklist sa-blacklist.current.reject to a sensible spot, /etc/postfix/sender_restrictions seams reasonable.
  2. Update, adding the line:
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_restrictions
  3. Create the access table hash:
    postmap /etc/postfix/sender_restrictions
  4. Have the master daemon reread
    postfix reload

You are now rejecting envelope senders from the blacklisted domains, they will be rejected with a 554 error. If you would like to test this without actually rejecting mails, you can add `warn_if_reject, ' before the `check_sender_access' token, messages that would be rejected will be logged with a `reject_warning'.

I would like to sincerely thank Jereme Corrado for doing the postfix research and testing, and for contributing the above instructions.
Privoxy http proxy

The Privoxy privacy proxy (based on the Internet Junkbuster) filters outbound http and https requests and inbound replies, allowing you to block access to undesirable sites, block popups, block tracking gifs, etc. To install, place sa-blacklist.current.action in /etc/privoxy/ (your path may differ, based on operating system) and edit the "config" file there (note, this was previously called sa-blacklist.current.actions). Add the:

actionsfile sa-blacklist.current	#spamassassin domain blacklist
line so the file looks like:
actionsfile standard  # Internal purpose, recommended
actionsfile sa-blacklist.current	#spamassassin domain blacklist
actionsfile default   # Main actions file
actionsfile user      # User customizations

Restart Privoxy.

Qmail mail server

Qmail has the ability to unconditionally block mail from spammers based on the envelope sender (which may not be the same as the "From:" field in the header, don't be surprised if this approach misses some emails that you think it should catch). In other words, if the spammers don't lie about their sending domain, qmail may be able to block them before the mail message is even transmitted. This cuts down on things like bounces, and hopefully spam!

To install, locate qmail's "control" directory. Download the file, and append it to the "badmailfrom" file there. Restart qmail.

Spamassassin email spam filter and are the two files formatted for spamassassin. The first looks at the sender domain, but spammers more and more lie about the source so this won't catch everything. The second looks at each url in the message, and is more likely to catch the web sites to which spammers want you to go. These take a lot of processing for each message, so you'll want to give them a try on a sample account first.

As a side note, I also have as a list of tags spammers sometimes forget to convert in spam, also in spamassassin format.

All three files increase the spam score for the message, making it more likely that the spam will get caught.

To install, download the above three files and place them in /etc/mail/spamassassin/ , making sure they each end in ".cf" (spamassassin treats all files ending in .cf as configuration files and loads them all). Restart spamassassin.

A second approach, currently under test, is to publish the sa-blacklist domains as a dns-based RBL. This replaces the use of the file above, but performs the same checks with lower load.

For more information on this approach, installation instructions, and details on using both a dns-rbl-based sa-blacklist and a dns-rbl-based Spamcop database, please see .

Squid web cache

Squid can unconditionally block all outbound requests to certain domains. Privoxy is preferred for this, as privoxy will replace images with images, and squid will put in a dummy html page instead (which just means your pages will have broken images, no big deal). Other than that it will work just fine.

Download to /etc/squid/ (again, path may vary). Edit squid.conf , adding the line:

acl spammers url_regex "/etc/squid/"
in with the other acl lines (order for acl lines doesn't matter), and adding
http_access deny all spammers
above your http_access lines (order does matter here). Restart squid.

Sendmail mail server

Like qmail, sendmail can also inspect the envelope sender address and block based on the domain. Go to the /etc/mail directory, append sa-blacklist.current.sendmail-access to /etc/mail/access, run

make access.db
and restart sendmail.
Bill, what about....?

If you have a spam filtering tool, mail transport agent, http proxy, or any other program that you want to filter spammer domains, no problem. I can provide the list in any format you need. Simply send me the format to use and I'll add it to my build script.