An update on Communicado

It has been a busy few weeks since I first blogged about Communicado, here are some of the highlights of what has been going on.

  • Communicado are still registering somewhere between 40 and 60 new domains a week.  The blacklist is being regularly updated and currently has 5364 domains listed.
  • Communicado appear to have switched registrars from DAILY to ENOM as of yesterday.  Makes no difference to picking up their domains.
  • Nominet has been investigating and tell me that some of Communicado’s domains have been suspended and they are in the process of suspending more.
  • Please follow @Excommunicado for news and announcements on Twitter.  Low volume, only on topic.
  • The existing text file download will continue to be updated but, by popular demand, I have set up a DNS RBL containing their domains.  As of the time of writing it is open access, that may change if it becomes too busy.  Using it is easy:
martin@olga:~$ host malimanosa.co.uk.excommunicado.co.uk
malimanosa.co.uk.excommunicado.co.uk has address 127.0.0.2
martin@olga:~$ host flobbletob.co.uk.excommunicado.co.uk 
Host flobbletob.excommunicado.co.uk not found: 3(NXDOMAIN)

If anyone wants to provide working configuration examples for SpamAssassin (or other similar tools), I will cheerfully link to them or post them here.

More news when I have it, have a Communicado-free afternoon!

6 thoughts on “An update on Communicado”

  1. Here’s some quick and dirty perl for doing a lookup – it should be possible to wrap this into a plugin for spamassassin format.

    #!/usr/bin/perl

    use Net::DNS;

    $domain = @ARGV[0];
    my $res = Net::DNS::Resolver->new;

    lookup_hostname();
    is_it_a_spammer();

    sub lookup_hostname {

    $query = $res->query(“$domain”,”A”);

    if ($query) {
    foreach $rr ($query->answer) {
    next unless $rr->type eq “A”;

    our $ip = $rr->address;

    }
    }
    }

    sub is_it_a_spammer {

    if ( $ip =~ /127.0.0.2/ ){
    return 1;
    } else {
    return 0;
    }
    }

    I’ve been looking at the FromNotReplyTo plugin for inspiration and the from address is available via:

    my $from = lc($msg->get( ‘From:addr’ ));

    (whilst I’ve been using $ARGV[0] for testing), so plugging the sender domain back into $domain should be possible?

    Sorry for the unfinished state of this – I’m off home now 🙂

  2. Here we go – the finished SA plugin. Please excuse any little formatting quirks that might creep in by pasting it here!

    Excommunicado.cf
    —–

    loadplugin Excommunicado Excommunicado.pm
    header EXCOMMUNICADO eval:lookup_excommunicado()
    score EXCOMMUNICADO 5.0
    describe EXCOMMUNICADO Sender domain is listed as a Communicado spamming domain.

    —–

    Excommunicado.pm
    —–

    package Excommunicado;
    1;

    use strict;

    use Mail::SpamAssassin;
    use Mail::SpamAssassin::Plugin;
    our @ISA = qw(Mail::SpamAssassin::Plugin);

    use Net::DNS;

    sub new {
    my ($class, $mailsa) = @_;
    $class = ref($class) || $class;
    my $self = $class->SUPER::new( $mailsa );
    bless ($self, $class);
    $self->register_eval_rule ( ‘lookup_excommunicado’ );

    return $self;
    }

    sub lookup_excommunicado {
    my ($self, $pms) = @_;

    my %from_addrs = map { lc($_) => 1 } ($pms->all_from_addrs());
    delete $from_addrs{”}; # no empty ones thx

    foreach my $domain (keys %from_addrs) {

    $domain =~ s/.*@//;
    $domain = $domain . ‘.excommunicado.co.uk’;

    my $res = Net::DNS::Resolver->new;

    my $query = $res->query(“$domain”,”A”);

    if ($query) {
    foreach my $rr ($query->answer) {
    next unless $rr->type eq “A”;

    my $ip = $rr->address;

    if ( $ip =~ /127.0.0.2/ ){
    return 1;
    } else {
    return 0;
    }
    }
    }
    }
    }

    —–

  3. Martin, firstly, thanks for a great service! These bitesize bastards need stopping. 🙂

    Does the RBL only respond to root domains – no subdomains/hosts? At the moment, I’m requesting lookups on whatever’s to the right hands side of “@” in the smtp reverse-path but I’m thinking this might need changing…

Leave a Reply

Your email address will not be published.