SMTP-time spam rejection by IP

[Julian Field]

At 21:11 10/06/2004, you wrote:
>I've read several documents on how it isn't useful to have a spam rule set
>based on an IP address because spammers are constantly changing their ip
>address.
>
>Does there exist, however, a script that would integrate with mailscanner
>to identify an ip address of someone sending massive amounts of messages
>in succession to which our server only responds "user unknown" (indicating
>a spammer). Furthermore, would it be possible to dynamically take that ip
>address and immediately block or tarpit the sender for a given time.
>
>Is there any existing active filter that modifies the access.db on the fly
>based on failed reverse DNS lookups? would it be possible to have
>mailscanner send a message to like a 7-layer switch instructing it what
>type of message to just DISCARD.
>
>If there is anyone who has already implemented something like this I'd be
>interested to know.

There isn't any MailScanner-based system which counts rejections as such.
However there is code available in CustomConfig.pm (look for IPBlock) which
will control the access db based on the number of connections received from
an IP address.

Take a look at that, it may well provide a close enough function to what
you are looking for.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html