SMTP-time spam rejection by IP

Julian Field mailscanner at
Thu Jun 10 21:58:27 IST 2004

At 21:11 10/06/2004, you wrote:
>I've read several documents on how it isn't useful to have a spam rule set
>based on an IP address because spammers are constantly changing their ip
>Does there exist, however, a script that would integrate with mailscanner
>to identify an ip address of someone sending massive amounts of messages
>in succession to which our server only responds "user unknown" (indicating
>a spammer). Furthermore, would it be possible to dynamically take that ip
>address and immediately block or tarpit the sender for a given time.
>Is there any existing active filter that modifies the access.db on the fly
>based on failed reverse DNS lookups? would it be possible to have
>mailscanner send a message to like a 7-layer switch instructing it what
>type of message to just DISCARD.
>If there is anyone who has already implemented something like this I'd be
>interested to know.

There isn't any MailScanner-based system which counts rejections as such.
However there is code available in (look for IPBlock) which
will control the access db based on the number of connections received from
an IP address.

Take a look at that, it may well provide a close enough function to what
you are looking for.
Julian Field
Professional Support Services at
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at
Before posting, please see the Most Asked Questions at     and the archives at

More information about the MailScanner mailing list