SMTP-time spam rejection by IP
Philip Waters
phil at ICSERV.NET
Thu Jun 10 22:16:46 IST 2004
Thank You.
In doing my research CustomConfig IPBlock was the closest I could find to
what we wanted. I don't exactly understand yet how everything fits together
(SpamAssassin, MailScanner with CustomConfig / IPBlock). I'm doing the
research for our resident expert so I'll have to pass the information along
to him. Thank you for the tip.
We were hoping (and had heard) that someone had already developed such a
script to do active scanning of IP Addresses. The SE Idaho chapter of ISSA
has a member who passed the word on that this had been done.
I don't think it would be too hard to develop something that did what we
required. My concern is performance degradation.
Thanks
Phil
There's no place like root#cd ~/
----- Original Message -----
From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, June 10, 2004 2:58 PM
Subject: Re: SMTP-time spam rejection by IP
> At 21:11 10/06/2004, you wrote:
> >I've read several documents on how it isn't useful to have a spam rule
set
> >based on an IP address because spammers are constantly changing their ip
> >address.
> >
> >Does there exist, however, a script that would integrate with mailscanner
> >to identify an ip address of someone sending massive amounts of messages
> >in succession to which our server only responds "user unknown"
(indicating
> >a spammer). Furthermore, would it be possible to dynamically take that ip
> >address and immediately block or tarpit the sender for a given time.
> >
> >Is there any existing active filter that modifies the access.db on the
fly
> >based on failed reverse DNS lookups? would it be possible to have
> >mailscanner send a message to like a 7-layer switch instructing it what
> >type of message to just DISCARD.
> >
> >If there is anyone who has already implemented something like this I'd be
> >interested to know.
>
> There isn't any MailScanner-based system which counts rejections as such.
> However there is code available in CustomConfig.pm (look for IPBlock)
which
> will control the access db based on the number of connections received
from
> an IP address.
>
> Take a look at that, it may well provide a close enough function to what
> you are looking for.
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list