SMTP-time spam rejection by IP
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Fri Jun 11 09:43:03 IST 2004
Have a look at Vispan ( http://www.while.homeunix.net/mailstats/
<http://www.while.homeunix.net/mailstats/> ). It does IP blacklisting of
virus senders / spammers on the fly.
Far too many sites are broken with respect to reverse DNS lookups (even us,
blush) to even consider using that as a tool.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
_____
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Philip Waters
Sent: 10 June 2004 21:12
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: SMTP-time spam rejection by IP
I've read several documents on how it isn't useful to have a spam rule set
based on an IP address because spammers are constantly changing their ip
address.
Does there exist, however, a script that would integrate with mailscanner to
identify an ip address of someone sending massive amounts of messages in
succession to which our server only responds "user unknown" (indicating a
spammer). Furthermore, would it be possible to dynamically take that ip
address and immediately block or tarpit the sender for a given time.
Is there any existing active filter that modifies the access.db on the fly
based on failed reverse DNS lookups? would it be possible to have
mailscanner send a message to like a 7-layer switch instructing it what type
of message to just DISCARD.
If there is anyone who has already implemented something like this I'd be
interested to know.
There's no place like root#cd ~/
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
<mailto:jiscmail at jiscmail.ac.uk>
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ <http://www.mailscanner.biz/maq/> and the
archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
<http://www.jiscmail.ac.uk/lists/mailscanner.html>
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20040611/25a4b849/attachment.html
More information about the MailScanner
mailing list