Potential use for custom SPAM action ?

[DAve]

UxBoD wrote:
> Have been thinking what I could use this for and have this idea.  Using the idea from http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:rbls:all:your_own_onemore&s=rbl how about if a certain SA score is achieved then it would write into a MySQL table the IP, time, delta seconds since last seen and count. If count > n times then write into the RBL the IP.
> 
> What do you think ?
> 
> Regards,
> 

I am intrigued by the idea. My next big project, after our move to load 
balanced services is completed, is a private RBL. We want to feed it via 
MS+MailWatch.

The idea is to blacklist an IP that sends spam over a defined threshold 
(activity level, score, etc), return a hard fail to the smtp connection 
with a URL to the evidence. A cron job runs through the MailWatch logs 
and populates a SQL db. The SQL db is queried and evidence messages 
pulled from quarantine and redacted.

Sendmail does the blocking via a private RBL server.
The IP comes from the maillogs.
The threshold comes from the MS spam score.
The evidence comes from MailWatch.

I can see where the custom spam action could make this easier. I had 
been doing that manually for years, the largest our accessdbs got were 
several thousands of IP, many entire blocks. I eventually dropped them 
all just to see who came back. It was becoming too much work to maintain 
manually. We had no complaints from clients, most IPs were wannadoo, 
tiscali, comcast, etc.

DAve

-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.