Potential use for custom SPAM action ?
DAve
dave.list at pixelhammer.com
Mon Jul 30 22:29:27 IST 2007
UxBoD wrote:
> Have been thinking what I could use this for and have this idea. Using the idea from http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:rbls:all:your_own_onemore&s=rbl how about if a certain SA score is achieved then it would write into a MySQL table the IP, time, delta seconds since last seen and count. If count > n times then write into the RBL the IP.
>
> What do you think ?
>
> Regards,
>
I am intrigued by the idea. My next big project, after our move to load
balanced services is completed, is a private RBL. We want to feed it via
MS+MailWatch.
The idea is to blacklist an IP that sends spam over a defined threshold
(activity level, score, etc), return a hard fail to the smtp connection
with a URL to the evidence. A cron job runs through the MailWatch logs
and populates a SQL db. The SQL db is queried and evidence messages
pulled from quarantine and redacted.
Sendmail does the blocking via a private RBL server.
The IP comes from the maillogs.
The threshold comes from the MS spam score.
The evidence comes from MailWatch.
I can see where the custom spam action could make this easier. I had
been doing that manually for years, the largest our accessdbs got were
several thousands of IP, many entire blocks. I eventually dropped them
all just to see who came back. It was becoming too much work to maintain
manually. We had no complaints from clients, most IPs were wannadoo,
tiscali, comcast, etc.
DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
More information about the MailScanner
mailing list