Postscreen is the code name for a new daemon that sits in front of
Postfix and that does connection-level filtering. The program is
is currently available as unsupported, non-production code.
Early results for seven days of spam were presented at the 2009
Mailserver conference in Berlin:
* Anomalies in spammer SMTP client implementations. Spammers
are in a hurry to send spam, and therefore they cut corners
in the SMTP protocol. Postscreen currently detects SMTP
clients that start talking too early.
* Parallel lookups from several popular DNS blocklists, and
the relative proportions of email that these lists flagged
as spam.
* Geolocation and time-of-day patterns for spam connections to
servers in Europe and the USA (the analysis is done off-line).
You can find an overview of postscreen, and some pictures of early
results, at http://www.porcupine.org/postfix-mirror/wip.html (and
soon on Postfix documentation mirror websites).
Wietse
