Email from spammers typically causes a large number of bounces. Why not do something like the following:
1) Register an email address [EMAIL PROTECTED] which forwards to a script, eg: "| /usr/local/bin/countbounces" 2) countbounces counts the number of bouncing messages from each source, by IP address, within the last 24 hours or so. 3) If the # of bounces from a particular server reaches a threshold (say, 50) AND the percentage of emails from that server which are bounces reaches a threshold, (again, say 50%) then the IP address of that mail server is blocked for, say, 24 hours via firewall rules or updates to /service/smtpd/tcp. These thresholds would certainly be subject to some tweaking. What do you think about this? Perhaps a clustering technique could be used so that mail servers could communicate IP addresses of offending mail servers to minimize the effect(s) of spammers...? -Ben ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
