Jeremy Kister wrote:
> I've been subscribed to the list for about 4 months, and I searched through
> my locally saved messages for topics of this nature, but couldnt find any..
> So forgive me if someone has publicly announced this revelation.. Also
> forgive the cross-posting; I want to get a bunch of input.
>
>
> I am working on a program that will scan mail with "X-Spam-Status: Yes" in
> the header, and determine the last host who sent it to me was. I am then
> going to insert that IP into my mail system's denied host list (to give some
> permanent error to the sending host). A cron is going to run to dymajically
> determine when my mail server should start accepting mail from that server
> again.
>
> While coding, I had a thought... Would it be a good idea to Auto-White
> list/Auto-Black list Mail Servers themselves? While most of us don't have
> access to MAPS, it might be a good idea.
>
I had a similar thought a while back. I created a little perl script to
parse an input email, scanning for the first IP address it finds
(skipping anything in my local IP range, so that forwarding works). It
then adds the email, the IP address, and some other information to a SQL
database.
A second script is run from cron every 20 minutes. That script basicly
goes through the recieved spam database and builds a file for my own RBL
DNS (using rbldns by djb). There's some other features in there like
whitelisting, and the ability to manually add entire netblocks.
I used to use the RBL with sendmail, and reject at the MTA level.
Latelly, I've instead used it with SpamAssassin, and a hefty score (6.1)
> So if SA has gotten -- i dont know -- 20 legitimate emails from a certain
> host, then that host is white-listed for ~30 days (with each additional day
> getting a good email extending the expiration a day)
> if SA gets a few SPAMs, it is auto-black listed (with some expiration)
>
That's something that I'd like to add to my rblbuilder program...
support for automatically removing the address. I'd like to implement a
procedure that would penalize for immediatelly recieving spam though...
> And, not to clutter your minds, but what if we substituted the Host-Based
> AWL/ABL with Ratings? If an email came from a host in the "Good Servers"
> list, give it a score of -2; if the host is in the "Spammer Servers" list,
> give it +2.
>
Ineresting. Might help greatelly for some borderline (non-spam)
mass-mailings...
> The only downside I can see is that the allow/deny database could get quite
> big and rather quickly for bigger mail servers. But if a bigger mail server
> is using SA in the first place, they've probably got the CPU to spare.
>
My entire "spam" database is 10MB. That's after light use for about six
months, and includes the full body of all spam recieved. That data only
needs to sit on the SQL server, though.
The blacklist itself resides on its own machine. The data file itself is
16KB, and has 1134 entries (some of which are netblocks, some of which
are individual servers).
If anyone is interested, I can put my code up on a website, and post a
link to it...
--Rich
_________________________________________________________
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_________________________________________________________
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
