I run a mail server that accepts mail for a couple hundred domains, and we utilize qmail heavily. We are using qmail-scanner to virus scan some of the domains, as well as spam assassin. I'm in the process of integrating SA via qmail-admin (right now it's being run out of .qmail-default).
I've been thinking about ways to reduce the amount of spam making it into our network. When qmail sessions are established, you usually get the remote server's IP address in the environmental variable $TCPREMOTEIP or $TCPREMOTEADDRESS (the variable name escapes me at the moment). While I have absolutely no intentions of dropping/deleting anyone's mail based on score, is there an easy way to modify Spam Assassin to log the IP address of a "hit" individually? My theory here is if I could log the IP address from that environmental variable, I could keep statistics on hosts that send spam. If I could integrate this into a MySQL table I could time stamp the entries and make the ip address field unique. A clean up command could delete any entries that havn't been updated in the past X days, and a few select statements could show you every host that has "hit" more than X times. It'd be a good way to keep track of remote hosts that tend to send spam, and it could even be setup so that if a host IS in the table for being a spammer, we could also measure how much "legitimate" mail comes from that domain as well. Then, someone could review the data and decided if they wish to internally block that machine. I am confident there are people out there who are preventing them selves from entering blacklists, but give themselves permission to relay through their own equipment to spam. This would help crack down on that to some degree. I imagine someone may have already begun something along these lines, so I wanted to bring it up and suggest it before I start hacking at our spamc/spamd implementation. Unfortunately, in the spamc/spamd scenario, the environmental variable won't be passed to the perl daemon. However, maybe this could be done inside qmail-scanner. Maybe spamc exits with a specific error code if it gets a positive result from spamd? That might be the answer to my project.. -Jeff ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
