Robert Strickler wrote:
I've actually been working on a similar idea. The concept I have is in a few parts:Jeremy Turner [[EMAIL PROTECTED]]keep statistics for a "X strikes and you are out" milter to deny access completely for X minutes when they hit too many bad addresses or have a 0 ham to X spam ratio.
Sounds like an MTA thing, not really a SpamAssassin thing. I would pointyou to your favorite MTA for more info. No argument. A 2 second sound-byte for weeks of implementation ;) I just finished reading through the 3rd edition Sendmail bat book on milters. One of the current milters would have to be modified (feeping creaturism) or a new one created and the sequencing of milters well documented for installation so it can use the SA tagging to add to the statistics.
1) Collect statistics on incoming email. Keep track of:
-- Total number of messages from a given relay
-- Average SA score for a given relay
-- Number of invalid recipient emails from a given relay
-- Currently done through procmail and a perl script that feeds a MySQL database. Not yet implementing invalid recipients.
2) Parse the stats from above. Come up with a "score" for how spammy the relay is.
3)
-- For "non-spam" servers: do nothing.
-- For "somewhat-spammy" servers (lots of somewhat-spammy messages, lots of invalid recips, or a fair ammount of very-spammy messages): Add to a warning RBL.
-- For "very spammy" servers (repeat offenders, very spammy, lots of invalid recipts, etc.): Add to banned RBL.
4) At the smtp level, implement the warning RBL with 400-series rejects, and the banned RBL with 500-series rejects.
The main thrust of my idea is to have a proactive RBL, so that spammers get blocked immediatelly. I've already implemented the loggin portion, now I just need some time to come up with the algorithm to generate the RBLs. I think that this structure will allow for the best flexibility (independent of MTA, can be made independent of procmail by changing the logging portion, etc.).
I'm not sure how useful the RBLs themselves would be to a large group of diverse users, or if it would be most useful if maintained locally.
Once it's closer to ready for primetime, I think I'll sourceforge it, and we'll see how it goes.
--Rich
_________________________________________________________
Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746
tel: 218.262.1130
email: [EMAIL PROTECTED]
_________________________________________________________
-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
