I'm not sure if this would be something that SpamAssassin could do, or if it would need to be integrated into amavisd-new, for those of us using that excellent tool.
(BTW, I just wanted to say 2.60 is the bee's knees. Bayes learning seems to be even more improved than the already good 2.55 learning) One thing that might be very useful is for every email coming through that is scanned, to log not only the spam level (which is already done with amavisd-new, and I would assume for those using spamd) but the previous hop of the SMTP servers that email traversed. This might be done by a configuration option which sets your external gateway (and SA can parse out the previous SMTP server), so SA would know at what point the SMTP servers are "trusted", or it would suffice to simply log the last N SMTP servers in the logfile. With this information logged, another tool could be written (and which I'd like to play with doing, if no one has as yet) which would track the number of spams delivered from each specific IP. Then you could proavtively turn off this IP at your gateway. Sure, X number of spams (5? 10? 100?) get in, but after that, this trojaned box, or open relay, or whatever, no longer can get to your mail gateway for some amount of time. You could stop access for an hour, a day, a week, whatever suits your fancy. Even if you cut it off for just an hour, you could stop a lot of spam, while letting any legit email through. The spammer is not likely to queue up mail to retry, which legitimate mail would queue and only be delayed. I'm sure SA must parse each of the Received headers to determine the SMTP servers, so at some point this information is available. Would it be possible to get this information logged somehow with the spam level? johnS ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
