-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Stewart, John writes: > I'm not sure if this would be something that SpamAssassin could do, or if it > would need to be integrated into amavisd-new, for those of us using that > excellent tool. > > (BTW, I just wanted to say 2.60 is the bee's knees. Bayes learning seems to > be even more improved than the already good 2.55 learning) > > One thing that might be very useful is for every email coming through that > is scanned, to log not only the spam level (which is already done with > amavisd-new, and I would assume for those using spamd) but the previous hop > of the SMTP servers that email traversed. > > This might be done by a configuration option which sets your external > gateway (and SA can parse out the previous SMTP server), so SA would know at > what point the SMTP servers are "trusted", or it would suffice to simply log > the last N SMTP servers in the logfile. > > With this information logged, another tool could be written (and which I'd > like to play with doing, if no one has as yet) which would track the number > of spams delivered from each specific IP. > > Then you could proavtively turn off this IP at your gateway. Sure, X number > of spams (5? 10? 100?) get in, but after that, this trojaned box, or open > relay, or whatever, no longer can get to your mail gateway for some amount > of time. You could stop access for an hour, a day, a week, whatever suits > your fancy. > > Even if you cut it off for just an hour, you could stop a lot of spam, while > letting any legit email through. The spammer is not likely to queue up mail > to retry, which legitimate mail would queue and only be delayed. > > I'm sure SA must parse each of the Received headers to determine the SMTP > servers, so at some point this information is available. Would it be > possible to get this information logged somehow with the spam level? John -- you can add this to the headers of the messages using 'add_header': _RELAYSTRUSTED_ relays used and deemed to be trusted _RELAYSUNTRUSTED_ relays used that can not be trusted You want _RELAYSUNTRUSTED_. getting that into the syslog, though, is not yet supported -- but would be handy.... - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh CVS iD8DBQE/lvF5QTcbUG5Y7woRAqj3AJwMNgToktGESPP7ZD14zlTFne5sbACfTlpp 8lIlB6KmQ44cCGm/xN28u4k= =7htB -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
