> With this information logged, another tool could be written (and which I'd > like to play with doing, if no one has as yet) which would track the number > of spams delivered from each specific IP. > > Then you could proavtively turn off this IP at your gateway. Sure, X number > of spams (5? 10? 100?) get in, but after that, this trojaned box, or open > relay, or whatever, no longer can get to your mail gateway for some amount > of time. You could stop access for an hour, a day, a week, whatever suits > your fancy.
You might want to correlate this against the number of non-spam emails from that address as well. Otherwise you might block a major ISP because a ton of spam is bounced through them (which may or may not be what you want to do...?) Having the non-spam number would at least allow you to block those who send nothing but spam with a higher confidence than IP's who send a mixed bag ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
