On Fri, 31 Oct 2003 11:30:29 -0800 "Josiah DeWitt" <[EMAIL PROTECTED]> wrote:
> I just installed SpamAssassin and got it working, but it just drops or > marks spam after it has already accepted it. While this /dev/null type > behavior is great, I would rather discourage spammers by refusing the > connection period. > > I was wondering if there is a way of using spamd/spamc to reject the > spammers SMTP connection by inserting a ruleset in the sendmail.mc or > cf. I was hoping for a result similar to that of the RBL mc's. > > FEATURE(dnsbl,`dun.dnsrbl.net')dnl > FEATURE(dnsbl,`spam.dnsrbl.net')dnl > FEATURE(dnsbl,`blackholes.mail-abuse.org')dnl > FEATURE(dnsbl,`list.dsbl.org')dnl > FEATURE(dnsbl,`multihop.dsbl.org')dnl > FEATURE(dnsbl,`unconfirmed.dsbl.org')dnl > > etc... > > I imagine there might be a way to pipe the incoming data to spamc and > return a boolean response weather or not to accept the connection. In > reponse to a dropped connection it would reply with error codes and the > spam condition of the mail. As others have pointed out, by the time you've sent the content to spamc, you've already a) accepted the spammer's connection, and b) accepted the payload of his spam, meaning you've already accepted the bandwidth cost of his junk traffic. The DNSBLs help you drop the connection before the SMTP DATA phase so you don't have to bear the bandwidth cost. > Am I just fantasizing? If so where are the resourses I need to start > coding this one up? You could track the IP addresses of systems sending you spam from your mail logs, drop those into a sendmail access list, then reject (5xx) or tempfail (4xx) those systems for an hour or so, and reject more aggressively for repeat offenders. You'll probably want to bias this against legitimate mail from those addresses so you don't blacklist a lot of mail from a single spam. You could probably do this with a little perl and syslog; I'd search the web to see if someone else has already built such a beast because this sounds a lot like a site-specific version of SpamCop[1]. -- Bob [1] Whose DNS entries were mysteriously "lost" by their registrar (Joker.com) today... ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk