Dear All,
I have spent some time searching for something I assumed existed,
which is a method of detecting when large quantities of the same message,
or messages with nearly the same content (body & subject) are passing
through an MTA within a specified time period. It seems to me this could
be a useful way to detect not only spam but other types of problems as
well - error conditions, mail bombs, etc. Clearly, one could not block
such messages until a certain number of them had already been delivered,
but still it could be useful. A whitelist function would obviously be
used to allow legitimate traffic, but otherwise a threshold could be set
and when enough messages with the same or mostly the same body content
are detected, any further could be quarantined or tagged.
Just curious if anyone knows of any method of doing this, either
with spamassassin or with another tool.
Thanks.
