On Fri, 19 Jun 2020, micah anderson wrote:
So, what can I do to tweak these rules to score things up more, specifically the rules that provide a low false positive rate[1]. This seems something that should be done programmatically, and not manually. It seems like what 'masscheck' maybe does generically for all rules for all installations, but can I use that to just adjust our rules for our particular breed of spam that comes through?
How about: analyze your spamtrap for recent source IP addresses on a quick schedule (hourly?) and drive a local DNSBL from IPs seen more than 2-3 times in the last 24-48 hours?
Potentially relax it a bit by collecting on /30 or /28 netblocks instead of individual /32 IP addresses.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [email protected] FALaholic #11174 pgpk -a [email protected] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Britain used to be the most powerful empire in the world. Now they're terrified of pocketknives. How the mighty have fallen. -- Matt Walsh ----------------------------------------------------------------------- 138 days until the Presidential Election
