On Tuesday 13 Sep 2005 21:15, Markus Eskola wrote: [...] > Just a quick question regarding the reporting... Do you guys report > all spam (including the once that SA allready caught) or only the > ones that got thru the net? > > Currently in my setup I have 3-4 diffrent users who move all the spam > that got thru into certain folders eg SPAM under IMAP. These folders > are scanned, emptied and reported once a night thru a script. > If someone has a more effectie way, I'd appreciate a hint in the right > direction.
Most of it (5.0 <= score <= 30.0) gets LARTed by a java program that goes through the "confirmed spam" IMAP folder to the contacts.abuse.net addresses for the IP address that sent to my MX, SpamCop and is also posted to NANAS. If it scores over 30 it hits a discard ACL in exim. Anything that sneaks through under 5.0 or went to a role account is also singled out for extra vindictiveness and LARTed manually to anything SpamTool missed and whois data checked very carefully for RFCI whois eligibility (and a WDPRS report). Oh, and I have a patched Mail::SpamAssassin::Plugin::URIDNSBL to pass the domain names scanned over UDP to another listening application that tests for "missing" entries in RFCI bogusmx and automatically sends the submission by email. It also sends BCCs to postmaster@ and abuse@ so that victims of "friendly fire" (through inadvertently using a CNAME for their MX rather then deliberately registering 127.0.0.1) can get unlisted. -- Rob Skedgell <[EMAIL PROTECTED]>
pgpY8xMqwqXAW.pgp
Description: PGP signature
