... continued
As I said in my last mesage. The High MX no quit spambot detectors will
send UDP messages to a receiving server that listens for these messages
and processes them into blacklists.
What I'm doing is just using SOCAT to listen. But doing it right you
might want to use a real database. But maybe not. My flat text files
work very well. So I will describe them and let you smart coders figure
out how to do it right.
The message would be in a one line form something like:
spam 1.2.3.4 noquit badhelo highmx
black 2.3.4.5 noquit impesonate highmx badhelo hexhelo
The idea is to send a keyword, the IP, and other useful information. On
my system I accumulate this in a text file. Every 6 hours I rotate the
text file similar to logrotate creating a new one and deleting the
oldest one. Thus after 5 days old data expires. So if someone fixes
their virus they will be delisted 5 days later.
The central message receiver will also have a process that runs every
minute and updates in real time varios rbldnsd lists making this
blacklist information available to the world within minutes after the
first spam from the first spambot is received.
To do it right this system is integrated with my white, yellow, and nobl
lists which subtract out any false positives to help make sure that the
blacklist is as clean as possible. And this can also be used to
accumulate white list and yellow list data as well.
These lists, especially when combined with black, white, and yellow can
be used with spamassassin to make spam filtering more efficient. It can
be used by the MTA to prefilter reducing the use of SA, or to improve
the accuracy or speed of SA.
Anyhow - I'm hoping I described this in enough detail to get something
going. All I can say is that it works great for me and would be even
more effective if it were done right and more people were contributing
data to the project.
