-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Vincent Fleming wrote: > One thought I had was to use UDP datagrams (low overhead, no errors to > handle) to report the scores to a daemon that would track them, and > decide if an ipaddr needed to be blacklisted, ages and removes blacklist > entries, and updates the dns database. I guess this architecture would > not have to change if the scores came from a Perl plugin to spamd, > rather than the milter... It may be obvious, but just to mention it for completeness sake: Basically, you could not only give the result back to the milter, but to a regular SA test as well. > I guess I should poll the users@ list to see how many people would > rather have realtime auto-blacklisting vs. a daily logparsing style. I > like the idea of realtime because I can effectively age the entries and > delist them during the day, rather than at day's end, but I suppose > there isn't a really significant difference there in the end. I'd go for realtime (or at least something like hourly logparsing). For me, daily logparsing turned out to be fine for tuning rules/scores or identifying new bad blocks semi-manually, but I miss a more direct feedback loop (mainly for speedy updates). There would be many uses for a "SA result collector plugin" (eg for reputation systems), so it may make sense to plan a generic approach (a simple protocol to transfer IP, score and maybe [hash of] Message-Id and tests hit, with some simple authentication). Yes, I'd be interested in something like that for dnswl.org... - -- Matthias -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGKw08xbHw2nyi/okRAo8xAJ90ZGDV6XysuSvMq+t720vqo32jfACdFkld L3jFu1uN6wcfZyXKFnDO3KE= =nGit -----END PGP SIGNATURE-----
