Greg Swift wrote: > (http://www.zdziarski.com/projects/rabl/), and ClamAV. DSPAM scans the > msg for spam and virus(linking to clamav) and if it tags the message as > spam it sends RABL a notice about that customer's spamminess. Once the > user reaches a threshold (right now about 50 notices) RABL blacklists > them (default 6 hours). The nice thing about this concept is that its > automatic, and all the customer has to do is clean their machines and > then when 6hrs hit they are back to normal, until they get infected > again (or if they didnt suceed). > > But i don't know where to go from there, or if that is even the best way > to do that. Does anyone have any suggestions or anything?
In my humble opinion, 1) fifty warnings is far too lenient, and 2) six hours is far too short. To cause your customers to change behaviour you must cause them pain - this is basic Skinner conditioning. Cut off on one solid detection, don't re-enable until after they manually complain (and explain to them why your automatics need to protect the rest of the world from from their badly-administered systems), and then don't enable for another 12-24 hours (like, when it's convenient for your dayshift. Don't put it on automatic, that isn't painful enough for you *either*). - Jeremy -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
