Mark Delany wrote:
>>If any emails come into these seeded addresses then we register some info
>>about that email with the RBL.
> Which info would you record? The forged envelope sender or the unwitting
> third-party relay?
1) IP address of the remote host and 2) From / Subject / To ?
The thing spammers are least likely to much with is the subject. But if you
recorded all 3 you could do a reasonably quick "intelli" match on other
emails from that host.
>>sending emails (not practical) if sending direct to MX. If they use an open
>>relay then it'll quickly kill off connections from that machine - but we would
>>need to build in a TTL since the last spam registered from that host (e.g.
>>12 or 24 hours).
>>
>>So, Why wouldn't this work?
> Because most open relays are not well administered, if at all. All you'd
> succeed in doing is RBLing most open relays.
> But, we already know who they are (or did with dorkslayers et al) and can
> block them without the need for an elaborate scheme.
No, I don't think you've grasped the concept. If I received an email to
a seeded address then Qmail-? would immediately update the "RBL" with 1&2
above.
Then when the spammer gets around to spamming mira.net customers your "RBL"
check will kill it mid flight.
It's a co-operative thing where only the first few emails will get through
and 99% of subsequent emails (from this spammer) will be blocked at
the co-operating MTA.
> Probably spamtools is the place for this discussion as the politics of
> dealing with open relays is the controvery not the technology and it has
> nothing specific to do with qmail.
Yes it isn't Qmail specific at all, I was just responding to Dan's suggestion
for something that would work.
Paul.
--
Email pgregg at tibus.net | Email pgregg at nyx.net | Eight out of every
Technical Director | System Administrator | five people are math
The Internet Business Ltd | Nyx Public Access Internet | illiterates.
http://www.tibus.net | http://www.nyx.net | - Anon.