On 15-Apr-06, at 9:28 PM, Max Clark wrote:
As I have been watching my qpsmtpd logs I have noticed that regardless
of how high I set the max connections (currently 100 with 5 max from
ip) we seem to consistently run steady at the limit. It has made me
wonder how many of these connections are garbage and could be avoided
all together.
I am thinking about running some analysis on the remote hosts to
identify for each ip, host, and domain how many messages have been
received that were identified to be spam, virus, or clean mail. The
idea would be to then take this information and create a ratio - if
the threshold is crossed then the remote ip, host, and/or domain would
be blacklisted/greylisted for a period of time.
What do you think, is there value in this approach?
Most definitely. It's used a lot in the anti-spam "industry".
In fact wasn't that the basis of one of the plugins I wrote for the
qpsmtpd article on O'Reilly?
Matt.
