I have written a plugin that is currently named naughty. The POD has a good description of what it does and how it works. You can read the POD here:
https://www.tnpi.net/internet/mail/naughty.html The plugin is very effective at blocking spam and it has reduced my CPU load enough to be measurable on munin graphs (which aren't exactly granular). Read the POD at the URL above to see how and why. The plugin has one teensy tiny problem. Because it penalizes servers that send spam, it occasionally penalizes a "mostly good" server. In a week of running, it has done this exactly twice, and the two servers it nabbed are mx.develooper.com and mx2.freebsd.org. Both are servers that send lots of ham, and occasionally, some spam. I see a couple options. a) Whitelist the "mostly good" servers that get penalized. While that would be easy, it requires manual effort on the part of the sysadmin, and users will likely lose valid mail. b) Keep track of senders who send us ham. Then we have lots of options. We can allow mail from "mostly good" senders, randomly defer their connections with a "We like you, but you're sending spam" error, or any number of other ways to deal with them. c) Other? The data store for naughty is currently a database of key/value pairs. The key is the remote IP (in integer form) and the value is a timestamp. That's all that's needed for naughty to function. To track naughty and nice senders, I'm imagining the DB would need counters to track of the number of ham and spam messages received from that server. Or even a single signed integer, where anything above zero is bad and below zero is good. The only other thing needed is a reliable way to detect that incoming mail is ham. For my server, I'll use 'dspam reject agree', so that if SA & dspam agree that it's ham, then the naughty plugin increments the nice counter. When new connection arrive, they would be blocked based on their karma (the weighting of naughty -vs- nice emails) they send. I'm fishing for other ideas, better ideas, or experience (we tried that, and these are the results) you can share. Thanks, Matt ````````````````````````````````````````````````````````````````````````` Matt Simerson http://matt.simerson.net/ Systems Engineer http://www.tnpi.net/ Mail::Toaster - http://mail-toaster.org/ NicTool - http://www.nictool.com/ `````````````````````````````````````````````````````````````````````````