On Wed, 10 Oct 2007, Bret Miller wrote:
sa-update does NOT feed a local blocklist generated by *my*
particular
corpus of spam emails. Think of it as the RBL equivalent of
sitewide-bayes. Or think of it as a way of SA saying "when
I get twelve
spams of score 10+ from ip 208.23.118.172...I will feed the
auto-expiring RBL, which *SENDMAIL* works off of, thus keeping my
*SPAMASSASSIN* load lower.
How do you call SpamAssassin?
If whatever calls SpamAssassin in your setup knows what IP the
connecting relay has, it can hopefully also do what you describe
above. SpamAssassin doesn't really need to support this (through
plugins or anything else) for it to be possible (and feasible).
And I did something very similar as well. The problem I found is that you
need a very large white list to avoid blocking big ISPs for a sudden flood
of spam. I ended up rejecting legitimate email far too often from the
temporary block. I still like the idea and would do it in a second if I
could change the 5xx reject to a 4xx try later type of block. But I can't'
without switching to a different MTA.
milter-greylist lets me do this (reject 4XX based on a DNSBL). I've found
it to be highly customizable, if not a bit of a memory pig.
On the other hand, if there is a "big ISP" who is sending me spam...should
they not be blocked, anyway?
-Dan
--
"Long live little fat girls!"
-Recent Taco Bell Ad Slogan, Literally Translated. (Viva Gorditas)
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
