On Sat, 9 Oct 2004 15:41:37 -0600 (CST) Ryan Thompson <[EMAIL PROTECTED]> wrote:
> Robin Lynn Frank wrote to users@spamassassin.apache.org: > > > We use SA 3.0.0 with MySQL so we can extract certain AWL data and > > use it at the MTA level. However, since SA doesn't have an > > auto-blacklist feature, > > Hi Robin, > > Actually, "AutoWhiteList" (AWL) is a bit of a misnomer. AWL maintains > average message scores for sender/class-B tuples, so, in effect, it is > also an auto blacklist, because repeat spam senders will have high > average scores in the AWL database. > > > I'd like to find a relatively simple way to extract IP addresses > > from emails that contain spam. If it is of any importance, we > > invoke SA via amavisd-new. > > See, for instance, the check_whitelist script in the tools/ directory > of the distribution. I get output like this: > > -4.5 (-35.6/8) -- [EMAIL PROTECTED]|ip=64.59 > 9.3 (27.9/3) -- [EMAIL PROTECTED]|ip=65.39 > > The first line is for a user that sends ham, so his/her score on > future messages would be pushed closer to -4.5. > > The second line is for a user that sends spam, so, if they sent a more > hammy message later, the AWL would likely *add* points to the message, > while decreasing the average slightly. > > It works both ways. If you want to use this at the MTA level, I could > envision you wanting to grab, say, every entry over a certain average > score and potentially greylist based on that or something. > > Hope this helps, > - Ryan > Yes it does. The only thing I see that is a problem is that the IPs appear to be /16s. /24s would be a broad enough brush to paint with. Back to the drawing board. -- Robin Lynn Frank Director of Operations Paradigm-Omega, LLC http://www.paradigm-omega.com ============================== Sed quis custodiet ipsos custodes?
pgpZtWxbE2FED.pgp
Description: PGP signature