Per Jessen wrote:
Marc Perkel wrote:
If you're keen to share your development, why don't you explain to us
how it works?
/Per Jessen, Zürich
The details are a little to complex for this forum but the new trick
is mostly based on the fact that spam bots general don't issue the
QUIT command and when combined with other factors allows me to catch
spam bots on the first try.
Perhaps someone can turn this into a rule for SA to add some points.
The mail-server that detects the missing QUIT could easily add a header
which SA would then pick up on. But it might depend on what
those "other factors" are.
/Per Jessen, Zürich
It might be a good rule for SA except for one problem. SA doesn't have
any way to detect the lack of the QUIT. Even in Exim the message being
received is done after the last period is sent. So you can't attach any
kind of information about quit to the message.
What I'm doing is using Exim's ACL variables in the NOTQUIT acl to feed
information into my blacklist database so that my servers and anyone
using my blacklists know to just rop the connection the next time.
Generally I have already detected the message as possible spam by that
point but when I combine it with the lack of a quit then it gets
promoted to blacklist status.