-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>> Do you know if are there something like the old 'Top200 SpamCop >>> Relays' 70_sc_top200 ? > > It seems to me 70_sc_top200 is an automatic rule, which > tautologically shouldn't involve any ninja at all in its updating.
YES! I've actually been working on something very similar. Instead of just using a list, it abstracts to neighboring networks (providing anticipatory scores). This is derived from SpamCop's index of high-volume spammers in CIDR /8 (class A) and CIDR /24 (class D) netblocks and assigns points to them. Basically, this is a stereotyping, assuming clusters of spammers beget spammers within systems with nearby IPv4 addresses. Note that this rule does not (yet) fire on things already indexed by SpamCop since such things already get points. The argument that such high-volume spam subnets should get increased scores anyway is interesting and should be investigated more thoroughly in the future (I haven't had any false positives yet, but YMMV). This is updated nightly in my sa-update channel at: khop-sc-neighbors.sa.khopesh.com (Generation script: http://khopesh.com/scripts/sa-sc-neighbors ) Install with something like: wget -qO - http://khopesh.com/sa/GPG.KEY |sudo sa-update --import - sa-update --gpgkey E8B493D6 --channel khop-sc-neighbors.sa.khopesh.com I'd love to see how this fares in the mass-check system... (My other channels: http://khopesh.com/Anti-spam#Custom_SA_hacks ) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAknuVbQACgkQnCRV0Oi0k9bqWwCfbxB6YvOLWIm3+0CNqqMqU6Kj iOsAn3NtIUHzobDds/MuCOFEb7aK2pQV =SSbs -----END PGP SIGNATURE-----