On Sat, 3 Sep 2011, Peter Nitschke wrote:
Greylisting would just mean the first one would be delayed - the rest would
go through as they are identical emails.
If they are identical (same from, same to, same source IP), all copies
would be delayed for the configured greylisting period after the first one
was seen.
And if the spammer doesn't retry delivery, so much the better.
I would be looking to use Fail2ban as a solution depending on what your
logs show.
That is another possible option. The delays introduced by greylisting
would help make this even more effective - if the log watcher sees the
same ip/from/to multiple times in a minute in the greylist delay log
entries, then the IP can be banned for a day, but again, if the sender
doesn't retry, greylisting alone will suffice.
*********** REPLY SEPARATOR ***********
On 2/09/2011 at 12:14 PM John Hardin wrote:
On Fri, 2 Sep 2011, Steve wrote:
I wonder, would it be possible to reject an email identical (same
originating IP; same addressee; same subject) to an email received in
the last minute, say, that had a spamassassin score of over 30? If I
could find a way to do that, I could reduce the volume of spam I have to
process/store by a factor of about 8.
You might consider greylisting.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
14 days until the 224th anniversary of the signing of the U.S. Constitution
