Ok, I have been looking at this closer now. The SMTP-MaxErrors would be a big help, but ... :( I am guessing that it will implemented to be checked in the smtpsrv processing. And since I am using filters.out.tab processing I won't have a chance to bump the error count.
Am I correct in my new understanding of the filter processing that the filter.out.tab is processed after all the smtp processing? It sure looks like it. So I have another request. Would it be possible to add a couple more macros to the filter.[pre|post]-data.tab processing? What I am most interested is the email address the message was sent to. I don't think the from address has any real value, they are faked too often on junk, but someone would probably want that as well. I know the rcpt address is in the message file, and may resort to parsing it out of there. First glance looked like it would require more then just reading the 5th line of the file and doing a string compare. Was there a reason for not implementing these macros for the pre|post filters? Since the filters are at the data point all the header information is available, isn't it? Or have I misread something in there? Thanks Phillip (and the SMTP-MaxErrors is already in my server.tab, just waiting for something to use it :)) -----Original Message----- From: Davide Libenzi [mailto:[EMAIL PROTECTED] Sent: Mon 12/27/2004 1:12 PM To: xmail@xmailserver.org Cc: Subject: [xmail] Re: Spam blocking filter On Mon, 27 Dec 2004, Shiloh Jennings wrote: > Dictionary attack detection is something I really wish XMail could = > natively > do. ModusMail was a package we used prior to XMail. It could detect = > and > temporarily ban an IP address for a set period of time. It actually = > helped > a lot. You do not want to permanently ban such IP addresses, because = > some > dictionary attacks do get relayed through legit hosts/ISPs from hijacked > email accounts from time to time. Permanently banning the IP addresses = > will > eventually cause your email server to block a lot of legit email. The > feature in ModusMail let you set a duration for the block in additional = > to a > threshold for activating such a block. There were a lot of things about > ModusMail I did not like, but that dictionary attack detection stuff was > actually really cool. A new "SMTP-MaxErrors" inside the server.tab file. I let you immagine what it does ;) - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] -- Binary/unsupported file stripped by Ecartis -- -- Type: application/ms-tnef -- File: winmail.dat - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
