Re: [Exim] Tarpit spam

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Marc Perkel, exim-users
Subject: Re: [Exim] Tarpit spam
At 6:26 -0700 2003/05/13, Marc Perkel wrote:
>I think I'm going to use this and try it out. Except that I'm going to
>use ACCEPT because these lists are often not accurate.


what about using these lists to increase the score of an smtp transaction?
At the moment I am only using two of these with a certain weight in
the transaction score (I have both a rcpt and a whole transaction
score), but I will soon add the riskier ones with a lower weight.

Since I mentioned it, the score is actually based on a N-dimensional flag, the
flag then will have a certain distribution in an N-dimensional space,
it would be interesting to analyse the distribution and find an
optimal (perhaps non-linear) weight function to minimise the false
positives.
Am I that serious?

Giuliano

>Konrad Michels wrote:
>
>>You need something akin to this - although the delay bit is optional . .
>>.:
>>
>>deny    message         = rejected because $sender_host_address is in a
>>blacklist at $dnslist_domain\n$dnslist_text
>>         dnslists        = sbl.spamhaus.org=127.0.0.2
>>         delay           = 4m

>>
>>deny    message         = rejected because $sender_host_address is in a
>>blacklist at $dnslist_domain\n$dnslist_text
>>         dnslists        = opm.blitzed.org=127.0.0.2
>  >        delay           = 4m

[...]