I am not doing it for the moment, I planned to do it in a near future
with a mysql database which is already used for many actions on my
server. I wanted to know what other people thought of it first. But, as
it seems, I may get many false positives with this.
What I am doing now is checking mutating HELO in IP listed in spamcop.
This seems to do it quite well.
On Thu, 17 Mar 2005 15:56:10 +0000
exim-users-request@??? wrote:
> From: Stephen Gran <steve@???>
> To: "exim-users @ exim. org" <exim-users@???>
> Subject: Re: [exim] Antispam idea
> Date: Wed, 16 Mar 2005 20:06:12 -0500
>
> On Wed, Mar 16, 2005 at 05:54:37PM +0000, Jeremy Harris said:
> > Renaud Allard wrote:
> > >Hello,
> > >
> > >I just stumbled into a small idea for preventing spambots. As it
seems
> > >many spambots like to connect multiple time from the same IP at
the same
> > >time to the server. Each instance for only one mail delivery. This
> > >implies the server is busy checking all the inputs from this very
same
> > >IP.
> >
> > As others have said, not quite enough. Correlating with
mutating-HELO
> > is currently a good tactic though. I'm doing this, triggered by
> > a helo-verify fail. Unfortunately, false-positives still include
> > EBay and Amazon.
>
> How are you doing this? storing $sender_helo_name in $acl_c0 or
> something, and then comparing again? Cool - I like it.
--
Nikademus
http://www.octools.com
.O.
..O
OOO