I've been trying to see how to implement an automatically maintained black
list (not to be confused with an RBL...)
Basically the concept is that should I decide that any given email is
guaranteed spam, then I would want to feed some information about that email
into a black-list. This would include things like the IP address it came
from, and possibly things like the sender address/subject.
Any entry on the black-list would auto expire after a set timeout (this
could be quite short, perhaps just 20 minutes)
Should another email come in that matches anything on the current black
list, then it is blocked and the details (IP etc, as above) added to the top
of the list (the details are added as a new record as maybe some part has
changed - this allows the list to adapt to variations in the spam attempt)
The seed to initially get on this list would only be for things that are
100% guaranteed to be spam - for example we get a lot of emails in targeting
an specific local-part that does not, and never has, existed. An email to an
general unknown user what not cause the 'blacklist add' reaction, but an
email to this specific user would.
Hopefully by having the blacklist adapt to the variations in the spam
connections (often these are minor such as a change in the subject or the
target) this will help filter out a lot of rubbish before it hits more
'expensive' options such as SpamAssasin.
Does anyone have any suggestions as to how to go about this? There may be a
solution out there that already does this, I just can't seem to find one...
If this could be done without needing a DB (MySQL etc) backend then even
better - perhaps just appending entries to a text file with a timestamp on
each line and having a cron job removing old entries, or via a dbm file
which could also be maintained by a cron job.
Regards,
Keith.