Author: Marc Perkel Date: To: W B Hacker CC: exim users Subject: Re: [exim] Need a little unix help
Here's what I'm doing. I'm using MyDNS which is a DNS server with a
MySQL backend and so it is close to real time. I think I figured out how
to do what I want with the client/server reporting. On the server side
I'm using xinetd to pipe the incoming text into a perl program and then
into MySQL. On the client side will be a small script that Exim will run
using netcat.
What I'm thinking is that the reporting client will send short strings:
ham 1.2.3.4
spam 5.6.7.8
honeypot 9.8.7.6
This strings will be processed on my end any update my database. Some of
it is real time. Some of it is calculaed every 5 minutes to update the
lists. Servers that send only ham make the whitelist, only spam makes
the blacklists, and mixed makes the yellowlist. It's working for me
right now and I'm working on being able to let others read it and a
select few feed data to it. I'll slowly increase the number of people
that can use it and see how it scales up. At some point others will see
how it works and want to do it big scale and do it right.
One important thing to think about is that the idea of the blacklist is
to be really accurate. But it isn't as much to catch spam, which it will
do, but to identify ham servers and eliminate false positives. I think
that this system if used widely enough will have it's biggest impact in
allowing good email to pass through and eliminate false positives for
banks and other commercial sources that never send spam.
