Author: Matthew Newton Date: To: Marc Perkel CC: exim-users Subject: Re: [exim] Automatic Generation of White Lists and Black Lists (DNS)
Hi,
On Tue, May 29, 2007 at 06:12:59AM -0700, Marc Perkel wrote: > I've written a new DNS whitelist/blacklist engine and have been testing
> it for about a month and it's working really well and I'm thinking about
> publishing it in the Wiki here. Maybe someone can do it even better than > This simple approach is working very well. The processing takes about 15
> seconds with 4 million lines of messages. It's thousands of times faster > Anyone interested?
That sounds fairly similar to an idea I've been thinking about for
the last few weeks, but you've beaten me to actually coding it up
;-) I was wondering about something like >99% spam = block
outright, >80% spam = add points in SpamAssassin. That should be
quite easy when creating DNS lists from the data.
I'm seeing a lot of "waves" in the spam/clamav graphs at the
moment, obviously trying to get around greylisting. If the same IP
comes back again and again (especially to different recipients)
and we keep rejecting them, then I guess it's a good indicator
they are sending junk.
Definitely interested in seeing any implementation details. Do you
connect from Exim for each incoming mail (at SMTP time), or just
parse logs later (probably faster IMO)?
Thanks,
Matthew
--
Matthew Newton <mcn4@???>
Network Support and UNIX Systems Administrator, Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <cchelp@???>