You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Dan Mahoney, System Admin" <da...@prime.gushi.org> on 2007/10/10 22:12:40 UTC
Re: [sa-list] RE: Auto-RBL was: Why did this not hit more? (SPF,
DKIM, Ironport, X-originating-ip)
On Wed, 10 Oct 2007, Bret Miller wrote:
>>> sa-update does NOT feed a local blocklist generated by *my*
>> particular
>>> corpus of spam emails. Think of it as the RBL equivalent of
>>> sitewide-bayes. Or think of it as a way of SA saying "when
>> I get twelve
>>> spams of score 10+ from ip 208.23.118.172...I will feed the
>>> auto-expiring RBL, which *SENDMAIL* works off of, thus keeping my
>>> *SPAMASSASSIN* load lower.
>>
>> How do you call SpamAssassin?
>>
>> If whatever calls SpamAssassin in your setup knows what IP the
>> connecting relay has, it can hopefully also do what you describe
>> above. SpamAssassin doesn't really need to support this (through
>> plugins or anything else) for it to be possible (and feasible).
>
> And I did something very similar as well. The problem I found is that you
> need a very large white list to avoid blocking big ISPs for a sudden flood
> of spam. I ended up rejecting legitimate email far too often from the
> temporary block. I still like the idea and would do it in a second if I
> could change the 5xx reject to a 4xx try later type of block. But I can't'
> without switching to a different MTA.
milter-greylist lets me do this (reject 4XX based on a DNSBL). I've found
it to be highly customizable, if not a bit of a memory pig.
On the other hand, if there is a "big ISP" who is sending me spam...should
they not be blocked, anyway?
-Dan
--
"Long live little fat girls!"
-Recent Taco Bell Ad Slogan, Literally Translated. (Viva Gorditas)
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------