[Mimedefang] Spammers who won't take no for an answer
David F. Skoll
dfs at roaringpenguin.com
Thu Oct 23 09:22:21 EDT 2003
On Thu, 23 Oct 2003, Joseph Brennan wrote:
> Agreed, but how do we detect this automatically? I'd be happy to
> put them into access.db.
CanIt could do it as follows; I suppose if you were industrious, you
could code it up for MIMEDefang:
We keep a database containing the SHA1 hash of each incoming message.
We also log a database entry each time a message is rejected. So
if a given host retries a rejected message with the same SHA1 hash
more than n times, where n is around 3-5, we could firewall off that
host for a few hours or days. A little maintenance script could
periodically pull data out of the database and firewall off bad hosts
while unblocking hosts that have been punished long enough.
--
David.
More information about the MIMEDefang
mailing list