[Mimedefang] Spammers who won't take no for an answer

[David F. Skoll]

On Thu, 23 Oct 2003, Joseph Brennan wrote:

> Agreed, but how do we detect this automatically?  I'd be happy to
> put them into access.db.

CanIt could do it as follows; I suppose if you were industrious, you
could code it up for MIMEDefang:

We keep a database containing the SHA1 hash of each incoming message.
We also log a database entry each time a message is rejected.  So
if a given host retries a rejected message with the same SHA1 hash
more than n times, where n is around 3-5, we could firewall off that
host for a few hours or days.  A little maintenance script could
periodically pull data out of the database and firewall off bad hosts
while unblocking hosts that have been punished long enough.

--
David.