Pascal Nobus wrote: > I've got some really good spamtraps (around 20), which work very well to > harvest spam. > However, if I check my logs, I see that mail from IP-X which sent mail > to spam-trap also sends about 10 other emails to our system. > Then that IP isn't used anymore (for at least a month). > > > So what I need is: > Tool that grabs the IP from the user that sends email to spamtrap. > Block this IP. > Remove this IP after 24-48h. > > Can this be done with making use of assp WITHOUT having to regenerate > the spamdb?
You can utilize a regex like the bomb(Header)Re and the PB (with appropriate thresholds and valence scores) to temporarily or pertinently block IP addresses. You could use other scored aspects of the PB as well, but I use the bombRe to instantly block an IP. Personally, I use the bombRe with a high valence score that matches the PenaltyExtreme threshold so that I can add the IP to the exportExtremeFile - which I have pointed to the denySMTPConnectionsFrom file - so I permanently block matches. If someone needs to be removed from the block file, I can do it manually. I have my config balanced well enough that I have yet had to do that. In my config, if you match my bombRe - you're banned. ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
