"Fritz Borgstedt" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Questions and Answers for users of ASSP Anti-Spam SMTP Proxy > <[email protected]> schreibt: >> For example, user sets a limit of 100, and weights HELO at 90 and >>spam bomb at 15. If a server fails HELO, the e-mail isn't rejected, >>but if it also fails spam bomb (90+15>100), then it's spam. To fail >>any single test, just set its score greater than the limit (that >>could be the default values). It seems so simple to implement, but >>anti-spam proggies are always pass/fail. PB is the first thing even >>remotely like it. > > It is not even remotely like it, it is implemented exactly in this way. > You can run the Helo and the Bombcheck in "score only" and assign > values in the PB section.
I think that the difference (from my understanding at least) that Bennett is asking for is a weighting for individual tests for individual emails. Although the PB accomplishes pretty much the same thing, it goes one step further and penalizes/bans the entire IP for a period of time, instead of just determining one individual email is spam. The advantage of the PB, is that it prohibits a spamming IP from sending emails. The "disadvantage", however, is that it may requires several spam emails from a particular IP to trigger the PB black list (depending on the config). I think Bennett's idea is definitely worth considering, although I am not entirely sure just how useful it would be. Perhaps others with more experience could weigh in on the concept. Basically, instead of leaving it to one test's failure to determine if an email is spam or not, to use multiple different tests to determine if a single email is spam. In a way, that is already implemented within the RBL - ie: if 3 out of 5 (for ex) RBLs deem the IP to be a spammer, then it fails the RBL test. The concept here would be to extend this across all tests to determine if a single email is spam. (ie: if fails RBL and fails missing MX pointer and fails URIBL then email is spam). I guess the PB could potentially be configured in such a way to use it to for weighing individual tests, and blocking individual emails, but it wasn't exactly designed for that purpose. I think the logic behind the PB is quite clever, but not entirely foolproof. Logicially, if an MTA is being used to send out several spam, it is highly likely that other emails from that MTA will be spam as well, although not guaranteed. In which case, the MTA will just keep retrying (typically 4 days I think) until the penalty expires and the emails can come through. The question remains, is the added benefit of weighing individual tests for individual emails worth the effort of implmenting it? Eric ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
