On Fri, 2015-03-13 at 13:12 -0700, Gordon Messmer wrote: > On 03/13/2015 08:58 AM, Lindsay Haisley wrote: > > > > I will welcome any corrections, improvements or comments on this code. > > 1: I'm pretty sure the patch can be made much smaller by simply changing > "sender" to the network address when use_blocks is True.
I opted to retain all the information in the return value from getSendersMta() and pull the v4 address out of it. I suppose there's another call which returns the straight IP address. I didn't check > 2: Using regex to deal with addresses is kinda gross. Well..., yes ;) How would you isolate the first 3 octets of the IP address without using the python re module? If this could be used in place of the return from getSendersMta() then the code could be structured as before, which is considerably simpler. I've found, though, that the full string returned from getSendersMta() is _very_ useful in log analysis. I've been building a dynamically maintained database of spam sources by manually grepping for "Too many" in the log file and doing a whois on the identified full IP addresses. It's a lot of work, but this database is already cutting back substantially on the amount of spam which makes it past our other filters. My guess is that 90% of the commercial spam on the Internet originates from about 200 servers. > 3: Patch doesn't support IPv6. Which reminds me that I need to write > some code to fix other IPv6 handling deficiencies with smtpaccess. That's very true. A couple of points on this, as regards ratelimit.py. Courier on my servers is IPv6 enabled, and addresses are posted to the log in the form "::ffff:a.b.c.d", a hybrid notation which I think is deprecated at this point, although it works. The regexp in my patch takes this into account. The second point is that I have yet to see spam coming in over a pure IPv6 address, which is understandable considering that I don't publish an MX record pointing to an AAAA record. We know that spammers frequently use a collection of v4 addresses within a /24 block in the course of a single spew, which makes this patch useful. What's the equivalent for IPv6 addresses? Is spamming over IPv6 common enough that it's possible to see a similar pattern? I'd emailed you personally about this earlier, but didn't hear from you and I figured it was best, if I wanted this feature, to go ahead and get the ball rolling myself since I know python and your code is clearly written and commented. Thanks! -- Lindsay Haisley | "UNIX is user-friendly, it just FMP Computer Services | chooses its friends." 512-259-1190 | -- Andreas Bogk http://www.fmp.com | ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
