> You will probably need to add the virtual host keys as > well, but you certainly will be able to fake it out using > the Registry alone. No IMail EXEs will be necessary to install.
Maybe not only virtal host keys but also one for each user mailbox. Autowhite does a great job at my side here, but I would suggest the following: The current way to keep all data in numerous files es the same file-based way as declude 1.x and 2.x has done. Now with the new declude v3 service it would be great to have this functionality inside the service (or added as a module) This module could keep a RAM-based database of MAILFROM <=> MAILTO communication of the last - let's say - 7 days. A.) If the combination MFROM-MTO has had previous email communication with final weights below a certain treshold (=legit msgs) then add a negative weight for further messages (the same thing that Autowhite already does) B.) If the same MFROM has send a certain number of msgs with a final weight in the "grey zone" do something like - move the message to a temporary hold folder an check the message again after - let's say one hour - in the hope that Blacklists, InvURIBL and Sniffer has new patterns to catch the msg as spam. - send an alert to the admin as he can look what's going on with this type of messages C.) If there is some mail loop (for example if a message is send to at least two recipients using un unpatched exchange pop3-connector) this module could also identify this repeatedly send messages having the same checksum or msgs size. If there are more then x messages in - let's say - 3 hours send an alert to the administrator as he can put this mailfrom adress to the SMTP-envelope kill list until the mail loop is broken by at least one of the exchange admin's. The RAM-based database can be stored in a file if declude is shutdown regulary, so that the data is imediatly available after a restart of the service or the entire server. The database could also clean old records based on his "lastupdate-timestamp" and maybe it could also alert the admin if there is a suspicious number of "unknown viruses" or "vulnerabilities" in a certain timerange. Markus --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
