I've been trying to see how to implement an automatically maintained black list (not to be confused with an RBL...)
Basically the concept is that should I decide that any given email is guaranteed spam, then I would want to feed some information about that email into a black-list. This would include things like the IP address it came from, and possibly things like the sender address/subject. Any entry on the black-list would auto expire after a set timeout (this could be quite short, perhaps just 20 minutes) Should another email come in that matches anything on the current black list, then it is blocked and the details (IP etc, as above) added to the top of the list (the details are added as a new record as maybe some part has changed - this allows the list to adapt to variations in the spam attempt) The seed to initially get on this list would only be for things that are 100% guaranteed to be spam - for example we get a lot of emails in targeting an specific local-part that does not, and never has, existed. An email to an general unknown user what not cause the 'blacklist add' reaction, but an email to this specific user would. Hopefully by having the blacklist adapt to the variations in the spam connections (often these are minor such as a change in the subject or the target) this will help filter out a lot of rubbish before it hits more 'expensive' options such as SpamAssasin. Does anyone have any suggestions as to how to go about this? There may be a solution out there that already does this, I just can't seem to find one... If this could be done without needing a DB (MySQL etc) backend then even better - perhaps just appending entries to a text file with a timestamp on each line and having a cron job removing old entries, or via a dbm file which could also be maintained by a cron job. Regards, Keith. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
