On Thursday, October 25, 2007, 6:27:55 AM, Matrosity wrote:
|
> |
I was wondering if reading the daily imail logfile one could determine trends that spammers use and then accumulate the IP’s of the sending servers based on the trends to populate the smtp control access list? It seems to me that from looking over my own logs I can see patterns of abuse by spammers such as sending a test batch of 20 spams to the server and other such things that are later filtered by mxguard/sniffer. My goal is more of a 90% reduction in mail processed/filtered which would substantially reduce the load on the server. Thoughts? |
Since you mention Sniffer, the new version (currently in beta V2-9b1.5) includes a collaborative IP reputation system called GBUdb. That engine keeps track of IPs and will truncate it's scanning process (virtually eliminating the SNF based CPU load for that message) whenever the IP is sufficiently bad. When that happens the engine returns a specific result code also - so you can alter any scanning that comes after SNF, if you wish.
You might give that a try.
http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Distributions#NEW_SNF_V2-9_Wide_Beta
IIRC, the Imail acl can be a challenge to use in the way you describe. If that has changed please let me know. What would be ideal is if the ACL could be modified at any time, and that IMail would automatically pick up the changes without a restart etc. It would also be good to know the limitations of the ACL since the number of entries could become quite large.
Hope this helps,
_M
