Same Idea here. Better stop them with SMTP then looking at the mail and stop it then. We use Ironport and their reputation filter and it's stops over 95% just with their database. Last week: 97% (~500k Mail) stopped by reputation filter (and so nearly no load at all on the box) 2% detected as spam 1% passed to IMail/Declude/Sniffer :) The only problem is the price for Ironport :-/ we use it for our own domains, but our customers cry, when I tell them the price. Alex
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Matrosity Hosting Gesendet: Donnerstag, 25. Oktober 2007 14:29 An: [email protected] Betreff: RE: [IMail Forum] access list Hey Pete, That would be after mail was received though. I'm interested in saving the bandwidth that we all pay for to receive spam. Thanks, Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Thursday, October 25, 2007 6:57 AM To: Matrosity Hosting Subject: Re: [IMail Forum] access list On Thursday, October 25, 2007, 6:27:55 AM, Matrosity wrote: > I was wondering if reading the daily imail logfile one could determine trends that spammers use and then accumulate the IP's of the sending servers based on the trends to populate the smtp control access list? It seems to me that from looking over my own logs I can see patterns of abuse by spammers such as sending a test batch of 20 spams to the server and other such things that are later filtered by mxguard/sniffer. My goal is more of a 90% reduction in mail processed/filtered which would substantially reduce the load on the server. Thoughts? Since you mention Sniffer, the new version (currently in beta V2-9b1.5) includes a collaborative IP reputation system called GBUdb. That engine keeps track of IPs and will truncate it's scanning process (virtually eliminating the SNF based CPU load for that message) whenever the IP is sufficiently bad. When that happens the engine returns a specific result code also - so you can alter any scanning that comes after SNF, if you wish. You might give that a try. http://kb.armresearch.com/index.php?title=Message_Sniffer.GettingStarted.Distributions#NEW_SNF_V2-9_Wide_Beta IIRC, the Imail acl can be a challenge to use in the way you describe. If that has changed please let me know. What would be ideal is if the ACL could be modified at any time, and that IMail would automatically pick up the changes without a restart etc. It would also be good to know the limitations of the ACL since the number of entries could become quite large. Hope this helps, _M To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ ________________________________ Siller AG, Wannenaeckerstrasse 43, 74078 Heilbronn Vorstand: Prof. H.-F. Siller (Vorsitzender), Joern Buelow, Ralf Michi Aufsichtsratsvorsitzender: Armin Sohler Reg. Gericht Stuttgart, HRB 107707, Ust-Id Nr. DE145782955
