>Maybe its worth while. Called SpamDamn > >http://www.geeklabs.com/toys.html
I am working on an advanced script that will do something similar but not by tailing the maillog nor writing rules to the firewall. The idea, still very rough, is to detect for $today, a "large" numbers of TCP "connect from" and/or MAIL FROM: @sender.domain and "greylist" those IPs or domains with 4xx rejects and send an email to the admin to judge whether to promote the block to 5xx or remove it from the blacklist (which is not the same as whitelisting). I've seen many cases suddenly one day an unfamiliar PTR domain and/or @sender.domain starts appearing in volumes. Obviously, the recipients didn't all sign up by the 10s or 100s yesterday to same legit service, so we've clearly got a spammer. Len
